Accountant's Computer

BryanO · July 5, 2010

Okay,so I've been asked to take a look at my cousin's computer.He is an accountant,so he's worried that if there is something on this computer,it could be used to gain his clients details.Anyway,so I followed the instructions on this board,and the logs are below.

DDS (Ver_10-03-17.01) - NTFSx86

Run by User1 at 17:25:17.53 on 05/07/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1057 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe

C:\Program Files\iolo\common\lib\ioloServiceManager.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG9\avgemc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Mouse Driver\MouseDrv.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\YouSendIt\Express\YouSendIt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\iolo\System Mechanic\SMTrayNotify.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\PROGRA~1\COMMON~1\Nokia\MPLATF~1\NOKIAM~1.EXE

C:\Documents and Settings\User1\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.mytalktalk.co.uk/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.alltheinternet.com/search.htm

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

mSearchAssistant = hxxp://www.alltheinternet.com/search.htm

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: Advanced Searchbar: {cdeec43d-3572-4e95-a2a5-f519d29f00c0} - c:\progra~1\advanc~1\ADVANC~1.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Advanced Searchbar: {57f02779-3d88-4958-8ad3-83c12d86adc7} - c:\program files\advancedsearchbar\advancedsearchbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [YouSendIt.exe] c:\program files\yousendit\express\YouSendIt.exe -ui none

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [<NO NAME>]

uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [CreativeMouse ] c:\program files\mouse driver\MouseDrv.exe

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\user1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\client~1.lnk - c:\program files\buffalo\client manager3\cm3_tray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-gb\local\search.html

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

IE: {57F02779-3D88-4958-8AD3-83C12D86ADC7} - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - c:\program files\advancedsearchbar\advancedsearchbar.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238587244625

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user1\applic~1\mozilla\firefox\profiles\aphg9f63.default\

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-5 165456]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-25 216200]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-25 29584]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-25 242896]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-5 17744]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-5 40384]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-4 916760]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-4 308064]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbguard.exe [2010-1-5 81920]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-6-10 704432]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-6-10 704432]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-5 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-5 40384]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_1\bin\fbserver.exe [2010-1-5 2723840]

R3 U2KG54L;BUFFALO WLI-U2-KG54L Wireless LAN Driver;c:\windows\system32\drivers\U2KG54L.SYS [2006-8-24 477696]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-07-05 16:18:56 0 ----a-w- c:\documents and settings\user1\defogger_reenable

2010-07-05 12:33:52 38848 ----a-w- c:\windows\avastSS.scr

2010-07-05 12:33:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-07-05 11:21:36 0 d-----w- c:\docume~1\user1\applic~1\Malwarebytes

2010-07-05 11:21:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-05 11:21:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-05 11:21:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-05 11:21:25 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-06-23 15:05:54 0 d-----w- c:\docume~1\user1\applic~1\Greenpoint

2010-06-23 15:05:00 696320 ----a-w- c:\windows\system32\libeay32.dll

2010-06-23 15:05:00 25600 ----a-w- c:\windows\system32\borlndmm.dll

2010-06-23 15:05:00 155648 ----a-w- c:\windows\system32\ssleay32.dll

2010-06-22 07:58:26 629 ----a-w- c:\windows\system32\mapisvc.inf

2010-06-22 07:22:28 0 d-----w- c:\program files\iPod

2010-06-22 07:17:58 0 d-----w- c:\program files\Bonjour

2010-06-16 11:53:02 0 d-----w- c:\program files\Palace of Chance

2010-06-12 09:45:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-10 09:12:22 406 ----a-w- c:\windows\system32\ioloBootDefrag.cfg

2010-06-10 09:11:24 93096 ----a-w- c:\windows\system32\IncContxMenu.dll

2010-06-10 09:11:24 2316712 ----a-w- c:\windows\system32\Incinerator.dll

2010-06-10 09:11:20 30208 ----a-w- c:\windows\system32\iolobtdfg.exe

2010-06-10 09:11:20 12288 ----a-w- c:\windows\system32\smrgdf.exe

2010-06-10 09:11:19 0 d-----w- c:\program files\iolo

2010-06-10 09:10:31 74703 ----a-w- c:\windows\system32\mfc45.dll

2010-06-10 09:09:29 0 d-----w- c:\docume~1\user1\applic~1\iolo

2010-06-10 09:09:29 0 d-----w- c:\docume~1\alluse~1\applic~1\iolo

==================== Find3M ====================

2010-06-04 13:04:52 18499623 ----a-w- c:\docume~1\alluse~1\applic~1\vlc-1.0.5-win32.exe

