1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Trojan wanings all the time

Discussion in 'Windows - Virus and spyware problems' started by aussiejoe, Jan 19, 2013.

  1. aussiejoe

    aussiejoe Member

    Joined:
    Jun 15, 2006
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    16
    I am getting a lot of trojan warings from AVG about my acrobat reader
    I don't know what's going on with it if they are falsepositives or what

    Here is my HJT log


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:25:57 AM, on 1/20/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Ginger\GingerUpdateService\GingerUpdateService.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    C:\WINDOWS\system32\dmwu.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Ginger\GingerServices\GingerServices.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GGK5U9RA\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Ginger Grammar & Spell Checker - {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} - C:\Program Files\Ginger\GingerIEAddin\adxloader.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Blog This in Windows Live - {2adefb8e-b923-35e6-86e2-2b7841f5d6a4} - mscoree.dll (file missing)
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe] C:\ProgramData\Adobe\1DCF6E7.vbe
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-EITM6.exe" /REG /REGSVRMODE
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [MTool] C:\Documents and Settings\Administrator\Local Settings\Temp\mxtemp.exe
    O4 - Global Startup: Ginger.lnk = ?
    O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Download Video - {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files\FreeYouTubeToMP3TURBOConverter\ytmRunner.html
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: www.vizzed.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254679639531
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1343888131406
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GingerUpdateService - Ginger Software - C:\Program Files\Ginger\GingerUpdateService\GingerUpdateService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: metasploitPostgreSQL - Unknown owner - C:/METASP~1/POSTGR~1/bin/pg_ctl.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 14232 bytes
     
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,690
    Likes Received:
    35
    Trophy Points:
    78
    Hi aussiejoe,

    Your HJT Log shows some leftovers that are not the problem so, let’s run a “Big Gun” and see if we can clean you up….

    Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to ->Here for your reference.


    1. Download Combo fix from one of these locations.
    * IMPORTANT !!! Place combofix.exe on your Desktop

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://subs.geekstogo.com/ComboFix.exe

    2. Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.
    Code:
    "%userprofile%\desktop\combofix.exe" /killall 




    [​IMG]


    3. Combo will begin to run DO NOTHING while this is happening.
    • It will kill a few processes and disconnect you from the internet.
    • If by chance it stops prematurely you can re-establish your internet connection by restarting your computer.
    • This needs to be done so the program can work most efficiently for you.
    Do not attempt to use the internet or anything else while it's doing its job for you.

    **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.

    If when it's completed you can not get on the internet just reboot the computer

    Post the log from comboFix for me located in
    c:\comboFix.txt


    Just here to help,
    2oG
     
  3. aussiejoe

    aussiejoe Member

    Joined:
    Jun 15, 2006
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    16
    I've followed all of above, and its doing some process to restart and has stopped the the "windows is shutting down" screen, but it's been doing this for an hr now. At what point do I manually restart it or do o go out and let it run its course?
     
  4. JST1946

    JST1946 Regular member

    Joined:
    Jul 15, 2011
    Messages:
    901
    Likes Received:
    2
    Trophy Points:
    26
  5. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    4,031
    Likes Received:
    42
    Trophy Points:
    78
    @ aussie keep following 2old's advice you can use jst's one tool fixes all as a last resort before you need to reinstall windows..lmao

    ps:good to see your still alive & kik'n 2old
     
  6. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,690
    Likes Received:
    35
    Trophy Points:
    78
    sorry I been gone for long time today trying to fix a stove for my 97 yr old father-in-law..
    See there are people older than I am!

    @aussiejoe just turn it off and back on and let it boot, I found a few things in the HJT list that may be stopping Combofix.

    let me know if you get it booted back up and I'll send you a fix that may take us out of this perdickerment......

    2oG
     
  7. aussiejoe

    aussiejoe Member

    Joined:
    Jun 15, 2006
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    16
    Here is my report log:



