Jump to content

snodes

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Maurice, thank you so much for your help - I'll get on with the clean-up work. Snodes
  2. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:18:43, on 29/08/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?&.s...ntl=uk&rl=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [bTAgile] C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 6324 bytes Malwarebytes' Anti-Malware 1.40 Database version: 2712 Windows 6.0.6001 Service Pack 1 29/08/2009 13:17:52 mbam-log-2009-08-29 (13-17-52).txt Scan type: Quick Scan Objects scanned: 90770 Time elapsed: 5 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) /--------------------------------------------------------------\ | Trend Micro System Cleaner | | Copyright 2009-2010, Trend Micro, Inc. | | http://www.trendmicro.com | \--------------------------------------------------------------/ 2009-08-28, 19:48:33, Auto-clean mode specified. 2009-08-28, 19:48:33, Running scanner "C:\DCE\TSC.BIN"... 2009-08-28, 19:48:44, Scanner "C:\DCE\TSC.BIN" has finished running. 2009-08-28, 19:48:44, TSC Log:
  3. Thanks again Maurice, I won't be able to do this for a few days but will run at the end of next week.
  4. ComboFix 09-08-18.04 - The Snowdons 19/08/2009 20:03.1.2 - NTFSx86 Microsoft
  5. Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\Windows\system32\drivers\SKYNETpfnobsxb.sys" deleted successfully. File "C:\Windows\system32\SKYNETriwdkeye.dll" deleted successfully. File "C:\Windows\system32\SKYNETitmhrfex.dat" deleted successfully. File "C:\Windows\system32\SKYNETvpjedeqn.dll" deleted successfully. File "C:\Windows\system32\SKYNETxpoiqjup.dat" deleted successfully. Error: file "C:\Windows\system32\SKYNETwsp.dll" not found! Deletion of file "C:\Windows\system32\SKYNETwsp.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\System32\drivers\a285ucso.sys" not found! Deletion of file "C:\Windows\System32\drivers\a285ucso.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Driver "SKYNETstglbkdq" deleted successfully. Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\a285ucso" not found! Deletion of driver "a285ucso" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net Rootkit scan 2009-08-18 19:16:05 Windows 6.0.6001 Service Pack 1 ---- System - GMER 1.0.15 ---- INT 0x52 ? 86025BF8 INT 0x62 ? 86025BF8 INT 0x62 ? 86025BF8 INT 0x62 ? 86025BF8 INT 0x62 ? 86025BF8 INT 0x82 ? 86025BF8 INT 0xA2 ? 8428DBF8 INT 0xA3 ? 86025BF8 INT 0xB2 ? 8428DBF8 INT 0xB2 ? 8428DBF8 INT 0xB2 ? 86025BF8 INT 0xB2 ? 8428DBF8 INT 0xB3 ? 86025BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? system32\drivers\qtlt.sys The system cannot find the path specified. ! ? System32\Drivers\spxq.sys The system cannot find the path specified. ! .text USBPORT.SYS!DllUnload 8814446F 5 Bytes JMP 860251D8 .text akvuxe3p.SYS 8CD75000 22 Bytes [26, E2, E0, 81, 10, E1, E0, ...] .text akvuxe3p.SYS 8CD75017 67 Bytes [00, 32, 17, 7A, 80, 3D, 15, ...] .text akvuxe3p.SYS 8CD7505B 77 Bytes [82, A9, E4, 02, 82, F0, C2, ...] .text akvuxe3p.SYS 8CD750A9 35 Bytes CALL 759EF12F .text akvuxe3p.SYS 8CD750CE 10 Bytes [00, 00, 00, 00, 00, 00, 6D, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; INSD ; POPF ; SCASB ; DEC EAX} .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[3660] USER32.dll!DialogBoxIndirectParamW 76DCBD25 5 Bytes JMP 6D290696 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3660] USER32.dll!DialogBoxParamW 76DE1FD5 5 Bytes JMP 6D290620 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3660] USER32.dll!DialogBoxParamA 76E080B2 5 Bytes JMP 6D29065B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3660] USER32.dll!DialogBoxIndirectParamA 76E083DD 5 Bytes JMP 6D2906D1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3660] USER32.dll!MessageBoxIndirectA 76E1D471 5 Bytes JMP 6D2905DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3660] USER32.dll!MessageBoxIndirectW 76E1D56B 5 Bytes JMP 6D290598 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3660] USER32.dll!MessageBoxExA 76E1D5D1 5 Bytes JMP 6D29055E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3660] USER32.dll!MessageBoxExW 76E1D5F5 5 Bytes JMP 6D290524 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3660] ole32.dll!OleLoadFromStream 760A9726 5 Bytes JMP 6D290893 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806986D2] \SystemRoot\System32\Drivers\spxq.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80698040] \SystemRoot\System32\Drivers\spxq.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806987FC] \SystemRoot\System32\Drivers\spxq.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806980BE] \SystemRoot\System32\Drivers\spxq.