2010-06-03 07:59:49 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-19 19:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-04-12 16:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-08 15:37:12 27800 ---ha-w- c:\windows\system32\mlfcache.dat

2010-01-26 11:31:49 1031 -csh--w- c:\windows\system\ws32ntfa.dat

2002-04-16 10:27:54 5 --sha-w- c:\windows\system32\CdI5T.drv

1998-03-20 01:00:00 1048 -csha-w- c:\windows\system32\flfnlf.sys

1998-03-20 01:00:00 1048 -csha-w- c:\windows\system32\rlfnlf.sys

1998-03-20 01:00:00 1048 -csha-w- c:\windows\system32\TMail3FL.SYS

1998-03-20 01:00:00 1048 -csha-w- c:\windows\system32\TMailRL.sys

============= FINISH: 17:26:22.21 ===============

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4277

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

05/07/2010 17:16:52

mbam-log-2010-07-05 (17-16-52).txt

Scan type: Full scan (C:\|)

Objects scanned: 218646

Time elapsed: 1 hour(s), 34 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

The Malwayre log before this found roughly eighteen infected items,one of which was called 'Stolen.Data'.So you can see why he's worrying.

I tried running the GMER Rootkit scanner,but any time I did,it would run for a few minutes,and then I'd turn around to find there was a lovely big blue screen of death staring back at me.Both times,it said it was for different reasons,but when Windows recovered,it said it was due to a driver failure.I feel slightly out of my depth at this point.I'd really appreciate any and all help people could offer me.

Attach.zip

AdvancedSetup · July 8, 2010

STEP 01

The logs show that you have 2 Anti-Virus products installed and running. You can only have one installed as they will conflict with each other.

Please choose one of them and FULLY remove the other one BEFORE we continue on here.

avast! Free Antivirus

AVG Free 9.0

STEP 02

We can get to this later but as you can see you have a bit too many Toolbars. Personally I don't care for any of them but that's up to you if you want them or not.

Advanced Searchbar

AOL Toolbar 5.0

Google Toolbar for Internet Explorer

Yahoo! Search Protection

Yahoo! Toolbar

STEP 03

This browser was proably installed as part of another software plugin install. If not used it should be uninstalled but that can wait until we're done here.

Safari

*************************************************

Complete STEP 1 first and then do the following.

*************************************************

STEP 04

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Download ComboFix from below:
Combofix download
* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
The Recovery Console was successfully installed.

Click on Yes, to continue scanning for malware.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------

BryanO · July 8, 2010

Okay,I uninstalled half the stuff on here.It's not my computer,so I didn't know what was on here,and what wasn't.I tried uninstalling AVG,but every time I did,it came up with an error.This worried me slightly.Anyway,the combofix log is below.

ComboFix 10-07-07.02 - User1 08/07/2010 12:16:32.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1295 [GMT 1:00]

Running from: c:\documents and settings\User1\My Documents\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\vlc-0.9.9-win32.exe

c:\documents and settings\All Users\Application Data\vlc-1.0.5-win32.exe

c:\windows\system32\Temp

c:\windows\system32\Temp\aawfhriejlcmbvbhxjui.list

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SVCHOST

((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))

.

