Google Highjacker Problem

Question

digital11 0 Light Poster

14 Years Ago

Hi. I've been having this problem with Firefox & Chrome where searches are taking me to wrong sites. I've done everything as required with Gmer, Malwarebytes etc. Here are the logs:-

GMER One log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-20 19:25:09
Windows 6.1.7600
Running: 0g2vzqhn.exe; Driver: C:\Users\BOBBYD~1\AppData\Local\Temp\kwkirpoc.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86708EC5

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

GMER Two log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-20 19:51:15
Windows 6.1.7600
Running: 0g2vzqhn.exe; Driver: C:\Users\BOBBYD~1\AppData\Local\Temp\kwkirpoc.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwOpenProcess [0x94888730]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateProcess [0x948887E0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateThread [0x94888880]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwWriteVirtualMemory [0x94888920]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302AAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302A104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302A3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830132D8
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302A1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302A958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302A6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302AF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302B1A8

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys

Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 86708EC5

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4611

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20/09/2010 15:29:03
mbam-log-2010-09-20 (15-29-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 293002
Time elapsed: 1 hour(s), 23 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{F64CB1F0-0CE6-46C2-8DD1-3BB88CA01E29}\RP339\A0025732.exe (Trojan.MultiDropper) -> Quarantined and deleted successfully.
C:\Users\Bobby Digital\Documents\Backup\Your.Uninstaller.Pro.2008+Keygen-HeartBug\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
C:\Windows.old\Documents and Settings\Bobby Digital\My Documents\Backup\Your.Uninstaller.Pro.2008+Keygen-HeartBug\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.

DDS attach log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 17/01/2010 15:21:35
System Uptime: 20/09/2010 19:53:24 (0 hours ago)

Motherboard: ASRock | | G31M-GS
Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz | CPUSocket | 2327/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 263.63 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP242: 14/09/2010 14:48:29 - Installed Adobe Reader 9.3.
RP243: 15/09/2010 20:48:32 - Installed Emma Device Driver(s)
RP245: 20/09/2010 12:35:19 - Avg Update
RP247: 20/09/2010 12:36:13 - Avg Update

==== Installed Programs ======================

"Nero SoundTrax Help
Activision(R)
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.3.4
Advanced SystemCare 3
Advertising Center
Apple Application Support
Apple Software Update
Ask Toolbar
µTorrent
Avanquest update
AVG 9.0
Blur(TM)
CCleaner
ConvertXtoDVD 3.0.0.1
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DolbyFiles
EA Download Manager
EA Download Manager UI
Emma Core
FLFooty TV 2.2
FrostWire 4.20.9
Google Chrome
GPL MPEG-1/2 DirectShow Decoder Filter
ImagXpress
Java Auto Updater
Java(TM) 6 Update 21
K-Lite Codec Pack 6.3.0 (Full)
LightScribe System Software 1.14.17.1
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Xbox 360 Accessories 1.1
Movie Templates - Starter Kit
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PeerBlock 1.0.0 (r181)
PowerISO
PVSonyDll
QuickTime
SEMC OMSI Module
Smart Defrag
Sony Ericsson PC Suite 6.009.00
SopCast 3.2.9
SoundTrax
Spotify
Spybot - Search & Destroy
System Requirements Lab
Update Service
VC80CRTRedist - 8.0.50727.4053
VirtuaGirl HD
VLC media player 1.1.4
Winamp
Winamp Application Detect
Windows Media Player Firefox Plugin
WinRAR
Your Uninstaller! 2008 Version 6.0
Your Uninstaller! 2010

==== Event Viewer Messages From Past Week ========

20/09/2010 19:53:40, Error: volmgr [46] - Crash dump initialization failed!
20/09/2010 19:53:38, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
19/09/2010 11:33:11, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
19/09/2010 11:31:11, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
19/09/2010 11:31:11, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
19/09/2010 11:31:11, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
19/09/2010 11:31:11, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
19/09/2010 11:31:11, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
19/09/2010 11:31:11, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
19/09/2010 11:31:11, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
19/09/2010 11:31:11, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
19/09/2010 11:31:11, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
19/09/2010 11:31:11, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
19/09/2010 11:31:11, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
19/09/2010 11:31:11, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
19/09/2010 11:31:11, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
15/09/2010 20:42:07, Error: Service Control Manager [7030] - The Sony Ericsson OMSI download service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

==== End Of File ===========================

DDS txt log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Bobby Digital at 19:55:31.86 on 20/09/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3263.2238 [GMT 1:00]