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069813C] \SystemRoot\System32\Drivers\spxq.sys IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortNotification] 009E840F IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortWritePortUchar] 8B660000 IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortWritePortUlong] 89662448 IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 4D8BE84D IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 02C183E8 IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortGetScatterGatherList] EA4D8966 IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortReadPortUchar] 0320488B IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortStallExecution] 08458DC8 IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortGetParentBusType] [8D575750] \SystemRoot\system32\drivers\luafv.sys (LUA File Virtualization Filter Driver/Microsoft Corporation) IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortRequestCallback] 6850F045 IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortWritePortBufferUshort] B0020000 IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 50E8458D IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortCompleteRequest] AFBC35FF IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortMoveMemory] 4D898CD9 IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 45C757EC IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 000001F0 IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] E5FEE800 IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortReadPortUshort] C73B0001 IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C8A14675 IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortInitialize] 6A8CD9AF IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortGetDeviceBase] 9A888D52 IAT \SystemRoot\System32\Drivers\akvuxe3p.SYS[ataport.SYS!AtaPortDeviceStateChange] 83000000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84C1B1F8 Device \Driver\volmgr \Device\VolMgrControl 8428F1F8 Device \Driver\usbuhci \Device\USBPDO-0 85EDF1F8 Device \Driver\usbuhci \Device\USBPDO-1 85EDF1F8 Device \Driver\usbuhci \Device\USBPDO-2 85EDF1F8 Device \Driver\usbuhci \Device\USBPDO-3 85EDF1F8 Device \Driver\PCI_PNP9696 \Device\00000047 spxq.sys Device \Driver\usbehci \Device\USBPDO-4 85EE01F8 AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-5 85EDF1F8 Device \Driver\usbuhci \Device\USBPDO-6 85EDF1F8 Device \Driver\USBSTOR \Device\00000063 8647F1F8 Device \Driver\volmgr \Device\HarddiskVolume1 8428F1F8 Device \Driver\netbt \Device\NetBT_Tcpip_{7E145A8F-A9BB-460D-BBBF-60406E8A32F3} 864241F8 Device \Driver\USBSTOR \Device\00000064 8647F1F8 Device \Driver\usbehci \Device\USBPDO-7 85EE01F8 Device \Driver\volmgr \Device\HarddiskVolume2 8428F1F8 Device \Driver\cdrom \Device\CdRom0 8614C1F8 Device \Driver\USBSTOR \Device\00000065 8647F1F8 Device \Driver\volmgr \Device\HarddiskVolume3 8428F1F8 Device \Driver\cdrom \Device\CdRom1 8614C1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84C1A1F8 Device \Driver\atapi \Device\Ide\IdePort0 84C1A1F8 Device \Driver\atapi \Device\Ide\IdePort1 84C1A1F8 Device \Driver\atapi \Device\Ide\IdePort2 84C1A1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 84C1A1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 84C1A1F8 Device \Driver\USBSTOR \Device\00000066 8647F1F8 Device \Driver\volmgr \Device\HarddiskVolume4 8428F1F8 Device \Driver\cdrom \Device\CdRom2 8614C1F8 Device \Driver\USBSTOR \Device\00000067 8647F1F8 Device \Driver\USBSTOR \Device\00000074 8647F1F8 Device \Driver\volmgr \Device\HarddiskVolume5 8428F1F8 Device \Driver\volmgr \Device\HarddiskVolume6 8428F1F8 Device \Driver\USBSTOR \Device\00000076 8647F1F8 Device \Driver\netbt \Device\NetBt_Wins_Export 864241F8 Device \Driver\Smb \Device\NetbiosSmb 864011F8 Device \Driver\iScsiPrt \Device\RaidPort0 85ECF1F8 AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\sptd \Device\3328369696 spxq.sys Device \Driver\usbuhci \Device\USBFDO-0 85EDF1F8 Device \Driver\usbuhci \Device\USBFDO-1 85EDF1F8 Device \Driver\usbuhci \Device\USBFDO-2 85EDF1F8 Device \Driver\usbuhci \Device\USBFDO-3 85EDF1F8 Device \Driver\usbehci \Device\USBFDO-4 85EE01F8 Device \Driver\usbuhci \Device\USBFDO-5 85EDF1F8 Device \Driver\usbuhci \Device\USBFDO-6 85EDF1F8 Device \Driver\usbehci \Device\USBFDO-7 85EE01F8 Device \Driver\akvuxe3p \Device\Scsi\akvuxe3p1Port4Path0Target0Lun0 85ECD1F8 Device \Driver\akvuxe3p \Device\Scsi\akvuxe3p1 85ECD1F8 Device \FileSystem\cdfs \Cdfs 847B41F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x03 0x7A 0x2A 0x1D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x42 0x31 0xE8 0xE5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x10 0x4C 0xF9 0x01 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x03 0x7A 0x2A 0x1D ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x42 0x31 0xE8 0xE5 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x10 0x4C 0xF9 0x01 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x77 0xF6 0x4D 0x43 ... ---- EOF - GMER 1.0.15 ----
  6. Thanks or your ongoing help Maurice. As some supplementary info, the first time I rebooted after running Avenger I still had the same messages about Skynet coming up from Windows and my AVG resident shield. I then ran GMER which had a blue screen error and crashed, my PC restarted and I chose safe mode, ran it again to get the above txt and the the SKYNET messages seem to have gone now I've rebooted normally.