    ComboFix 13-01-17.04 - Administrator 01/20/2013 9:08.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2385 [GMT 10:00]
    Running from: c:\documents and settings\Administrator\desktop\combofix.exe
    Command switches used :: /killall
    AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Application Data\Google Talk
    c:\documents and settings\All Users\Application Data\TEMP
    C:\Documents
    C:\Install.exe
    C:\Thumbs.db
    c:\windows\isRS-000.tmp
    c:\windows\system32\AegisI5Installer.exe
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\VM305Cap.exe
    .
    c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-20 to 2013-01-20 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-19 19:58 . 2013-01-19 19:58 -------- d-----w- c:\program files\Paltalk Messenger
    2013-01-19 09:39 . 2013-01-19 09:39 -------- d-----w- c:\documents and settings\Administrator\AppData
    2013-01-19 09:39 . 2013-01-19 09:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Acapela Group
    2013-01-05 12:25 . 2013-01-05 12:28 -------- d-----w- c:\program files\GoforFiles
    2013-01-05 12:25 . 2013-01-05 12:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\GoforFiles
    2013-01-05 11:42 . 2013-01-05 11:42 -------- d-----w- c:\program files\Digiarty
    2013-01-05 04:41 . 2013-01-05 04:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\GARMIN
    2013-01-05 04:41 . 2013-01-05 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
    2013-01-05 04:41 . 2013-01-05 04:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\GARMIN_Corp
    2013-01-05 04:33 . 2013-01-05 04:33 -------- d-----w- c:\program files\DIFX
    2013-01-05 04:33 . 2013-01-05 04:33 -------- d-----w- c:\program files\Garmin
    2013-01-03 11:43 . 2006-07-12 04:39 208896 ----a-w- c:\windows\system32\FFRafShellEx.dll
    2013-01-03 11:43 . 2003-09-03 06:45 274432 ----a-w- c:\windows\system32\FFTIFF16.dll
    2013-01-03 11:43 . 2004-07-24 11:28 155648 ----a-w- c:\windows\system32\FFRAFLIB.DLL
    2013-01-03 11:43 . 2013-01-03 11:53 -------- d-----w- c:\program files\FinePixViewer
    2012-12-27 02:50 . 2012-12-27 02:50 -------- d-----w- c:\program files\WinPcap
    2012-12-27 02:45 . 2012-12-27 02:58 -------- d-----w- C:\metasploit
    2012-12-26 06:58 . 2012-12-26 06:58 -------- d-----w- C:\2e69db5f1834fed4a20429c7103cc9
    2012-12-26 05:57 . 2012-12-26 05:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2012-12-25 23:09 . 2012-12-26 05:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
    2012-12-25 12:25 . 2012-12-25 12:25 457 ----a-w- C:\user.js
    2012-12-25 12:25 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll
    2012-12-25 12:25 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll
    2012-12-25 12:25 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll
    2012-12-25 12:25 . 2012-12-25 21:55 -------- d-----w- c:\windows\system32\WNLT
    2012-12-25 12:25 . 2012-12-25 12:25 -------- d-----w- c:\windows\system32\ARFC
    2012-12-25 12:25 . 2012-10-02 15:18 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
    2012-12-25 12:24 . 2012-12-25 12:24 -------- d-----w- c:\program files\IB Updater
    2012-12-24 22:21 . 2012-12-26 08:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ubisoft Game Launcher
    2012-12-24 14:27 . 2012-12-24 14:27 -------- d-----w- C:\ProgramData
    2012-12-24 14:27 . 2012-12-25 04:38 -------- d-----w- C:\Temp
    2012-12-21 07:44 . 2012-12-21 07:44 2250024 ----a-w- c:\windows\system32\pbsvc.exe
    2012-12-21 07:41 . 2012-12-26 06:34 -------- d-----w- c:\program files\Ubisoft
    2012-12-21 07:20 . 2012-12-21 07:20 -------- d-----w- c:\program files\RealNetworks
    2012-12-21 07:20 . 2012-12-21 07:20 -------- d-----w- c:\documents and settings\All Users\Application Data\RealNetworks
    2012-12-21 07:20 . 2012-12-21 07:20 -------- d-----w- c:\program files\Common Files\xing shared
    2012-12-21 07:19 . 2012-12-21 07:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-17 19:45 . 2012-04-10 18:53 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-17 19:45 . 2011-08-13 04:04 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-11 10:19 . 2011-08-14 02:43 138032 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2013-01-11 10:19 . 2011-08-14 02:49 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2013-01-11 10:19 . 2011-08-14 02:43 281688 ----a-w- c:\windows\system32\PnkBstrB.exe
    2013-01-10 10:32 . 2011-08-14 02:43 281688 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2012-12-26 06:59 . 2011-08-14 02:42 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
    2012-12-21 07:45 . 2011-09-23 04:52 22328 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
    2012-12-21 07:19 . 2009-10-04 16:54 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-12-16 12:23 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 06:49 . 2012-10-14 12:02 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-18 04:40 . 2012-11-18 04:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2012-11-18 03:55 . 2012-11-18 03:45 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2012-11-13 01:25 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-08 01:29 . 2012-11-08 01:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