2010-07-05 17:55 . 2010-07-05 17:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2010-07-05 12:33 . 2010-07-05 12:33 -------- d-----w- c:\program files\Alwil Software

2010-07-05 12:33 . 2010-07-05 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-07-05 11:21 . 2010-07-05 11:21 -------- d-----w- c:\documents and settings\User1\Application Data\Malwarebytes

2010-07-05 11:21 . 2010-07-05 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-05 11:21 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-05 11:21 . 2010-07-05 11:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-05 11:21 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-06-23 15:05 . 2010-06-23 15:05 -------- d-----w- c:\documents and settings\User1\Application Data\Greenpoint

2010-06-23 15:05 . 2003-11-02 09:18 155648 ----a-w- c:\windows\system32\ssleay32.dll

2010-06-23 15:05 . 2003-11-02 09:18 696320 ----a-w- c:\windows\system32\libeay32.dll

2010-06-23 15:05 . 2002-07-25 17:54 25600 ----a-w- c:\windows\system32\borlndmm.dll

2010-06-22 07:22 . 2010-06-22 07:22 -------- d-----w- c:\program files\iPod

2010-06-22 07:17 . 2010-06-22 07:17 -------- d-----w- c:\program files\Bonjour

2010-06-16 11:53 . 2010-07-05 14:41 -------- d-----w- c:\program files\Palace of Chance

2010-06-12 09:45 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-10 09:11 . 2010-06-10 09:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo

2010-06-10 09:11 . 2010-04-21 13:46 93096 ----a-w- c:\windows\system32\IncContxMenu.dll

2010-06-10 09:11 . 2010-04-21 13:46 2316712 ----a-w- c:\windows\system32\Incinerator.dll

2010-06-10 09:11 . 2010-01-28 17:13 30208 ----a-w- c:\windows\system32\iolobtdfg.exe

2010-06-10 09:11 . 2010-01-28 17:13 12288 ----a-w- c:\windows\system32\smrgdf.exe

2010-06-10 09:11 . 2010-06-10 09:11 -------- d-----w- c:\program files\iolo

2010-06-10 09:10 . 2010-06-10 09:10 74703 ----a-w- c:\windows\system32\mfc45.dll

2010-06-10 09:09 . 2010-06-10 09:17 -------- d-----w- c:\documents and settings\User1\Application Data\iolo

2010-06-10 09:09 . 2010-06-10 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-08 11:04 . 2009-11-04 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-07-08 10:24 . 2009-02-26 09:07 -------- d--h--r- c:\documents and settings\All Users\Application Data\yahoo!

2010-07-08 10:23 . 2009-02-26 09:06 -------- d-----w- c:\program files\Yahoo!

2010-07-08 09:10 . 2009-02-24 17:52 1 ----a-w- c:\documents and settings\User1\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-07-05 15:37 . 2009-09-30 07:42 0 -c--a-w- c:\documents and settings\User1\Local Settings\Application Data\prvlcl.dat

2010-07-05 14:41 . 2010-05-24 15:30 -------- d-----w- c:\program files\Cool Cat Casino

2010-06-24 07:54 . 2009-03-16 09:06 33600 -c--a-w- c:\documents and settings\User1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-06-23 15:04 . 2009-02-26 15:35 -------- d-----w- c:\program files\Intuit

2010-06-23 07:15 . 2010-05-25 06:07 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb3.tmp.exe

2010-06-22 19:52 . 2010-02-15 14:13 69214784 ----a-w- c:\documents and settings\User1\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe

2010-06-22 07:23 . 2010-05-07 07:22 -------- d-----w- c:\program files\iTunes

2010-06-22 07:22 . 2010-01-18 21:31 -------- d-----w- c:\program files\Common Files\Apple

2010-06-22 07:16 . 2010-06-22 07:16 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

2010-06-22 07:16 . 2010-02-02 09:58 -------- d-----w- c:\program files\Safari

2010-06-22 07:13 . 2010-06-22 07:13 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe

2010-06-18 16:46 . 2010-06-18 16:46 581904 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\levelbonus.f133a53ea3279bce1fc3bc7aa9ad6839.dll

2010-06-18 16:42 . 2010-06-18 16:42 1572864 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_hellboy.cde3facca4e62dd1980118b9f69c127f.dll

2010-06-18 16:42 . 2010-06-18 16:42 1572864 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_gao_jan_2010.27798ac5c513c88d4f74b2fc87b9bf6e.dll

2010-06-18 16:41 . 2010-06-18 16:41 626688 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_hellboy.ef7dfe9e02564671f52a95d839e51b8d.dll

2010-06-18 16:40 . 2010-06-18 16:40 1064960 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_hellboy.0200f4406079039e4f9f4fd4269c6144.dll