AV: ESET Smart Security 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET Smart Security 3.0 *disabled* (Outdated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Users\Bobby Digital\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://uk.ask.com?o=15007&l=dis
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Sopcast Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Sopcast Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll
STS: Deskscapes: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - Deskscapes Class
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\bobbyd~1\appdata\roaming\mozilla\firefox\profiles\x5usodvj.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15004&locale=en_UK&apn_uid=050D1F59-0333-4543-B406-7407EBCDCCF8&apn_ptnrs=PW&apn_sauid=EE86A4B7-9F30-4A92-B9AD-396593AC7F19&apn_dtid=YYYYYYYYGB&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\bobby digital\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2010-8-25 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-25 52872]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-8-25 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-25 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-25 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-25 243024]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-25 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-8-25 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-8-25 5897808]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\common files\sony ericsson\emma core\services\EmmaDeviceMgmt.exe [2010-8-24 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\common files\sony ericsson\emma core\services\EmmaUpdateMgmt.exe [2010-8-24 162936]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-9-15 90112]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-6-7 240232]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2010-8-25 122448]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2010-8-25 30288]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2010-8-25 20560]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-9-13 27632]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-9-9 430152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-9-13 13224]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-3-10 16472]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2010-9-15 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2010-9-15 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2010-9-15 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2010-9-15 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2010-9-15 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2010-9-15 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2010-9-15 109736]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-7 1343400]
S4 ekrn;Eset Service;c:\program files\eset\eset smart security\ekrn.exe [2007-12-21 468224]

=============== Created Last 30 ================

2010-09-19 19:50:20 6656 ----a-w- c:\windows\system32\drivers\qzsjgnvx.sys
2010-09-15 19:58:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-09-15 19:58:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-09-15 19:48:20 0 d-----w- c:\program files\common files\Sony Ericsson
2010-09-15 19:42:07 148736 ----a-w- c:\programdata\hpe78A6.dll
2010-09-15 19:41:41 0 d-----w- c:\program files\Avanquest update
2010-09-15 19:39:59 0 d-----w- c:\programdata\BVRP Software
2010-09-15 19:35:56 86696 ----a-w- c:\windows\system32\drivers\s1018bus.sys
2010-09-15 19:35:56 26024 ----a-w- c:\windows\system32\drivers\s1018nd5.sys
2010-09-15 19:35:56 15016 ----a-w- c:\windows\system32\drivers\s1018mdfl.sys
2010-09-15 19:35:56 148736 ----a-w- c:\programdata\hpeD27B.dll
2010-09-15 19:35:56 12200 ----a-w- c:\windows\system32\drivers\s1018whnt.sys
2010-09-15 19:35:56 12200 ----a-w- c:\windows\system32\drivers\s1018wh.sys
2010-09-15 19:35:56 12200 ----a-w- c:\windows\system32\drivers\s1018cmnt.sys
2010-09-15 19:35:56 12200 ----a-w- c:\windows\system32\drivers\s1018cm.sys
2010-09-15 19:35:56 114472 ----a-w- c:\windows\system32\drivers\s1018mdm.sys
2010-09-15 19:35:56 109736 ----a-w- c:\windows\system32\drivers\s1018unic.sys
2010-09-15 19:35:56 108328 ----a-w- c:\windows\system32\drivers\s1018mgmt.sys
2010-09-15 19:35:56 10792 ----a-w- c:\windows\system32\drivers\s1018cr.sys
2010-09-15 19:35:56 104616 ----a-w- c:\windows\system32\drivers\s1018obex.sys
2010-09-15 19:35:52 0 d-----w- c:\programdata\Sony Ericsson
2010-09-14 03:37:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-14 03:37:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-14 03:24:30 6656 ----a-w- c:\windows\system32\drivers\pacbmxlf.sys
2010-09-14 03:22:27 0 d-----w- c:\windows\system32\MpEngineStore
2010-09-13 15:01:07 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-09-13 15:00:33 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-09-13 15:00:32 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-09-13 15:00:32 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-09-13 14:59:57 0 d-----w- c:\program files\Sony Ericsson
2010-09-09 17:50:02 0 d-----w- c:\programdata\AVG Security Toolbar
2010-08-31 18:01:56 0 d-----w- c:\program files\VideoLAN
2010-08-31 17:35:57 0 d-----w- c:\program files\Your Uninstaller 2010
2010-08-27 23:18:11 0 d--h--w- C:\$AVG
2010-08-27 16:14:59 0 d-----w- c:\users\bobbyd~1\appdata\roaming\AVG9
2010-08-25 16:17:27 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-25 16:17:26 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-25 16:17:26 25168 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-08-25 16:17:23 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-25 16:17:18 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-25 16:17:14 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-25 16:15:51 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-08-23 21:19:52 6656 ----a-w- c:\windows\system32\drivers\kjkwpvpg.sys
2010-08-23 19:44:00 6656 ----a-w- c:\windows\system32\drivers\jhojzwca.sys
2010-08-23 18:58:05 6656 ----a-w- c:\windows\system32\drivers\rkixfjlc.sys

==================== Find3M ====================

2010-08-21 10:31:13 112 ----a-w- c:\programdata\kA2P3gX4O.dat
2010-08-21 00:48:37 224 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-08-12 08:00:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-17 04:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 06:40:12 43318 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:56:48.51 ===============

Thanks for any assistance.

windows-virus

2 Contributors
27 Replies
359 Views
1 Week Discussion Span
Latest Post 14 Years Ago Latest Post by crunchie

crunchie 990 Most Valuable Poster

14 Years Ago

Please download ComboFix by sUBs from HERE or HERE

You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

===============

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

crunchie 990 Most Valuable Poster

14 Years Ago

Please try it in safe mode. Tap the F8 key whilst starting the pc and select the Safe Mode option.