  7. GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net Rootkit scan 2009-08-17 22:29:36 Windows 6.0.6001 Service Pack 1 ---- System - GMER 1.0.15 ---- INT 0x52 ? 84C69F00 INT 0x62 ? 84C69F00 INT 0x72 ? 84C69F00 INT 0x82 ? 84C69F00 INT 0x82 ? 84C69F00 INT 0x82 ? 84C69F00 INT 0x82 ? 84C69F00 INT 0xA2 ? 83C5ABF8 INT 0xB2 ? 83C5ABF8 INT 0xB2 ? 83C5ABF8 INT 0xB2 ? 84C69F00 INT 0xB2 ? 83C5ABF8 ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\spls.sys The system cannot find the path specified. ! .text USBPORT.SYS!DllUnload 8813A46F 5 Bytes JMP 84C694E0 .text a9vh0ccg.SYS 881A3000 22 Bytes [26, E2, 1C, 82, 10, E1, 1C, ...] .text a9vh0ccg.SYS 881A3017 78 Bytes [00, 32, 67, B9, 87, 3D, 65, ...] .text a9vh0ccg.SYS 881A3066 66 Bytes [E1, 81, C8, 4B, E6, 81, 30, ...] .text a9vh0ccg.SYS 881A30A9 35 Bytes [10, E6, 81, A0, 07, E6, 81, ...] .text a9vh0ccg.SYS 881A30CE 10 Bytes [00, 00, 00, 00, 00, 00, 6D, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; INSD ; POPF ; SCASB ; DEC EAX} .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [87A8D6D2] \SystemRoot\System32\Drivers\spls.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [87A8D040] \SystemRoot\System32\Drivers\spls.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [87A8D7FC] \SystemRoot\System32\Drivers\spls.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [87A8D0BE] \SystemRoot\System32\Drivers\spls.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [87A8D13C] \SystemRoot\System32\Drivers\spls.sys IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortNotification] 009E840F IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortWritePortUchar] 8B660000 IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortWritePortUlong] 89662448 IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 4D8BE84D IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 02C183E8 IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortGetScatterGatherList] EA4D8966 IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortReadPortUchar] 0320488B IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortStallExecution] 08458DC8 IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortGetParentBusType] 8D575750 IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortRequestCallback] 6850F045 IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortWritePortBufferUshort] B0020000 IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 50E8458D IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortCompleteRequest] 8FBC35FF IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortMoveMemory] 4D89881C IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 45C757EC IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 000001F0 IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] E5FEE800 IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortReadPortUshort] C73B0001 IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C8A14675 IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortInitialize] 6A881C8F IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortGetDeviceBase] 9A888D52 IAT \SystemRoot\System32\Drivers\a9vh0ccg.SYS[ataport.SYS!AtaPortDeviceStateChange] 83000000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84A1E1F8 Device \Driver\volmgr \Device\VolMgrControl 83C5C1F8 Device \Driver\usbuhci \Device\USBPDO-0 84E3D1F8 Device \Driver\usbuhci \Device\USBPDO-1 84E3D1F8 Device \Driver\usbuhci \Device\USBPDO-2 84E3D1F8 Device \Driver\PCI_PNP1904 \Device\00000046 spls.sys Device \Driver\usbuhci \Device\USBPDO-3 84E3D1F8 Device \Driver\USBSTOR \Device\00000061 84D1D1F8 Device \Driver\usbehci \Device\USBPDO-4 84D293A0 Device \Driver\USBSTOR \Device\00000062 84D1D1F8 Device \Driver\usbuhci \Device\USBPDO-5 84E3D1F8 Device \Driver\USBSTOR \Device\00000063 84D1D1F8 Device \Driver\usbuhci \Device\USBPDO-6 84E3D1F8 Device \Driver\volmgr \Device\HarddiskVolume1 83C5C1F8 Device \Driver\USBSTOR \Device\00000064 84D1D1F8 Device \Driver\usbehci \Device\USBPDO-7 84D293A0 Device \Driver\cdrom \Device\CdRom0 84DAC1F8 Device \Driver\volmgr \Device\HarddiskVolume2 83C5C1F8 Device \Driver\USBSTOR \Device\00000065 84D1D1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84A1D1F8 Device \Driver\atapi \Device\Ide\IdePort0 84A1D1F8 Device \Driver\atapi \Device\Ide\IdePort1 84A1D1F8 Device \Driver\atapi \Device\Ide\IdePort2 84A1D1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 84A1D1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-1 84A1D1F8 Device \Driver\cdrom \Device\CdRom1 84DAC1F8 Device \Driver\volmgr \Device\HarddiskVolume3 83C5C1F8 Device \Driver\cdrom \Device\CdRom2 84DAC1F8 Device \Driver\volmgr \Device\HarddiskVolume4 83C5C1F8 Device \Driver\volmgr \Device\HarddiskVolume5 83C5C1F8 Device \Driver\volmgr \Device\HarddiskVolume6 83C5C1F8 Device \Driver\iScsiPrt \Device\RaidPort0 84DB21F8 Device \Driver\USBSTOR \Device\0000006a 84D1D1F8 Device \Driver\usbuhci \Device\USBFDO-0 84E3D1F8 Device \Driver\USBSTOR \Device\0000006c 84D1D1F8 Device \Driver\usbuhci \Device\USBFDO-1 84E3D1F8 Device \Driver\usbuhci \Device\USBFDO-2 84E3D1F8 Device \Driver\usbuhci \Device\USBFDO-3 84E3D1F8 Device \Driver\usbehci \Device\USBFDO-4 84D293A0 Device \Driver\sptd \Device\2960055654 spls.sys Device \Driver\usbuhci \Device\USBFDO-5 84E3D1F8 Device \Driver\usbuhci \Device\USBFDO-6 84E3D1F8 Device \Driver\usbehci \Device\USBFDO-7 84D293A0 Device \Driver\a9vh0ccg \Device\Scsi\a9vh0ccg1 84DAD1F8 Device \Driver\a9vh0ccg \Device\Scsi\a9vh0ccg1Port4Path0Target0Lun0 84DAD1F8 Device \FileSystem\cdfs \Cdfs 8509B500 ---- Services - GMER 1.0.15 ---- Service C:\Windows\system32\drivers\SKYNETpfnobsxb.sys (*** hidden *** ) [sYSTEM] SKYNETstglbkdq <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq@imagepath \systemroot\system32\drivers\SKYNETpfnobsxb.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq\main Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq\main@aid 10002 Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq\main@sid 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq\main@cmddelay 14400 Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq\main\delete Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq\main\injector Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq\main\injector@* SKYNETwsp.