    2012-11-06 02:01 . 2008-04-14 12:00 1371648 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02 . 2008-04-14 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2012-10-24 17:12 . 2012-10-24 17:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2012-10-24 17:12 . 2012-10-24 17:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2012-10-11 01:06 . 2012-10-13 06:11 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2adefb8e-b923-35e6-86e2-2b7841f5d6a4}]
    2010-03-18 17:09 297808 ----a-w- c:\windows\system32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
    @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
    [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
    2008-02-28 21:04 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-07 4763008]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-14 3077528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2011-10-19 2042208]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 98304]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-24 421888]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-12-21 295072]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-12-24 2330624]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-10-04 20:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.4.1.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
    backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe]
    2012-10-02 14:12 7147 ---ha-w- c:\programdata\Adobe\1DCF6E7.vbe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-10-11 11:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
    2007-04-09 23:46 57344 ----a-w- c:\windows\vm305_sti.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2012-11-06 10:46 3673728 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
    2012-11-13 18:13 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2012-11-30 02:06 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-15 04:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
    2011-12-20 03:32 634880 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2008-02-28 21:03 1083176 ----a-w- c:\program files\Nero\Nero8\InCD\InCD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2008-02-29 01:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-06-07 09:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2008-02-26 21:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    2008-02-19 00:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-03-25 21:33 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2008-05-23 21:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
    2008-02-28 21:04 2049320 ----a-w- c:\program files\Nero\Nero8\InCD\NBHGui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2011-08-13 21:25 1242448 ----a-w- c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\USArmy\\America's Army 2\\System\\ArmyOps.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "c:\\Nexon\\Combat Arms\\NMService.exe"=
    "c:\\Program Files\\Winamp\\winamp.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Nexon\\Combat Arms\\Engine.exe"=
    "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\HTC\\HTC Sync 3.0\\adb.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "c:\\Program Files\\Origin\\Origin.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "c:\\Program Files\\File Type Assistant\\tsassist.exe"=
    "c:\\Documents and Settings\\Administrator\\Desktop\\tor\\Tor Browser\\Start Tor Browser.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Documents and Settings\\Administrator\\Desktop\\tor\\Tor Browser\\App\\tor.exe"=
    "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
    "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\Uplay.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "58961:TCP"= 58961:TCP:pando Media Booster
    "58961:UDP"= 58961:UDP:pando Media Booster
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/5/2009 6:43 AM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/5/2009 6:43 AM 108552]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11/18/2012 1:45 PM 242240]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/23/2011 2:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 7:55 AM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 9:57 AM 116608]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [10/5/2009 6:42 AM 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/5/2009 6:42 AM 297752]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/10/2007 6:13 AM 38144]
    R2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [12/25/2012 10:24 PM 188760]
    R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [9/24/2011 11:37 AM 641832]
    R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2/29/2008 7:04 AM 53032]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/12/2011 7:23 AM 35088]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/15/2011 12:06 PM 88576]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 8:31 PM 38608]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [7/27/2012 5:09 AM 30576]
    R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [8/1/2009 8:12 AM 341504]
    S0 cerc6;cerc6; [x]
    S2 metasploitPostgreSQL;metasploitPostgreSQL;C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL" -D "C:/METASP~1/POSTGR~1/data" --> C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N metasploitPostgreSQL [?]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 AM 160944]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2/26/2012 6:37 PM 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/20/2012 4:56 PM 18432]