Edited 14 Years Ago by crunchie because: n/a

crunchie 990 Most Valuable Poster

14 Years Ago

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

c:\windows\system32\drivers\qzsjgnvx.sys
c:\windows\system32\drivers\kjkwpvpg.sys
c:\windows\system32\drivers\jhojzwca.sys
c:\windows\system32\drivers\rkixfjlc.sys

================

Boot into safe mode and do the following:

1. Please open Notepad

Click Start , then Run
Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

RENV::
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\IObit\IObit Security 360\IS360tray .exe
c:\windows\WindowsMobile\wmdcBase .exe

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]

7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

crunchie 990 Most Valuable Poster

14 Years Ago

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.
c:\windows\system32\drivers\qzsjgnvx.sys
c:\windows\system32\drivers\kjkwpvpg.sys
c:\windows\system32\drivers\jhojzwca.sys
c:\windows\system32\drivers\rkixfjlc.sys
================

I need these done too.

crunchie 990 Most Valuable Poster

14 Years Ago

When I wrote 'post the results back here' I meant the results as they are shown on the site.
Those files do not look right. What did Jotti's actually report?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

digital11 0 Light Poster · Answer 1 · 2010-09-21T15:09:11+00:00

Hi Crunchie. I ran CF & it got to the stage where it was preparing the log file. I left it over night and was still in the same place in the morning. It says to only run once so need some advice thanks.

digital11 0 Light Poster · Answer 2 · 2010-09-21T17:37:23+00:00

ComboFix:-

ComboFix 10-09-20.01 - Bobby Digital 21/09/2010 12:21:31.2.4 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3263.2556 [GMT 1:00]
Running from: c:\users\Bobby Digital\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 3.0 *disabled* (Outdated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\ErrLog.txt
C:\install.exe
c:\programdata\hpe78A6.dll
c:\programdata\hpeD27B.dll
c:\users\Bobby Digital\AppData\Roaming\inst.exe
c:\windows\system32\system

.
((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.