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq\main\tasks Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETpfnobsxb.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq\modules@SKYNETcmd.dll \systemroot\system32\SKYNETriwdkeye.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq\modules@SKYNETlog.dat \systemroot\system32\SKYNETitmhrfex.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq\modules@SKYNETwsp.dll \systemroot\system32\SKYNETvpjedeqn.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETstglbkdq\modules@SKYNET.dat \systemroot\system32\SKYNETxpoiqjup.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x03 0x7A 0x2A 0x1D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x42 0x31 0xE8 0xE5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x10 0x4C 0xF9 0x01 ... Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq@start 1 Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq@type 1 Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq@group file system Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq@imagepath \systemroot\system32\drivers\SKYNETpfnobsxb.sys Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq\main (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq\main@aid 10002 Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq\main@sid 1 Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq\main@cmddelay 14400 Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq\main\delete (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq\main\injector (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq\main\injector@* SKYNETwsp.dll Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq\main\tasks (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETpfnobsxb.sys Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq\modules@SKYNETcmd.dll \systemroot\system32\SKYNETriwdkeye.dll Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq\modules@SKYNETlog.dat \systemroot\system32\SKYNETitmhrfex.dat Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq\modules@SKYNETwsp.dll \systemroot\system32\SKYNETvpjedeqn.dll Reg HKLM\SYSTEM\ControlSet008\Services\SKYNETstglbkdq\modules@SKYNET.dat \systemroot\system32\SKYNETxpoiqjup.dat Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x03 0x7A 0x2A 0x1D ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x42 0x31 0xE8 0xE5 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x10 0x4C 0xF9 0x01 ... ---- EOF - GMER 1.0.15 ----
  8. Hi Maurice, Only OTL would run - Rootrepeal froze when scanning and Security check wouldn't because an error message relating to the malware kept spooling. I took screen prints of where root repeal got to and the error message on Security check - root repeal one attached here and I'll see if I can get the size of the securoity check one down so that can be attached. snodes_root_repeal_scan.doc
  9. OTL logfile created on: 16/08/2009 20:05:01 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\The Snowdons\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 31.66% Memory free 4.00 Gb Paging File | 2.70 Gb Available in Paging File | 67.40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465.76 Gb Total Space | 410.19 Gb Free Space | 88.07% Space Free | Partition Type: NTFS Drive D: | 83.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: THESNOWDONS-PC Current User Name: The Snowdons Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2008/09/18 00:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe PRC - [2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/07/28 16:59:04 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2007/02/09 17:35:10 | 00,278,608 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe PRC - [2008/08/29 00:53:18 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe PRC - [2007/02/09 09:35:54 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe PRC - [2007/05/28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009/07/28 16:59:09 | 00,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe PRC - [2009/07/28 16:59:10 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe PRC - [2009/07/28 16:59:15 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2009/07/28 16:59:11 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2009/07/28 16:59:14 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/01/19 08:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe PRC - [2007/02/09 17:35:12 | 00,110,677 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE PRC - [2009/08/14 01:07:30 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe PRC - [2007/06/18 09:39:10 | 00,061,440 | ---- | M] () -- C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe PRC - [2009/08/13 11:14:17 | 00,472,064 | ---- | M] ( ) -- C:\Users\The Snowdons\Desktop\RootRepeal.exe PRC - [2009/07/28 16:59:14 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe PRC - [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe PRC - [2008/01/19 08:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe PRC - [2009/08/16 19:51:41 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\The Snowdons\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2009/03/06 01:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) SRV - [2009/07/28 16:59:10 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running]) SRV - [2009/07/28 16:59:04 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running]) SRV - [2007/02/09 17:35:10 | 00,278,608 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running]) SRV - [2008/07/27 19:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2007/02/09 17:35:12 | 00,110,677 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running]) SRV - [2008/01/19 08:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Running]) SRV - [2006/11/02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Running]) SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped]) SRV - [2008/01/19 08:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running]) SRV - [2008/06/20 02:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) SRV - [2009/03/24 10:43:16 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped]) SRV - [2008/06/20 02:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [unknown | Stopped]) SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped]) SRV - [2008/08/29 00:53:18 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Running]) SRV - [2008/06/20 02:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) SRV - [2008/09/18 00:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running]) SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2007/02/09 09:35:54 | 00,262,247 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo [Auto | Running]) SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running]) SRV - [2007/05/28 17:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running]) SRV - [2008/01/19 08:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running]) SRV - [2008/01/19 08:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services (SafeList) ========== DRV - [2007/01/25 19:42:50 | 02,831,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\System32\DRIVERS\3xHybrid.sys -- (3xHybrid [On_Demand | Running]) DRV - [2006/11/02 10:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped]) DRV - [2006/11/02 10:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped]) DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped]) DRV - [2006/11/02 10:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped]) DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped]) DRV - [2006/11/02 10:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped]) DRV - [2006/11/02 10:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped]) DRV - [2006/11/02 10:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped]) DRV - [2009/07/28 16:59:15 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [system | Running]) DRV - [2009/07/28 16:59:15 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [system | Running]) DRV - [2009/04/24 09:24:55 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86 [boot | Running]) DRV - [2009/04/24 09:24:47 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [system | Running]) DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped]) DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped]) DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped]) DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped]) DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped]) DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped]) DRV - [2006/11/02 10:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped]) DRV - [2006/11/02 08:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped]) DRV - [2006/11/02 10:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped]) DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) DRV - [2006/11/02 10:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped]) DRV - [2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped]) DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped]) DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped]) DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped]) DRV - [2006/11/02 10:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped]) DRV - [2006/11/02 10:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped]) DRV - [2006/11/02 10:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped]) DRV - [2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Stopped]) DRV - [2006/11/02 10:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped]) DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped]) DRV - [2007/11/17 02:34:22 | 00,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [On_Demand | Stopped]) DRV - [2007/11/17 02:34:22 | 00,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [On_Demand | Stopped]) DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped]) DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped]) DRV - [2009/05/09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Running]) DRV - [2008/09/18 00:55:00 | 07,379,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running]) DRV - [2006/11/02 10:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped]) DRV - [2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped]) DRV - [2007/04/03 11:43:28 | 01,131,136 | ---- | M] (Philips Semiconductors GmbH) -- C:\Windows\System32\DRIVERS\Ph3xIB32.sys -- (Ph3xIB32 [On_Demand | Stopped]) DRV - [2004/04/27 00:31:04 | 00,474,304 | ---- | M] (Logitech Inc.) -- C:\Windows\System32\DRIVERS\LVCD.sys -- (QCDonner [On_Demand | Stopped]) DRV - [2006/11/02 10:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped]) DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped]) DRV - [2006/11/02 08:30:56 | 00,044,544 | ---- | M] (Realtek Corporation) -- C:\Windows\System32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running]) DRV - [2009/08/05 16:06:28 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [system | Running]) DRV - [2009/08/05 16:06:30 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped]) DRV - [2009/08/05 16:06:28 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [system | Running]) DRV - [2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running]) DRV - [2006/11/02 10:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped]) DRV - [2006/11/02 10:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped]) DRV - [2009/04/14 15:41:49 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [boot | Running]) DRV - [2007/06/21 10:45:08 | 00,029,696 | ---- | M] (Service & Quality Technology.) -- C:\Windows\System32\Drivers\Capt913D.sys -- (SQTECH913D [On_Demand | Stopped]) DRV - [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped]) DRV - [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped]) DRV - [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped]) DRV - [2006/11/02 10:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped]) DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped]) DRV - [2006/11/02 10:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped]) DRV - [2009/03/06 00:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped]) DRV - [2006/11/02 10:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped]) DRV - [2006/11/02 10:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?