    S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [8/13/2011 3:32 PM 391688]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-10 19:02 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 19:45]
    .
    2013-01-20 c:\windows\Tasks\Final Media Player Update Checker.job
    - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-11-24 08:40]
    .
    2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-13 05:21]
    .
    2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-13 05:21]
    .
    2013-01-20 c:\windows\Tasks\ProgramUpdateCheck.job
    - c:\program files\File Type Assistant\tsassist.exe [2011-08-16 04:22]
    .
    2013-01-20 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-1214440339-1177238915-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 05:30]
    .
    2013-01-20 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-1214440339-1177238915-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 05:30]
    .
    2013-01-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1214440339-1177238915-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 05:30]
    .
    2013-01-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1214440339-1177238915-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 05:30]
    .
    2012-07-13 c:\windows\Tasks\Vuze.job
    - c:\progra~1\Vuze\Azureus.exe [2011-10-10 05:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:tabs
    uInternet Settings,ProxyOverride = *.local
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    Trusted Zone: vizzed.com\www
    TCP: DhcpNameServer = 10.1.1.1
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\JonDoFox\
    FF - prefs.js: browser.search.selectedEngine - MyStart Search
    FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb205?a=6OyYg3ZnWO&i=26
    FF - prefs.js: keyword.enabled - false
    FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb205/?loc=IB_DS&a=6OyYg3ZnWO&&i=26&search=
    FF - prefs.js: network.proxy.ftp - 127.0.0.1
    FF - prefs.js: network.proxy.ftp_port - 4001
    FF - prefs.js: network.proxy.gopher - 127.0.0.1
    FF - prefs.js: network.proxy.gopher_port - 4001
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 4001
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 4001
    FF - prefs.js: network.proxy.type - 1
    FF - ExtSQL: 2012-12-21 17:20; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\documents and settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF - ExtSQL: 2012-12-25 13:18; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyYg3ZnWO&loc=IB_TB&i=26&search=
    FF - user.js: extensions.incredibar_i.id - 2c37ac2400000000000000223fef8b7d
    FF - user.js: extensions.incredibar_i.instlDay - 15699
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1422:25
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6OyYg3ZnWO
    FF - user.js: extensions.incredibar_i.upn2n - 92262682184656610
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10643
    FF - user.js: extensions.incredibar_i.ppd - 0000034803
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKLM-Run-hpqSRMon - (no file)
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-googletalk - c:\documents and settings\Administrator\Application Data\Google Talk\googletalk.exe
    MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
    AddRemove-Far Cry 3 Deluxe Edition 1.0.1 - c:\program files\Far Cry 3 Deluxe Edition\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-20 12:30
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\metasploitPostgreSQL]
    "ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\""
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\metasploitPostgreSQL]
    "ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-329068152-1214440339-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,21,14,a1,0b,4a,15,4d,8b,f4,75,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,21,14,a1,0b,4a,15,4d,8b,f4,75,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,21,14,a1,0b,4a,15,4d,8b,f4,75,\
    .
    [HKEY_USERS\S-1-5-21-329068152-1214440339-1177238915-500\Software\SecuROM\License information*]
    "datasecu"=hex:28,b9,30,70,1e,ed,79,b5,b6,57,c4,63,72,24,bf,4f,8e,17,d5,c0,3e,
    b8,2b,91,2a,b7,e0,a7,1c,e9,ea,7c,c5,42,9d,cc,14,1e,61,9d,79,a9,ac,f7,d1,29,\
    "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    "value"="?\0a\01\0a\03\17%?"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(852)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    - - - - - - - > 'explorer.exe'(3428)
    c:\windows\system32\WININET.dll
    c:\program files\Nero\Nero8\InCD\NBHShx.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\program files\Nero\Nero8\InCD\NBHStr.dll
    c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Nero\Nero8\InCD\InCDsrv.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\progra~1\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\windows\system32\IoctlSvc.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    .
    **************************************************************************
    .
    Completion time: 2013-01-20 12:34:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-01-20 02:34
    .
    Pre-Run: 23,799,701,504 bytes free
    Post-Run: 24,204,484,608 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 435BFE187631E514B7528C57407BA36A
     