2010-09-21 11:28 . 2010-09-21 11:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-21 11:20 . 2010-09-21 11:21 -------- d-----w- C:\32788R22FWJFW
2010-09-21 11:17 . 2010-09-21 11:17 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-09-20 21:50 . 2010-09-21 11:28 -------- d-----w- c:\users\Bobby Digital\AppData\Local\temp
2010-09-20 20:08 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-20 19:46 . 2010-09-21 10:10 -------- d-----w- c:\program files\SpywareBlaster
2010-09-20 19:40 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-20 19:39 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-09-20 19:39 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-09-20 19:39 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-09-20 19:39 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-09-20 19:39 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-09-20 19:39 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-09-20 19:39 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-09-20 19:39 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-09-20 19:39 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-09-20 19:39 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-09-20 19:39 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-09-20 11:36 . 2010-09-20 11:36 4093792 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-09-20 11:36 . 2010-09-20 11:36 3586912 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-09-20 11:36 . 2010-09-20 11:36 620896 ----a-w- c:\programdata\avg9\update\backup\avgnsx.exe
2010-09-20 11:36 . 2010-09-20 11:36 1619296 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-09-20 11:36 . 2010-09-20 11:36 1377632 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-09-20 11:36 . 2010-09-20 11:36 942432 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2010-09-20 11:36 . 2010-09-20 11:36 598368 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-09-20 11:36 . 2010-09-20 11:36 5649320 ----a-w- c:\programdata\avg9\update\backup\winspamcatcher.dll
2010-09-20 11:36 . 2010-09-20 11:36 4371296 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-09-20 11:36 . 2010-09-20 11:36 300896 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-09-20 11:36 . 2010-09-20 11:36 2331032 ----a-w- c:\programdata\avg9\update\backup\avgfws9.exe
2010-09-20 11:35 . 2010-09-20 11:35 1690952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-09-19 19:50 . 2010-09-19 19:50 6656 ----a-w- c:\windows\system32\drivers\qzsjgnvx.sys
2010-09-15 20:12 . 2010-09-15 20:12 81016 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\71\1\.cp\lib\S1SLEngineWrapper.dll
2010-09-15 20:12 . 2010-09-15 20:12 1772664 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\42\1\.cp\lib\BHQ.dll
2010-09-15 20:12 . 2010-09-15 20:12 105592 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\61\1\.cp\lib\MemStickFlash.dll
2010-09-15 20:12 . 2010-09-15 20:12 105592 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\42\1\.cp\lib\BHQFlash.dll
2010-09-15 20:10 . 2010-09-15 20:10 101496 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\81\1\.cp\lib\USBFlash.dll
2010-09-15 20:03 . 2010-09-15 20:03 56440 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\73\1\.cp\lib\sef3x1Controller.dll
2010-09-15 19:49 . 2010-09-15 19:49 109752 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\67\1\.cp\lib\osds.dll
2010-09-15 19:49 . 2010-09-15 19:49 85176 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\79\1\.cp\lib\UAC.dll
2010-09-15 19:49 . 2010-09-15 19:49 57344 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\4\1\.cp\lib\serialio.dll
2010-09-15 19:49 . 2010-09-15 19:49 323648 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\10\1\.cp\lib\win32\DIFxAPI.dll
2010-09-15 19:49 . 2010-09-15 19:49 216184 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\69\1\.cp\lib\RegistryReader.dll
2010-09-15 19:49 . 2010-09-15 19:49 158840 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\10\1\.cp\lib\win32\DriverInstaller.exe
2010-09-15 19:49 . 2010-09-15 19:49 154744 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\8\1\.cp\lib\win32\DeviceRemover.exe
2010-09-15 19:49 . 2010-09-15 19:49 117880 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\6\1\.cp\lib\DeviceManager.dll
2010-09-15 19:48 . 2010-09-15 19:48 -------- d-----w- c:\program files\Common Files\Sony Ericsson
2010-09-15 19:41 . 2010-09-15 19:41 -------- d-----w- c:\program files\Avanquest update
2010-09-15 19:39 . 2010-09-15 19:39 -------- d-----w- c:\users\Bobby Digital\AppData\Local\Sony Ericsson
2010-09-15 19:39 . 2010-09-15 19:39 -------- d-----w- c:\programdata\BVRP Software
2010-09-14 13:49 . 2010-09-14 13:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-14 03:37 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-14 03:37 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-14 03:24 . 2010-09-14 03:24 6656 ----a-w- c:\windows\system32\drivers\pacbmxlf.sys
2010-09-14 03:22 . 2010-09-19 19:50 -------- d-----w- c:\windows\system32\MpEngineStore
2010-09-13 15:01 . 2010-09-13 15:01 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-09-13 15:00 . 2010-09-13 15:00 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-09-13 15:00 . 2010-09-13 15:00 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-09-13 15:00 . 2010-09-13 15:00 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-09-13 14:59 . 2010-09-15 19:48 -------- d-----w- c:\program files\Sony Ericsson
2010-09-11 18:27 . 2010-09-11 18:27 -------- d-----w- c:\users\Bobby Digital\AppData\Local\AVG Security Toolbar
2010-09-09 17:50 . 2010-09-09 17:50 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-09-07 04:03 . 2010-09-07 04:03 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-09-07 04:03 . 2010-09-07 04:03 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-07 04:03 . 2010-09-07 04:03 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-08-31 18:01 . 2010-08-31 18:01 -------- d-----w- c:\program files\VideoLAN
2010-08-31 17:35 . 2010-08-31 17:35 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-08-27 23:18 . 2010-08-27 23:18 -------- d-----w- C:\$AVG
2010-08-27 16:14 . 2010-08-27 16:14 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\AVG9