&.s...ntl=uk&rl=1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/14 09:05:24 | 00,000,000 | ---D | M] O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [bTAgile] C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009/08/16 20:03:40 | 00,177,664 | ---- | C] () -- C:\Users\The Snowdons\Documents\snodes root repeal scan.doc [2009/08/16 19:52:01 | 00,838,010 | ---- | C] () -- C:\Users\The Snowdons\Desktop\SecurityCheck.exe [2009/08/16 19:51:31 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\The Snowdons\Desktop\OTL.exe [2009/08/16 19:36:46 | 00,465,298 | ---- | C] () -- C:\Users\The Snowdons\Desktop\RootRepeal.rar [2009/08/16 19:34:41 | 00,000,000 | ---- | C] () -- C:\Users\The Snowdons\Desktop\settings.dat [2009/08/16 19:34:35 | 00,472,064 | ---- | C] ( ) -- C:\Users\The Snowdons\Desktop\RootRepeal.exe [2009/08/16 18:50:07 | 00,001,874 | ---- | C] () -- C:\Users\The Snowdons\Desktop\HijackThis.lnk [2009/08/16 18:50:06 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/08/16 18:42:35 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\The Snowdons\Desktop\mbam-setup.exe [2009/08/16 17:15:41 | 01,718,504 | ---- | C] () -- C:\Users\The Snowdons\Documents\Resident Shield File.csv [2009/08/14 09:06:32 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2009/08/14 09:06:32 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll [2009/08/14 09:06:32 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys [2009/08/14 09:06:32 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll [2009/08/14 09:06:32 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll [2009/08/14 09:06:32 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll [2009/08/14 09:06:32 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll [2009/08/14 09:06:32 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe [2009/08/13 00:07:58 | 00,001,267 | ---- | C] () -- C:\Windows\wininit.ini [2009/08/12 22:31:40 | 00,123,416 | ---- | C] () -- C:\MGlogs.zip [2009/08/12 22:31:38 | 00,000,000 | ---D | C] -- C:\MGtools [2009/08/12 22:29:25 | 00,000,000 | ---D | C] -- C:\Users\The Snowdons\AppData\Roaming\Malwarebytes [2009/08/12 22:29:22 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/08/12 22:29:20 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/08/12 22:29:19 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/08/12 22:29:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2009/08/12 22:29:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/08/12 22:28:26 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2009/08/12 22:28:16 | 00,000,902 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/08/12 22:28:15 | 00,000,000 | ---D | C] -- C:\Users\The Snowdons\AppData\Roaming\SUPERAntiSpyware.com [2009/08/12 22:28:15 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2009/08/12 22:27:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009/08/12 18:56:35 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll [2009/08/12 18:56:33 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll [2009/08/12 18:56:32 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll [2009/08/12 18:56:30 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2009/08/12 18:56:26 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll [2009/08/12 18:56:25 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll [2009/08/12 18:56:25 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2009/08/12 18:56:21 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2009/08/12 18:56:21 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2009/08/12 18:56:17 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2009/08/12 18:56:17 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2009/08/12 18:56:17 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2009/08/07 17:47:35 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2009/08/07 17:47:35 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2009/08/07 17:47:35 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2009/08/07 17:47:35 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2009/08/07 17:47:35 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl [2009/08/07 17:47:35 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2009/08/07 17:47:34 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll [2009/08/07 17:47:33 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2009/08/07 17:41:07 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll [2009/08/07 17:41:06 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll [2009/08/07 17:41:05 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2009/08/07 17:40:54 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2009/08/07 17:40:51 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2009/07/29 16:52:59 | 03,583,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll [2009/07/29 16:52:58 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll [2009/07/29 16:52:58 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll [2009/07/29 16:52:57 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll [2009/07/29 16:52:57 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll [2009/07/29 16:52:57 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009/07/29 16:52:57 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009/07/29 16:52:57 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll [2009/07/29 16:52:56 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2009/07/29 16:52:56 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2009/07/29 16:52:56 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2009/07/29 16:52:56 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2009/07/29 16:52:56 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009/07/29 16:52:56 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009/07/29 16:52:55 