  8. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,091
    Likes Received:
    84
    Trophy Points:
    128
    probably false postives as appears you are using avg free version 8 which is 5yrs old.
     
  9. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,690
    Likes Received:
    35
    Trophy Points:
    78
    No, ddp, not FP's real Trojan's that that 8 yr old version let in.....

    @aussiejoe, sorry it took me do long. my internet has been going on and off.


    run this fix and if you can't find something, just skip it..
    your looking better but still have a little work to do..

    Step # 1: Remove Hijackthis Entries
    • Run HijackThis
    • Click on the Scan button
    Put a check beside all of the items listed below (if present):

    O2 - BHO: Blog This in Windows Live - {2adefb8e-b923-35e6-86e2-2b7841f5d6a4} - mscoree.dll (file missing)

    O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll

    O4 - HKCU\..\Run: [MTool] C:\Documents and Settings\Administrator\Local Settings\Temp\mxtemp.exe

    O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe


    Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.


    Step # 2: Delete Bad Services

    Please open Notepad. Ensure that word wrap is turned off. Click on Format and make sure that there is not a tick next to Word Wrap. If there's one, click on Word Wrap to remove it. Copy and paste the following in the code box into Notepad:
    Code:
    @echo off 
    sc stop “IB Updater”
    sc delete “IB Updater”
    exit
    


    Click on File > Save As....

    In the File Name box, copy and paste in fix.bat
    In the Save as type box, select All Files from the drop-down list.

    Click Save and save it to your Desktop.

    Double click on fix.bat. A Command Prompt window will open and close quickly. That is normal.



    Step # 3 Delete Bad Files

    Go to add/remove programs and if you find IB Updater then uninstall it! If not, get it in the next instruction.

    Using windows explorer Navigate to and delete the folders in red.

    C:\Documents and Settings\Administrator\Local Settings\Temp\mxtemp.exe

    C:\Program Files\IB Updater\Extension32.dll


    REBOOT

    Then:
    post a fresh HJT Log. please.

    2oG
     
    Last edited: Jan 20, 2013
  10. aussiejoe

    aussiejoe Member

    Joined:
    Jun 15, 2006
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    16
    Ok all done
    A couple of the HJT files mentioned above where not found on the scan I did to delete them.

    fresh HJT log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:53:27 PM, on 1/20/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LC5D3GHJ\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Download Video - {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files\FreeYouTubeToMP3TURBOConverter\ytmRunner.html
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: www.vizzed.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254679639531
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1343888131406
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: metasploitPostgreSQL - Unknown owner - C:/METASP~1/POSTGR~1/bin/pg_ctl.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 12564 bytes
     
  11. JST1946

    JST1946 Regular member

    Joined:
    Jul 15, 2011
    Messages:
    901
    Likes Received:
    2
    Trophy Points:
    26
    Internet Explorer sucks I have the same OS and was using Internet Explorer.I switched to Google Chrome instead and don't have any more problems.
     
  12. aussiejoe

    aussiejoe Member

    Joined:
    Jun 15, 2006
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    16
    I like the simplicity of using IE over chrome and firefox.
    Just the simple things like when new tabs open up, the new tab opens next to the current tab instead of at the end like in IE this making it hard to track your windows when reading tabs in chronological order. Unless there is a option to change this?
     
  13. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,690
    Likes Received:
    35
    Trophy Points:
    78
    @aussiejoe,
    Well, that looks clean now.

    one little thing I didn't get put into the fix. Did you do this? Are you sure you want to give full access to your computer to www.vizzed.com?

    If not, fix this line in HJT:

    O15 - Trusted Zone: www.vizzed.com

    you might also run Malwarebytes just to pick up the crumbs....

    Also think real strong about upgrading your AV. I suggest Avira or Avast both are better than AVG. Your AVG is out of date...

    Let me know if you have any problems..
    2oG
     
  14. aussiejoe

    aussiejoe Member

    Joined:
    Jun 15, 2006
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    16
    I have tried and tried again to remove Vizzed from the PC but it won't let me, always comes up with some error to stop it deleting.
    I have run superantispyware and malkwarebytes and all they caught were those pesky tracking cookies (which should be banned by the UN or something)but I reguarly clean them out with Ccleaner

    trusted zone removed for vizzed
     
  15. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,690
    Likes Received:
    35
    Trophy Points:
    78
    Yeah, sometimes these crap files can give you a headache…

    I assume you still have Combofix on your machine, if not pls download it and follow along:

    1. Close any open browsers
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
    3. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:

    Code:
    File::
    c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    JavaClearCache:: 
    Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop



    [​IMG]

    Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

    ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

    When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    run HJT and if you still have the line:
    O15 - Trusted Zone: www.vizzed.com

    Check it and Fix It!
    REBOOT!

    In your next reply, please post back:

    1.Combofix log
    2.New HJT log

    2oG
     
    Last edited: Jan 20, 2013
  16. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,690
    Likes Received:
    35
    Trophy Points:
    78
  17. aussiejoe

    aussiejoe Member

    Joined:
    Jun 15, 2006
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    16
    Thanks will try that when I get home from work.

    Anybody know how to make chrome tabs work exactly like in ie?
    Such as when you tab open a bunch of pictures they open right next to the current tab instead of at the end of a list of already active tabs like in ie8.
    I've tried emulators and such but nothing changes
     
  18. JST1946

    JST1946 Regular member

    Joined:
    Jul 15, 2011
    Messages:
    901
    Likes Received:
    2
    Trophy Points:
    26
    When you use Google Chrome do you have a folder on the top left of the page that says Imported from IE?If you click on it there should be most of the IE sites that you use.
     