2010-08-25 16:17 . 2010-08-25 16:17 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-25 16:17 . 2010-08-25 16:17 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-25 16:17 . 2010-08-25 16:17 25168 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-08-25 16:17 . 2010-08-25 16:17 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-25 16:17 . 2010-08-25 16:17 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-25 16:17 . 2010-09-21 08:40 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-25 16:17 . 2010-08-25 16:17 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-25 16:15 . 2010-08-25 16:15 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-08-23 21:19 . 2010-08-23 21:19 6656 ----a-w- c:\windows\system32\drivers\kjkwpvpg.sys
2010-08-23 19:44 . 2010-08-23 19:44 6656 ----a-w- c:\windows\system32\drivers\jhojzwca.sys
2010-08-23 18:58 . 2010-08-23 18:58 6656 ----a-w- c:\windows\system32\drivers\rkixfjlc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 09:27 . 2010-05-13 01:18 0 ----a-w- c:\users\Bobby Digital\AppData\Local\prvlcl.dat
2010-09-21 09:14 . 2010-01-17 17:25 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\uTorrent
2010-09-20 21:27 . 2010-01-17 15:33 87400 ----a-w- c:\users\Bobby Digital\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-20 20:32 . 2010-01-24 20:32 -------- d-----w- c:\programdata\NVIDIA
2010-09-20 20:32 . 2010-01-31 11:03 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-20 19:59 . 2010-06-21 13:48 -------- d-----w- c:\program files\Microsoft.NET
2010-09-20 19:35 . 2009-07-14 00:01 6656 ----a-w- c:\windows\system32\drivers\RDPENCDD.sys
2010-09-16 14:59 . 2010-01-17 16:52 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\Vso
2010-09-15 19:58 . 2010-09-15 19:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-09-15 19:58 . 2010-09-15 19:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-09-15 19:48 . 2010-09-15 19:35 -------- d-----w- c:\programdata\Sony Ericsson
2010-09-15 19:42 . 2010-07-14 14:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-14 03:37 . 2010-08-20 23:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 03:37 . 2010-05-23 22:03 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2010-09-07 04:03 . 2010-04-05 13:48 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-07 04:03 . 2010-04-05 13:48 -------- d-----w- c:\programdata\DivX
2010-09-07 04:03 . 2010-01-17 16:00 -------- d-----w- c:\program files\DivX
2010-09-07 04:02 . 2010-09-01 15:22 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-09-07 04:02 . 2010-09-01 15:22 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-09-07 04:02 . 2010-08-16 19:02 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-07 03:59 . 2010-09-01 15:22 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-09-01 15:22 . 2010-01-17 16:00 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-01 12:43 . 2010-08-10 19:45 530158 ----a-w- c:\programdata\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-08-31 20:30 . 2010-01-17 17:10 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\IObit
2010-08-31 20:30 . 2010-01-17 16:56 -------- d-----w- c:\program files\IObit
2010-08-31 17:39 . 2010-02-19 18:16 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\DivX
2010-08-31 17:36 . 2010-01-17 17:03 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\URSoft
2010-08-31 17:32 . 2010-01-17 17:03 -------- d-----w- c:\program files\Your Uninstaller 2008
2010-08-30 09:39 . 2010-01-17 17:25 -------- d-----w- c:\program files\uTorrent
2010-08-27 23:18 . 2010-05-10 21:44 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\Royh
2010-08-25 18:04 . 2010-01-29 21:56 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\Spotify
2010-08-25 16:14 . 2010-03-28 14:25 -------- d-----w- c:\programdata\avg9
2010-08-24 00:21 . 2010-08-18 17:46 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\FrostWire
2010-08-23 17:33 . 2010-06-06 05:58 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\Ysahfy
2010-08-22 01:03 . 2010-02-04 18:02 -------- d-----w- c:\program files\PeerBlock
2010-08-21 10:31 . 2010-08-21 00:32 112 ----a-w- c:\programdata\kA2P3gX4O.dat
2010-08-21 00:52 . 2010-08-20 21:56 -------- d-----w- c:\programdata\STOPzilla!
2010-08-21 00:48 . 2010-08-21 00:48 224 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-08-21 00:09 . 2010-08-21 00:09 -------- d-----w- c:\program files\Common Files\Java
2010-08-21 00:09 . 2010-02-19 21:57 -------- d-----w- c:\program files\Java
2010-08-20 22:57 . 2010-01-17 17:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-20 21:58 . 2010-08-20 22:01 1129120 ----a-w- c:\programdata\STOPzilla!\vdb\vbcorent.dll
2010-08-18 18:01 . 2010-08-18 18:01 0 ----a-w- c:\users\Bobby Digital\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-08-18 17:47 . 2010-08-18 17:45 -------- d-----w- c:\program files\FrostWire
2010-08-14 19:41 . 2010-08-14 19:40 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-14 19:37 . 2010-08-14 19:37 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\Media Player Classic
2010-08-12 22:36 . 2010-08-12 22:36 -------- d-----w- c:\program files\GPL MPEG Decoder
2010-08-12 08:00 . 2010-08-14 19:41 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-10 21:05 . 2010-08-08 14:46 -------- d-----w- c:\program files\Ask.com
2010-08-08 14:46 . 2010-08-08 14:46 -------- d-----w- c:\program files\SopCast
2010-08-06 10:21 . 2010-08-06 10:21 -------- d-----w- c:\program files\CCleaner
2010-07-29 06:30 . 2010-08-11 13:18 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 13:18 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-17 04:00 . 2010-08-21 00:09 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-14 14:51 . 2010-07-14 14:51 10274313 ----a-w- c:\users\Bobby Digital\AppData\Roaming\bizarre creations\blur\BizUpdaterPack.exe
2010-07-09 15:37 . 2010-07-09 15:37 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 15:37 . 2010-07-09 15:37 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 15:37 . 2010-07-09 15:37 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 15:37 . 2010-07-09 15:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-30 06:25 . 2010-08-11 13:18 978432 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