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2009/06/24 15:39:39 | 00,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009/06/24 15:35:11 | 00,000,025 | ---- | C] () -- C:\Windows\CDE SX200DEFGIPS.ini [2009/04/14 15:41:49 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009/02/12 17:35:29 | 00,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2008/12/05 21:29:19 | 00,000,000 | ---- | C] () -- C:\Windows\PTWebCam.INI [2008/03/04 18:17:58 | 00,001,265 | ---- | C] () -- C:\Windows\disney.ini [2008/01/17 00:17:23 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2008/01/17 00:17:20 | 01,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008/01/17 00:17:20 | 00,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008/01/17 00:17:19 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008/01/17 00:17:18 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008/01/17 00:17:18 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2008/01/16 21:09:55 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini [2006/11/02 11:23:31 | 00,000,168 | ---- | C] () -- C:\Windows\win.ini [2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2004/03/26 10:56:40 | 00,017,191 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini ========== Files - Modified Within 30 Days ========== [1 C:\Windows\*.tmp files] [2009/08/16 20:03:41 | 00,177,664 | ---- | M] () -- C:\Users\The Snowdons\Documents\snodes root repeal scan.doc [2009/08/16 19:52:13 | 00,838,010 | ---- | M] () -- C:\Users\The Snowdons\Desktop\SecurityCheck.exe [2009/08/16 19:51:41 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\The Snowdons\Desktop\OTL.exe [2009/08/16 19:48:21 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/08/16 19:48:21 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009/08/16 19:48:21 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009/08/16 19:43:43 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2009/08/16 19:41:19 | 00,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/08/16 19:41:19 | 00,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/08/16 19:41:17 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/08/16 19:41:15 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009/08/16 19:38:04 | 03,934,607 | -H-- | M] () -- C:\Users\The Snowdons\AppData\Local\IconCache.db [2009/08/16 19:36:55 | 00,465,298 | ---- | M] () -- C:\Users\The Snowdons\Desktop\RootRepeal.rar [2009/08/16 19:34:41 | 00,000,000 | ---- | M] () -- C:\Users\The Snowdons\Desktop\settings.dat [2009/08/16 18:50:07 | 00,001,874 | ---- | M] () -- C:\Users\The Snowdons\Desktop\HijackThis.lnk [2009/08/16 18:43:36 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2009/08/16 18:42:53 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\The Snowdons\Desktop\mbam-setup.exe [2009/08/16 17:38:46 | 39,893,964 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2009/08/16 17:17:27 | 00,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{503AD6C4-E33D-4F0D-9A98-6601BC6AF1EF}.job [2009/08/16 17:15:42 | 01,718,504 | ---- | M] () -- C:\Users\The Snowdons\Documents\Resident Shield File.csv [2009/08/15 17:36:35 | 00,065,360 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg [2009/08/14 23:28:42 | 00,001,267 | ---- | M] () -- C:\Windows\wininit.ini [2009/08/13 20:36:41 | 00,001,085 | ---- | M] () -- C:\Users\The Snowdons\Desktop\Spybot - Search & Destroy.lnk [2009/08/13 11:14:17 | 00,472,064 | ---- | M] ( ) -- C:\Users\The Snowdons\Desktop\RootRepeal.exe [2009/08/12 22:35:43 | 00,123,416 | ---- | M] () -- C:\MGlogs.zip [2009/08/12 22:28:16 | 00,000,902 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2009/08/11 22:35:59 | 00,007,592 | ---- | M] () -- C:\Users\The Snowdons\AppData\Local\d3d9caps.dat [2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/07/30 01:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe [2009/07/28 16:59:15 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys [2009/07/28 16:59:15 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys [2009/07/28 16:59:15 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2009/07/18 17:06:20 | 00,827,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll [2009/07/18 17:06:05 | 01,166,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll [2009/07/18 17:04:41 | 00,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\occache.dll [2009/07/18 17:03:16 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2009/07/18 17:02:53 | 03,583,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll [2009/07/18 17:02:50 | 00,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2009/07/18 17:02:05 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2009/07/18 17:01:49 | 06,069,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll [2009/07/18 17:01:49 | 00,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll [2009/07/18 17:01:48 | 00,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2009/07/18 17:01:48 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2009/07/18 17:01:48 | 00,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2009/07/18 11:16:01 | 00,389,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2009/07/18 10:46:14 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2009/07/18 10:45:19 | 01,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb ========== LOP Check ========== [2009/08/12 22:29:25 | 00,000,000 | ---D | M] -- C:\Users\The Snowdons\AppData\Roaming [2008/04/30 18:07:00 | 00,000,000 | ---D | M] -- C:\Users\The Snowdons\AppData\Roaming\BT [2009/02/12 18:05:28 | 00,000,000 | ---D | M] -- C:\Users\The Snowdons\AppData\Roaming\CyberLink [2009/06/25 19:38:16 | 00,000,000 | ---D | M] -- C:\Users\The Snowdons\AppData\Roaming\EPSON [2009/03/02 14:23:42 | 00,000,000 | ---D | M] -- C:\Users\The Snowdons\AppData\Roaming\GetRightToGo [2009/08/14 01:12:53 | 00,000,000 | ---D | M] -- C:\Users\The Snowdons\AppData\Roaming\LimeWire [2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Users\The Snowdons\AppData\Roaming\Media Center Programs [2008/12/10 21:03:58 | 00,000,000 | ---D | M] -- C:\Users\The Snowdons\AppData\Roaming\Motive [2008/12/23 