  19. aussiejoe

    aussiejoe Member

    Joined:
    Jun 15, 2006
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    16
    Ithe 1 thing that stops me using chrome is just the tabs as I've said above. If this can be fixed then I'll Sie it fulltime.
    So far no google searches or anything o can find work for my issue. And also there is no dropbox for the tabs like in IE so if you have 100tabs open you can click the dropbox and scan all tabs at an instant and jump to the 1 you want. In chrome you have to scroll through all 100 of the open tabs to find the 1 you want.
     
  20. aussiejoe

    aussiejoe Member

    Joined:
    Jun 15, 2006
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    16
    ComboFix 13-01-17.04 - Administrator 01/21/2013 19:26:58.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2153 [GMT 10:00]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\cfscript.txt
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    FILE ::
    "c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\ab_4.tmp
    .
    c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-20 07:06 . 2013-01-20 07:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG
    2013-01-20 07:06 . 2013-01-20 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
    2013-01-20 07:05 . 2013-01-20 07:05 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2013-01-20 06:47 . 2013-01-20 06:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
    2013-01-20 06:13 . 2013-01-20 06:47 -------- d-----w- C:\$AVG
    2013-01-20 05:57 . 2013-01-21 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2013-01-20 05:57 . 2013-01-20 06:50 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2013-01-20 05:57 . 2013-01-20 05:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\MFAData
    2013-01-20 05:57 . 2013-01-20 05:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Avg2013
    2013-01-19 19:58 . 2013-01-19 19:58 -------- d-----w- c:\program files\Paltalk Messenger
    2013-01-19 09:39 . 2013-01-19 09:39 -------- d-----w- c:\documents and settings\Administrator\AppData
    2013-01-19 09:39 . 2013-01-19 09:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Acapela Group
    2013-01-05 12:25 . 2013-01-05 12:28 -------- d-----w- c:\program files\GoforFiles
    2013-01-05 12:25 . 2013-01-05 12:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\GoforFiles
    2013-01-05 11:42 . 2013-01-05 11:42 -------- d-----w- c:\program files\Digiarty
    2013-01-05 04:41 . 2013-01-05 04:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\GARMIN
    2013-01-05 04:41 . 2013-01-05 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
    2013-01-05 04:41 . 2013-01-05 04:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\GARMIN_Corp
    2013-01-05 04:33 . 2013-01-05 04:33 -------- d-----w- c:\program files\DIFX
    2013-01-05 04:33 . 2013-01-05 04:33 -------- d-----w- c:\program files\Garmin
    2013-01-03 11:43 . 2006-07-12 04:39 208896 ----a-w- c:\windows\system32\FFRafShellEx.dll
    2013-01-03 11:43 . 2003-09-03 06:45 274432 ----a-w- c:\windows\system32\FFTIFF16.dll
    2013-01-03 11:43 . 2004-07-24 11:28 155648 ----a-w- c:\windows\system32\FFRAFLIB.DLL
    2013-01-03 11:43 . 2013-01-03 11:53 -------- d-----w- c:\program files\FinePixViewer
    2012-12-27 02:50 . 2012-12-27 02:50 -------- d-----w- c:\program files\WinPcap
    2012-12-27 02:45 . 2012-12-27 02:58 -------- d-----w- C:\metasploit
    2012-12-26 06:58 . 2012-12-26 06:58 -------- d-----w- C:\2e69db5f1834fed4a20429c7103cc9
    2012-12-26 05:57 . 2012-12-26 05:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2012-12-25 23:09 . 2012-12-26 05:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
    2012-12-25 12:25 . 2012-12-25 12:25 457 ----a-w- C:\user.js
    2012-12-25 12:25 . 2011-05-13 23:17 632656 ----a-w- c:\windows\system32\msvcr80.dll
    2012-12-25 12:25 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll
    2012-12-25 12:25 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll
    2012-12-24 22:21 . 2012-12-26 08:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ubisoft Game Launcher
    2012-12-24 14:27 . 2012-12-24 14:27 -------- d-----w- C:\ProgramData
    2012-12-24 14:27 . 2012-12-25 04:38 -------- d-----w- C:\Temp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-17 19:45 . 2012-04-10 18:53 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-17 19:45 . 2011-08-13 04:04 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-11 10:19 . 2011-08-14 02:43 138032 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2013-01-11 10:19 . 2011-08-14 02:49 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2013-01-11 10:19 . 2011-08-14 02:43 281688 ----a-w- c:\windows\system32\PnkBstrB.exe
    2013-01-10 10:32 . 2011-08-14 02:43 281688 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2012-12-26 06:59 . 2011-08-14 02:42 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
    2012-12-21 07:45 . 2011-09-23 04:52 22328 ----a-w- c:\documents and settings\Administrator\Application Data\PnkBstrK.sys
    2012-12-21 07:44 . 2012-12-21 07:44 2250024 ----a-w- c:\windows\system32\pbsvc.exe
    2012-12-21 07:19 . 2012-12-21 07:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-12-21 07:19 . 2009-10-04 16:54 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-12-16 12:23 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 06:49 . 2012-10-14 12:02 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-18 04:40 . 2012-11-18 04:40 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2012-11-18 03:55 . 2012-11-18 03:45 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-11-15 13:33 . 2012-11-15 13:33 94048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