<pre>
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\IObit\IObit Security 360\IS360tray .exe
c:\windows\WindowsMobile\wmdcBase .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"<NO NAME>"="" [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{9D4420A4-CB45-07AE-2EBC-143FF39E05D9}

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-08-25 16:16 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2007-12-21 08:21 1443072 ----a-w- c:\program files\ESET\ESET Smart Security\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-21 12:00 136176 ----atw- c:\users\Bobby Digital\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 10:16 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 14:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 14:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
c:\program files\Microsoft Security Essentials\msseces.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock]
2009-09-28 02:02 1529432 ----a-w- c:\program files\PeerBlock\peerblock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-01-20 07:05 217088 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-08-29 22:23 328568 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-27 01:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-08-25 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-25 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-25 243024]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-25 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-09-20 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-08-24 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-08-24 162936]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [2010-08-25 122448]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [2010-08-25 30288]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [2010-08-25 20560]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-09-13 13224]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-11-04 86696]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-11-04 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-11-04 114472]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-11-04 108328]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-11-04 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-11-04 104616]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-11-04 109736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-07 1343400]
R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
S0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwx.sys [2010-08-25 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-08-25 52872]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-09-13 27632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 10:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-20 c:\windows\Tasks\AWC AutoCare.job
- c:\program files\IObit\Advanced SystemCare 3\AutoCare.exe [2010-08-20 13:10]