2010-06-18 16:40 . 2010-06-18 16:40 684032 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_hellboy.2389dbbb7a92af30b5bb4e62701f18a5.dll

2010-06-18 16:40 . 2010-06-18 16:40 626688 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_gao_jan_2010.114da6697b16a4308920de3f00df9d11.dll

2010-06-18 16:40 . 2010-06-18 16:40 684032 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_gao_jan_2010.6ce545b01335b0127c2a55cc392a24e6.dll

2010-06-18 16:39 . 2010-06-18 16:39 1064960 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_gao_jan_2010.d3c0a2c195757b5887793e496479436f.dll

2010-06-18 16:38 . 2010-06-18 16:38 925696 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_gao_jan_2010.734d2ae11536c3d1a34ecdb91aaab798.dll

2010-06-18 16:37 . 2010-06-18 16:37 925696 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_hellboy.ee1c177b2b367dc15184591e57db5798.dll

2010-06-18 16:34 . 2010-06-18 16:34 536576 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mhbjgoldplugin.a5e08942278dbb53df46a8a9523a445b.dll

2010-06-18 16:34 . 2010-06-18 16:34 512000 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mhbjgoldxxx.e2caa9292f5de8579a9ad479e877ced8.dll

2010-06-18 16:34 . 2010-06-18 16:34 192512 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjghighstreakxxx.9edf63783590e61148711da2563c8d47.dll

2010-06-18 16:34 . 2010-06-18 16:34 602112 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldplugin.f7a40649bbd758b8f99cf67e1769d71c.dll

2010-06-18 16:34 . 2010-06-18 16:34 512000 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bjgoldxxx.e2caa9292f5de8579a9ad479e877ced8.dll

2010-06-18 16:28 . 2010-06-18 16:28 942080 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\f\flightzonebonus.bb993454d3170414b7655081a3ec7db9.dll

2010-06-10 09:17 . 2010-06-10 09:17 1531 ----a-w- c:\documents and settings\User1\Application Data\iolo\restore.bat

2010-06-04 09:15 . 2010-06-04 09:15 708608 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_gao_mar_2010.00e558dbf98f160d236f0e738de93c37.dll

2010-06-04 09:15 . 2010-06-04 09:15 1650688 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_gao_mar_2010.011b7c042032e11252156706d78b5e83.dll

2010-06-04 09:15 . 2010-06-04 09:15 950272 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_gao_mar_2010.e5e91d49a18e4440b5a76ddd6446140c.dll

2010-06-04 09:15 . 2010-06-04 09:15 1224704 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_gao_mar_2010.05a7fd71980574f91eb4c1420f71b1f7.dll

2010-06-04 09:13 . 2010-06-04 09:13 106496 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\aurora.1a2291430fa932849077b65b849668f7.dll

2010-06-04 09:12 . 2010-06-04 09:12 684032 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\arcticfortunetransition.cdb6c11f100d3a3cb0c0550c21b277e4.dll

2010-06-04 09:12 . 2010-06-04 09:12 1568768 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\arcticfortune.b328b57943682e2d7fd4847916ff9b2b.dll

2010-06-04 09:11 . 2010-06-04 09:11 1232896 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\arcticfortune_gspider.770d41ad6c8d6246716f0968e4501795.dll

2010-06-04 09:11 . 2010-06-04 09:11 1236992 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\arcticfortune_spiderbonus.c6f7df06987955caf77bb513ebf7e5b5.dll

2010-06-04 09:10 . 2010-06-04 09:10 1064960 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\arcticfortunexxx.88b69b79191872d92329d1cfa9817586.dll

2010-06-04 09:09 . 2010-06-04 09:09 1224704 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\arcticfortune_crankbonus.79fd1aae910e128f743d90232d089b3b.dll

2010-06-04 09:08 . 2010-06-04 09:08 246032 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\p\powerpokersuite1_nl.4b954e6e9e7bfe3947a12889040c706e.dll

2010-06-04 09:08 . 2010-06-04 09:08 225552 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\v\videopokersuite1.e45a40be28c5bc5514b9e806f30cdc6f.dll