    2012-11-13 01:25 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
    2012-11-08 01:29 . 2012-11-08 01:29 1402312 ----a-w- c:\windows\system32\msxml4.dll
    2012-11-06 02:01 . 2008-04-14 12:00 1371648 ----a-w- c:\windows\system32\msxml6.dll
    2012-11-02 02:02 . 2008-04-14 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
    2012-11-01 12:17 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-11-01 12:17 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-01 12:17 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-01 00:35 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2012-10-24 17:12 . 2012-10-24 17:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2012-10-24 17:12 . 2012-10-24 17:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2012-10-11 01:06 . 2012-10-13 06:11 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
    @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
    [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
    2008-02-28 21:04 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-07 4763008]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-14 3077528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-08 98304]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-12-21 295072]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-10 3147384]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2009-12-24 2330624]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
    path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
    backup=c:\windows\pss\OpenOffice.org 3.4.1.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk
    backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-10-11 11:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305]
    2007-04-09 23:46 57344 ----a-w- c:\windows\vm305_sti.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2012-11-06 10:46 3673728 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXMediaServer]
    2012-11-13 18:13 450560 ----a-w- c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2012-11-30 02:06 1263512 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-15 04:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
    2011-12-20 03:32 634880 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    2008-02-28 21:03 1083176 ----a-w- c:\program files\Nero\Nero8\InCD\InCD.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2008-02-29 01:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-06-07 09:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2008-02-26 21:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    2008-02-19 00:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-03-25 21:33 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2008-05-23 21:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
    2008-02-28 21:04 2049320 ----a-w- c:\program files\Nero\Nero8\InCD\NBHGui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2011-08-13 21:25 1242448 ----a-w- c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\USArmy\\America's Army 2\\System\\ArmyOps.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "c:\\Nexon\\Combat Arms\\NMService.exe"=
    "c:\\Program Files\\Winamp\\winamp.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Nexon\\Combat Arms\\Engine.exe"=
    "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\HTC\\HTC Sync 3.0\\adb.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
    "c:\\Program Files\\Origin\\Origin.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
    "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
    "c:\\Program Files\\File Type Assistant\\tsassist.exe"=
    "c:\\Documents and Settings\\Administrator\\Desktop\\tor\\Tor Browser\\Start Tor Browser.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Documents and Settings\\Administrator\\Desktop\\tor\\Tor Browser\\App\\tor.exe"=
    "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
    "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\Uplay.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "58961:TCP"= 58961:TCP:pando Media Booster
    "58961:UDP"= 58961:UDP:pando Media Booster
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 3:48 AM 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 1:02 PM 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 19936]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 164832]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [11/18/2012 1:45 PM 242240]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/23/2011 2:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 7:55 AM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 9:57 AM 116608]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664]
    R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/10/2007 6:13 AM 38144]
    R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [9/24/2011 11:37 AM 641832]
    R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2/29/2008 7:04 AM 53032]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/12/2011 7:23 AM 35088]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [9/15/2011 12:06 PM 88576]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 8:31 PM 38608]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [7/27/2012 5:09 AM 30576]
    R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [8/1/2009 8:12 AM 341504]
    S0 cerc6;cerc6; [x]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/15/2012 11:34 PM 5814904]
    S2 metasploitPostgreSQL;metasploitPostgreSQL;C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL" -D "C:/METASP~1/POSTGR~1/data" --> C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N metasploitPostgreSQL [?]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 AM 160944]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2/26/2012 6:37 PM 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [6/20/2012 4:56 PM 18432]