2010-09-21 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-08-20 14:13]

2010-08-20 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-08-20 10:08]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069786763-3556713811-4017036512-1001Core.job
- c:\users\Bobby Digital\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-21 12:00]

2010-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4069786763-3556713811-4017036512-1001UA.job
- c:\users\Bobby Digital\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-21 12:00]

2010-08-31 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-08-31 17:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.ask.com?o=15007&l=dis
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Bobby Digital\AppData\Roaming\Mozilla\Firefox\Profiles\x5usodvj.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15004&locale=en_UK&apn_uid=050D1F59-0333-4543-B406-7407EBCDCCF8&apn_ptnrs=PW&apn_sauid=EE86A4B7-9F30-4A92-B9AD-396593AC7F19&apn_dtid=YYYYYYYYGB&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\Bobby Digital\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-21 12:29:29
ComboFix-quarantined-files.txt 2010-09-21 11:29

Pre-Run: 289,565,245,440 bytes free
Post-Run: 289,007,763,456 bytes free

- - End Of File - - 744EDD44CA797F44E1FF9FE0155874B7

MBR check:-

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: ASRock
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: To Be Filled By O.E.M.
System Product Name: To Be Filled By O.E.M.
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 191):
0x82C07000 \SystemRoot\system32\ntoskrnl.exe
0x8300B000 \SystemRoot\system32\halmacpi.dll
0x80BAC000 \SystemRoot\system32\kdcom.dll
0x8BC3A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8BCB2000 \SystemRoot\system32\PSHED.dll
0x8BCC3000 \SystemRoot\system32\BOOTVID.dll
0x8BCCB000 \SystemRoot\system32\CLFS.SYS
0x8BD0D000 \SystemRoot\system32\CI.dll
0x8BDB8000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8BE29000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8BE37000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8BE7F000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8BE88000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8BE90000 \SystemRoot\system32\DRIVERS\pci.sys
0x8BEBA000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8BEC5000 \SystemRoot\System32\drivers\partmgr.sys
0x8BED6000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8BEE6000 \SystemRoot\System32\drivers\volmgrx.sys
0x8BF31000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8BF38000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8BF46000 \SystemRoot\System32\drivers\mountmgr.sys
0x8BF5C000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8BF65000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8BF88000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8BF91000 \SystemRoot\system32\drivers\fltmgr.sys
0x8BFC5000 \SystemRoot\system32\drivers\fileinfo.sys
0x8C02E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8C15D000 \SystemRoot\System32\Drivers\msrpc.sys
0x8C188000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8C19B000 \SystemRoot\System32\Drivers\cng.sys
0x8C1F8000 \SystemRoot\System32\drivers\pcw.sys
0x8C206000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8C20F000 \SystemRoot\system32\drivers\ndis.sys
0x8C2C6000 \SystemRoot\system32\drivers\NETIO.SYS
0x8C304000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C405000 \SystemRoot\System32\drivers\tcpip.sys
0x8C54E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C57F000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8C588000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C5C7000 \SystemRoot\System32\Drivers\spldr.sys
0x8C5CF000 \SystemRoot\System32\drivers\rdyboost.sys
0x8C5FC000 \SystemRoot\System32\Drivers\mup.sys
0x8C60C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8C614000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8C646000 \SystemRoot\system32\DRIVERS\disk.sys
0x8C657000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C67C000 \SystemRoot\System32\Drivers\avgrkx86.sys
0x8C688000 \SystemRoot\System32\Drivers\AVGIDSwx.sys
0x8C69E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C6BD000 \SystemRoot\System32\Drivers\Null.SYS
0x8C6C4000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C6CB000 \SystemRoot\System32\drivers\vga.sys
0x8C6D7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C6F8000 \SystemRoot\System32\drivers\watchdog.sys
0x8C705000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C70D000 \SystemRoot\SYSTEM32\DRIVERS\RDPENCDD.SYS
0x8C715000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8C71D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C728000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C736000 \SystemRoot\system32\DRIVERS\avgfwd6x.sys
0x8C740000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C757000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C762000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8C79C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C329000 \SystemRoot\system32\drivers\afd.sys
0x8C7CE000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8C7D5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C383000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
0x8C393000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C3A1000 \SystemRoot\system32\DRIVERS\serial.sys
0x8C3BB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x92C26000 \SystemRoot\system32\drivers\vpcvmm.sys
0x92C6D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x92C7D000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x92C85000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x92CC6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x92CD0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x92CDA000 \SystemRoot\System32\drivers\discache.sys
0x92CE6000 \SystemRoot\system32\drivers\csc.sys
0x92D4A000 \SystemRoot\System32\Drivers\dfsc.sys
0x92D62000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x92D70000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x92D76000 \SystemRoot\System32\Drivers\avgldx86.sys
0x92DAA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x92DCB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x93C22000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x946A0000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x946A2000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x94759000 \SystemRoot\System32\drivers\dxgmms1.sys
0x94792000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x947B1000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x947D6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x92DDD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x947E1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x93C00000 \SystemRoot\system32\DRIVERS\parport.sys
0x92E28000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x947F0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x93C18000 \SystemRoot\system32\DRIVERS\serenum.sys
0x92E40000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x92E4D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x92E5F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92E77000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92E82000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x92EA4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x92EBC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92ED3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x92EEA000 \SystemRoot\System32\Drivers\pcouffin.sys
0x92EF6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x92F00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x92F0D000 \SystemRoot\system32\DRIVERS\seehcri.sys
0x947FD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92F13000 \SystemRoot\system32\DRIVERS\ks.sys
0x92F47000 \SystemRoot\system32\DRIVERS\umbus.sys
0x92F55000 \SystemRoot\system32\DRIVERS\vpcusb.sys
0x92F6D000 \SystemRoot\system32\DRIVERS\usbrpm.sys
0x92F7A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x92F7C000 \SystemRoot\system32\DRIVERS\vpchbus.sys
0x92FB2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x92C00000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x95C36000 \SystemRoot\system32\drivers\HdAudio.sys
0x95C86000 \SystemRoot\system32\drivers\portcls.sys
0x95CB5000 \SystemRoot\system32\drivers\drmk.sys
0x96C40000 \SystemRoot\System32\win32k.sys
0x95CCE000 \SystemRoot\System32\drivers\Dxapi.sys
0x95CE5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x95CF0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x95D03000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x95D0A000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x95D15000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96EA0000 \SystemRoot\System32\TSDDD.dll
0x96ED0000 \SystemRoot\System32\cdd.dll
0x95D20000 \SystemRoot\system32\DRIVERS\xusb21.sys
0x95D2F000 \SystemRoot\system32\drivers\luafv.sys
0x95D4A000 \SystemRoot\system32\drivers\WudfPf.sys
0x95D64000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x95D74000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x95D87000 \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys
0x95D90000 \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys
0x95D9A000 \SystemRoot\system32\drivers\HTTP.sys
0x95E1F000 \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys
0x95E47000 \SystemRoot\system32\DRIVERS\bowser.sys
0x95E60000 \SystemRoot\System32\drivers\mpsdrv.sys
0x95E72000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x95E95000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x95ED0000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x95EEB000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x95EF2000 \SystemRoot\system32\drivers\peauth.sys
0x95F89000 \SystemRoot\System32\Drivers\secdrv.SYS
0x95F93000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x95FB4000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAB430000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAB47F000 \SystemRoot\System32\DRIVERS\srv.sys
0x77CB0000 \Windows\System32\ntdll.dll
0x47D20000 \Windows\System32\smss.exe
0x77EF0000 \Windows\System32\apisetschema.dll
0x00F30000 \Windows\System32\autochk.exe
0x77B10000 \Windows\System32\setupapi.dll
0x779D0000 \Windows\System32\urlmon.dll
0x778D0000 \Windows\System32\wininet.dll
0x77E30000 \Windows\System32\msvcrt.dll
0x77830000 \Windows\System32\usp10.dll
0x77790000 \Windows\System32\advapi32.dll
0x77630000 \Windows\System32\ole32.dll
0x77E10000 \Windows\System32\imm32.dll
0x77430000 \Windows\System32\iertutil.dll
0x773E0000 \Windows\System32\gdi32.dll
0x77E00000 \Windows\System32\normaliz.dll
0x77360000 \Windows\System32\comdlg32.dll
0x77290000 \Windows\System32\msctf.dll
0x77DF0000 \Windows\System32\nsi.dll
0x771C0000 \Windows\System32\user32.dll
0x77160000 \Windows\System32\difxapi.dll
0x770B0000 \Windows\System32\rpcrt4.dll
0x76FD0000 \Windows\System32\kernel32.dll
0x76FC0000 \Windows\System32\lpk.dll
0x76F60000 \Windows\System32\shlwapi.dll
0x76F10000 \Windows\System32\Wldap32.dll
0x76EF0000 \Windows\System32\sechost.dll
0x76EE0000 \Windows\System32\psapi.dll
0x76E50000 \Windows\System32\oleaut32.dll
0x76E20000 \Windows\System32\imagehlp.dll
0x76DE0000 \Windows\System32\ws2_32.dll
0x76D50000 \Windows\System32\clbcatq.dll
0x76100000 \Windows\System32\shell32.dll
0x760D0000 \Windows\System32\wintrust.dll
0x760A0000 \Windows\System32\cfgmgr32.dll
0x76080000 \Windows\System32\devobj.dll
0x76030000 \Windows\System32\KernelBase.dll
0x75F10000 \Windows\System32\crypt32.dll
0x75E80000 \Windows\System32\comctl32.dll
0x75E70000 \Windows\System32\msasn1.dll