2010-06-04 09:08 . 2010-06-04 09:08 307300 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvblackjackplugin.0b33c40e992b0cec60ff557d251457d2.dll

2010-06-04 09:08 . 2010-06-04 09:08 335976 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvtabletournamentlobby.fc620794b1b18938b640573c722b3922.dll

2010-06-04 09:08 . 2010-06-04 09:08 311398 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvblackjacktourxxx.96f2985eb296e0eeb1592aacd45d6e4c.dll

2010-06-04 09:07 . 2010-06-04 09:07 94208 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\lua51host.668670e33723f8f8763a1e128bf0ba1b.dll

2010-06-03 07:59 . 2009-02-25 16:37 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-03 07:59 . 2009-02-25 16:37 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-24 09:43 . 2010-05-24 09:43 503808 ----a-w- c:\documents and settings\User1\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23c889db-n\msvcp71.dll

2010-05-24 09:43 . 2010-05-24 09:43 499712 ----a-w- c:\documents and settings\User1\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23c889db-n\jmc.dll

2010-05-24 09:43 . 2010-05-24 09:43 348160 ----a-w- c:\documents and settings\User1\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-23c889db-n\msvcr71.dll

2010-05-24 09:43 . 2010-05-24 09:43 61440 ----a-w- c:\documents and settings\User1\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6cc3afb0-n\decora-sse.dll

2010-05-24 09:43 . 2010-05-24 09:43 12800 ----a-w- c:\documents and settings\User1\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6cc3afb0-n\decora-d3d.dll

2010-05-19 11:16 . 2010-05-19 08:54 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-05-19 11:14 . 2010-05-19 08:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll

2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe

2010-05-13 13:48 . 2009-02-24 17:24 -------- d-----w- c:\program files\Java

2010-05-06 10:41 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2008-04-14 00:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-04-26 16:06 . 2010-06-10 09:10 19552856 ----a-w- c:\documents and settings\User1\Application Data\iolo\Installers\SystemMechanic.exe

2010-04-20 05:30 . 2008-04-14 04:39 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-19 19:47 . 2010-01-18 21:32 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll

2010-04-19 19:47 . 2010-01-18 21:32 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2010-04-15 09:47 . 2010-04-15 09:47 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe

2010-04-14 07:10 . 2010-04-14 07:10 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2010-04-12 16:29 . 2010-05-13 13:49 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-01-26 11:31 . 1602-07-12 21:55 1031 -csh--w- c:\windows\system\ws32ntfa.dat

2002-04-16 10:27 . 2002-04-16 10:27 5 --sha-w- c:\windows\system32\CdI5T.drv

1998-03-20 01:00 . 1998-03-20 01:00 1048 -csha-w- c:\windows\system32\flfnlf.sys

1998-03-20 01:00 . 1998-03-20 01:00 1048 -csha-w- c:\windows\system32\rlfnlf.sys

1998-03-20 01:00 . 1998-03-20 01:00 1048 -csha-w- c:\windows\system32\TMail3FL.SYS

1998-03-20 01:00 . 1998-03-20 01:00 1048 -csha-w- c:\windows\system32\TMailRL.sys

.

------- Sigcheck -------

[-] 2008-08-14 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-10-16 12:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-25 39408]

"YouSendIt.exe"="c:\program files\YouSendIt\Express\YouSendIt.exe" [2008-12-03 81920]

"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-12-10 401728]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]

"CreativeMouse "="c:\program files\Mouse Driver\MouseDrv.exe" [2004-06-27 503808]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\User1\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-9-19 581693]

ClientManager3.lnk - c:\program files\BUFFALO\Client Manager3\cm3_tray.exe [2009-2-25 471040]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-12 967960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-12 09:32 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/02/2009 17:37 216200]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/02/2009 17:37 242896]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [04/11/2009 13:44 916760]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [04/11/2009 13:44 308064]

R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [05/01/2010 22:56 81920]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [10/06/2010 10:11 704432]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [10/06/2010 10:11 704432]

R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [05/01/2010 22:56 2723840]

R3 U2KG54L;BUFFALO WLI-U2-KG54L Wireless LAN Driver;c:\windows\system32\drivers\U2KG54L.SYS [24/08/2006 05:44 477696]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [01/02/2010 20:27 135664]

.