    S3 ZSMC0305;A4 TECH PC Camera V;c:\windows\system32\drivers\usbVM305.sys [8/13/2011 3:32 PM 391688]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-10 19:02 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 19:45]
    .
    2013-01-21 c:\windows\Tasks\Final Media Player Update Checker.job
    - c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-11-24 08:40]
    .
    2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-13 05:21]
    .
    2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-13 05:21]
    .
    2013-01-21 c:\windows\Tasks\ProgramUpdateCheck.job
    - c:\program files\File Type Assistant\tsassist.exe [2011-08-16 04:22]
    .
    2013-01-21 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-329068152-1214440339-1177238915-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 05:30]
    .
    2013-01-21 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-329068152-1214440339-1177238915-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 05:30]
    .
    2013-01-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1214440339-1177238915-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 05:30]
    .
    2013-01-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1214440339-1177238915-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 05:30]
    .
    2012-07-13 c:\windows\Tasks\Vuze.job
    - c:\progra~1\Vuze\Azureus.exe [2011-10-10 05:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:tabs
    uInternet Settings,ProxyOverride = *.local
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    TCP: DhcpNameServer = 10.1.1.1
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\JonDoFox\
    FF - prefs.js: browser.search.selectedEngine - MyStart Search
    FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb205?a=6OyYg3ZnWO&i=26
    FF - prefs.js: keyword.enabled - false
    FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb205/?loc=IB_DS&a=6OyYg3ZnWO&&i=26&search=
    FF - prefs.js: network.proxy.ftp - 127.0.0.1
    FF - prefs.js: network.proxy.ftp_port - 4001
    FF - prefs.js: network.proxy.gopher - 127.0.0.1
    FF - prefs.js: network.proxy.gopher_port - 4001
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 4001
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 4001
    FF - prefs.js: network.proxy.type - 1
    FF - ExtSQL: 2012-12-21 17:20; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\documents and settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF - ExtSQL: 2012-12-25 13:18; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\JonDoFox\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyYg3ZnWO&loc=IB_TB&i=26&search=
    FF - user.js: extensions.incredibar_i.id - 2c37ac2400000000000000223fef8b7d
    FF - user.js: extensions.incredibar_i.instlDay - 15699
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1422:25
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6OyYg3ZnWO
    FF - user.js: extensions.incredibar_i.upn2n - 92262682184656610
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10643
    FF - user.js: extensions.incredibar_i.ppd - 0000034803
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Adobe - c:\programdata\Adobe\1DCF6E7.vbe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-21 19:36
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\metasploitPostgreSQL]
    "ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\""
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\metasploitPostgreSQL]
    "ImagePath"="C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N \"metasploitPostgreSQL\" -D \"C:/METASP~1/POSTGR~1/data\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-329068152-1214440339-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,21,14,a1,0b,4a,15,4d,8b,f4,75,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,21,14,a1,0b,4a,15,4d,8b,f4,75,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,21,14,a1,0b,4a,15,4d,8b,f4,75,\
    .
    [HKEY_USERS\S-1-5-21-329068152-1214440339-1177238915-500\Software\SecuROM\License information*]
    "datasecu"=hex:28,b9,30,70,1e,ed,79,b5,b6,57,c4,63,72,24,bf,4f,8e,17,d5,c0,3e,
    b8,2b,91,2a,b7,e0,a7,1c,e9,ea,7c,c5,42,9d,cc,14,1e,61,9d,79,a9,ac,f7,d1,29,\
    "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    "value"="?\0a\01\0a\03\17%?"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(500)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    Completion time: 2013-01-21 19:38:26
    ComboFix-quarantined-files.txt 2013-01-21 09:38
    ComboFix2.txt 2013-01-20 02:34
    .
    Pre-Run: 39,319,207,936 bytes free
    Post-Run: 39,362,621,440 bytes free
    .
    - - End Of File - - C2369046AA112E1BCDE090AA07767450



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:27:26 PM, on 1/21/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\OpenOffice.org 3\program\swriter.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SX3FKAUX\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
    O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Download Video - {B30C9F17-BF16-481e-BAEA-44A86128E1B4} - C:\Program Files\FreeYouTubeToMP3TURBOConverter\ytmRunner.html
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254679639531
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1343888131406
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: metasploitPostgreSQL - Unknown owner - C:/METASP~1/POSTGR~1/bin/pg_ctl.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 11633 bytes
     

Share This Page