11:13:38 | 00,000,000 | ---D | M] -- C:\Users\The Snowdons\AppData\Roaming\OpenOffice.org [2008/12/22 20:18:52 | 00,000,000 | ---D | M] -- C:\Users\The Snowdons\AppData\Roaming\OpenOffice.org2 [2009/06/08 10:52:23 | 00,000,000 | ---D | M] -- C:\Users\The Snowdons\AppData\Roaming\Snapfish [2009/07/03 20:31:46 | 00,000,000 | ---D | M] -- C:\Users\The Snowdons\AppData\Roaming\Spotify [2009/08/16 19:43:43 | 00,000,868 | ---- | M] () -- C:\Windows\Tasks\Google Software Updater.job [2009/08/16 19:41:17 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT [2009/08/16 19:40:05 | 00,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009/08/16 17:17:27 | 00,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{503AD6C4-E33D-4F0D-9A98-6601BC6AF1EF}.job ========== Purity Check ========== < End of report > OTL Extras logfile created on: 16/08/2009 20:05:01 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\The Snowdons\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 31.66% Memory free 4.00 Gb Paging File | 2.70 Gb Available in Paging File | 67.40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465.76 Gb Total Space | 410.19 Gb Free Space | 88.07% Space Free | Partition Type: NTFS Drive D: | 83.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: THESNOWDONS-PC Current User Name: The Snowdons Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3188036164-2254565855-3087354152-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1CEAF944-7E3A-47BD-8E1E-4D439FEBE76D}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | "{219DB089-D827-4C65-9A15-1C86053AEDE5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{21AC4FE9-076F-4558-8374-ED4C7A8A158E}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe | "{25A547BA-99D5-4963-8937-D8D1A3A5AB75}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "{56CEA54E-4BA2-42AE-80C3-0CCB5D0F8AB0}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield 2142\bf2142.exe | "{5EA0D9DA-E4F4-4A01-8A7C-2A430CAA1DBB}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield 2142\bf2142.exe | "{6365E6D3-4AAC-4776-BE1B-ECD6BB8A6DB8}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "{68EDB13D-55FA-4FAD-BC20-11BDC8C44849}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{6F2D15E3-5642-42B2-9BD7-A1A0914E5F8D}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | "{716C83A0-25CC-425C-BA04-2A2D737D448C}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe | "{71C7E107-E1CF-4265-B619-2DE95CD57826}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{721B0B3F-7746-4452-9A9E-CCB6F66AC7CC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{8B5A8E22-05AB-4DC0-AABF-DE647AF9C6A8}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{9798BBC5-E88C-465C-A38E-08B186510FC9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9813F34A-5025-447B-B7EE-3CDFD0974FE5}" = dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe | "{9BBE6F3C-38AB-443B-9D6B-D662D12B456E}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dms\clmsservice.exe | "{A9E9F58C-5E3E-4A1A-BFF4-A7347FEC42A2}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | "{AD407AA1-7ABB-4615-827A-0B38E4766EA2}" = dir=in | app=c:\program files\cyberlink\powercinema\kernel\dmp\clbrowserengine.exe | "{B5A3D751-363D-4DBB-B401-EE420DAB0ECA}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "{E7EF44B8-3A81-4DF2-BBAF-D2097C2F01AE}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe | "{F140A53D-01F0-4CC3-89C0-DED733A573E0}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{F49030BC-7E6A-4771-9328-DB2E2F9F8F6C}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | "{FFF463A2-F558-40AE-A9AB-A59CE5B03199}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "TCP Query User{2F343A53-4F11-40C9-B34F-FA084B1D0B74}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | "TCP Query User{7CC2F55B-2B39-4C6F-997F-7EE3E9C145EC}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe | "TCP Query User{DCE2FB4E-F9E6-4637-8D2E-B1127B2931FD}C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | "TCP Query User{DEB03E3A-EF24-4208-B8A1-25BDCA49867D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{DEF038C6-43F8-4689-B85D-F1C3FB7C1836}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{2B0B04DC-3671-4EC4-BBDA-38C0EFDD3DE3}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | "UDP Query User{A56CE644-C614-4E8D-9BE9-C6F6BEDB10D4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{AC179E22-99A3-4121-8BBA-1B1AF801D1A4}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe | "UDP Query User{AD228BD7-82A8-4920-8D5E-4D1BBF4E747A}C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe | "UDP Query User{E10CA6EE-A3E8-4150-B2B4-ACE5FBD870AC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2 "{062BFFA1-0CCC-400B-B840-F162328D8C00}" = winLAME prerelease4 "{10631C28-62E5-477C-9B40-40C5EA8219BE}" = Black & White
  10. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:50:29, on 16/08/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?&.s...ntl=uk&rl=1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [bTAgile] C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 7233 bytes
  11. I've become infected with the SKYNET trojan. My AVG picked it up and the Resident Shield nas blocked it so I followed as many routes to clean it as I could find - Spybot, AVG Rootkit scanner etc which seemed ot pick it up and remove it but it then re-appeared whenever I booted up (or did anything, to be honest). When I try to run MBAM the scans don't find anything then stop running when scanning the system 32 files and the programme becomes (not responding). I've found and "Wiped" the .sys file usiong Root Repeal but I now get windows messages saying that the varios Skynet DLLs are not designed ot run on windows and that I should reinstall them (!) and my AVG is spooling round popping up that it's blocked the SKYNET .sys file that's oin System 32 drivers every 30 seconds. Could anyone help me through getting rid of this nasty blighter? Thanks - I'm using MS Vista btw and would rate my technical ability as "novice"
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.