Contents of the 'Scheduled Tasks' folder

2010-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 19:27]

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 19:27]

2010-01-16 c:\windows\Tasks\videopadSevenDaysInit.job

- c:\program files\NCH Software\VideoPad\videopad.exe [2010-01-12 11:41]

2010-01-19 c:\windows\Tasks\videopadShakeIcon.job

- c:\program files\NCH Software\VideoPad\videopad.exe [2010-01-12 11:41]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.mytalktalk.co.uk/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

FF - ProfilePath - c:\documents and settings\User1\Application Data\Mozilla\Firefox\Profiles\aphg9f63.default\

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)

AddRemove-Cool Cat Casino - c:\program files\Cool Cat Casino\Install.exe

AddRemove-Palace of Chance - c:\program files\Palace of Chance\Install.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-08 12:23

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(844)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(400)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\iolo\System Mechanic\SMTrayNotify.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

c:\progra~1\COMMON~1\Nokia\MPLATF~1\NOKIAM~1.EXE

.

**************************************************************************

.

Completion time: 2010-07-08 12:32:47 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-08 11:32

Pre-Run: 47,283,953,664 bytes free

Post-Run: 47,328,313,344 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6007AF931AD661F16374FF1887EB0950

Sorry if you wanted it as an attachment,I wasn't sure which to do

AdvancedSetup · July 9, 2010

No a direct post is fine.

Do you have the Windows XP Pro CD or can you borrow one? This file appears to be infected and needs to be replaced.

c:\windows\system32\sfcfiles.dll

BryanO · July 9, 2010

I'm not sure if I have one,but I think I should be able to get a copy over the weekend.

BryanO · July 11, 2010

Okay,turns out I don't have one,and I can't borrrow one,because the person I thought might have one doesn't have one.Is there any thing I can do?

AdvancedSetup · July 11, 2010

First try to rename it from c:\windows\system32\sfcfiles.dll to c:\windows\system32\sfcfiles.old

Then wait a few minutes and see if the file is replaced automatically by the system. If not then see if you can copy that file from another computer of the same XP Pro as you have.

If it will let you copy it directly via USB or CD then reboot and run Combofix again and post back that log.

BryanO · July 13, 2010

First try to rename it from c:\windows\system32\sfcfiles.dll to c:\windows\system32\sfcfiles.old
Then wait a few minutes and see if the file is replaced automatically by the system. If not then see if you can copy that file from another computer of the same XP Pro as you have.
If it will let you copy it directly via USB or CD then reboot and run Combofix again and post back that log.

Sorry for taking so long to reply.I can't get access to the computer right now,because it is a a holiday week over here,so he's away at the moment.I'll try this as soon as I can.Thank you for helping me.Are you able to tell if there was something that would give out his information,and that of his clients,or just that it has been infected by something?

AdvancedSetup · July 13, 2010

At this point its difficult to tell as you've run other tools and AV. However one should always consider making sure passwords to any sensitive information are periodically changed and from a clean computer as a best practice.

BryanO · July 19, 2010

Right,I'm finally able to get into the offices now,so all's good.I'm going to tell him what you've said about changing passwords,although he may have been anyway,I don't know.I managed to do what you said,and ran combofix,so here goes.

ComboFix 10-07-18.03 - User1 19/07/2010 14:49:43.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1293 [GMT 1:00]

Running from: c:\documents and settings\User1\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((( Files Created from 2010-06-19 to 2010-07-19 )))))))))))))))))))))))))))))))

.

2010-07-19 13:31 . 2008-08-14 19:02 1614848 ----a-w- c:\windows\system32\sfcfiles.dll

2010-07-15 15:22 . 2010-07-15 15:22 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-07-15 15:22 . 2010-07-15 15:22 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys

2010-07-15 15:22 . 2010-07-15 15:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-15 15:21 . 2010-07-15 15:21 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-07-15 15:21 . 2010-07-15 15:21 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-07-15 15:21 . 2010-07-15 15:21 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-07-15 15:21 . 2010-07-15 15:21 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-07-08 12:06 . 2010-07-08 12:07 -------- d-----w- c:\program files\WinAce