Processes (total 57):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
408 csrss.exe
476 C:\Windows\System32\wininit.exe
484 csrss.exe
524 C:\Windows\System32\services.exe
540 C:\Windows\System32\lsass.exe
552 C:\Windows\System32\lsm.exe
644 C:\Windows\System32\winlogon.exe
712 C:\Windows\System32\svchost.exe
776 C:\Windows\System32\nvvsvc.exe
804 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\audiodg.exe
1140 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\svchost.exe
1344 C:\Windows\System32\nvvsvc.exe
1412 C:\Windows\System32\spoolsv.exe
1448 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
1660 C:\Windows\System32\dwm.exe
1668 C:\Windows\System32\taskhost.exe
1716 C:\Windows\explorer.exe
1832 C:\Windows\System32\taskeng.exe
1944 C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
800 C:\Program Files\Windows Sidebar\sidebar.exe
1536 C:\Windows\System32\svchost.exe
1808 C:\Program Files\AVG\AVG9\avgwdsvc.exe
424 C:\Program Files\AVG\AVG9\avgfws9.exe
916 C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
936 C:\Program Files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
1516 C:\Windows\System32\svchost.exe
392 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2076 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2152 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2208 C:\Windows\System32\svchost.exe
2260 C:\Windows\System32\svchost.exe
2772 C:\Program Files\AVG\AVG9\avgam.exe
3020 C:\Program Files\AVG\AVG9\avgnsx.exe
3308 C:\Windows\System32\SearchIndexer.exe
3388 WmiPrvSE.exe
3532 C:\Windows\System32\svchost.exe
3788 C:\Program Files\Windows Media Player\wmpnetwk.exe
4044 C:\Program Files\AVG\AVG9\avgcsrvx.exe
4092 C:\Program Files\AVG\AVG9\avgrsx.exe
2140 C:\Program Files\AVG\AVG9\avgchsvx.exe
468 WmiPrvSE.exe
3240 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1492 C:\Windows\System32\SearchProtocolHost.exe
3740 C:\Windows\System32\SearchFilterHost.exe
4108 C:\Windows\System32\svchost.exe
4496 C:\Users\Bobby Digital\Desktop\MBRCheck.exe
4508 C:\Windows\System32\conhost.exe
4540 C:\Windows\System32\dllhost.exe
4972 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00004400 (NTFS)

PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA5CA

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

digital11 0 Light Poster · Answer 3 · 2010-09-21T17:37:43+00:00

ComboFix:-

ComboFix 10-09-20.01 - Bobby Digital 21/09/2010 12:21:31.2.4 - x86 MINIMAL
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3263.2556 [GMT 1:00]
Running from: c:\users\Bobby Digital\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 3.0 *disabled* (Outdated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\ErrLog.txt
C:\install.exe
c:\programdata\hpe78A6.dll
c:\programdata\hpeD27B.dll
c:\users\Bobby Digital\AppData\Roaming\inst.exe
c:\windows\system32\system

.
((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 )))))))))))))))))))))))))))))))
.

2010-09-21 11:28 . 2010-09-21 11:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-21 11:20 . 2010-09-21 11:21 -------- d-----w- C:\32788R22FWJFW
2010-09-21 11:17 . 2010-09-21 11:17 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-09-20 21:50 . 2010-09-21 11:28 -------- d-----w- c:\users\Bobby Digital\AppData\Local\temp
2010-09-20 20:08 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-20 19:46 . 2010-09-21 10:10 -------- d-----w- c:\program files\SpywareBlaster
2010-09-20 19:40 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-20 19:39 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-09-20 19:39 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-09-20 19:39 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-09-20 19:39 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-09-20 19:39 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-09-20 19:39 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-09-20 19:39 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
2010-09-20 19:39 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-09-20 19:39 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-09-20 19:39 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-09-20 19:39 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-09-20 11:36 . 2010-09-20 11:36 4093792 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-09-20 11:36 . 2010-09-20 11:36 3586912 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-09-20 11:36 . 2010-09-20 11:36 620896 ----a-w- c:\programdata\avg9\update\backup\avgnsx.exe
2010-09-20 11:36 . 2010-09-20 11:36 1619296 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-09-20 11:36 . 2010-09-20 11:36 1377632 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-09-20 11:36 . 2010-09-20 11:36 942432 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2010-09-20 11:36 . 2010-09-20 11:36 598368 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-09-20 11:36 . 2010-09-20 11:36 5649320 ----a-w- c:\programdata\avg9\update\backup\winspamcatcher.dll
2010-09-20 11:36 . 2010-09-20 11:36 4371296 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-09-20 11:36 . 2010-09-20 11:36 300896 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-09-20 11:36 . 2010-09-20 11:36 2331032 ----a-w- c:\programdata\avg9\update\backup\avgfws9.exe
2010-09-20 11:35 . 2010-09-20 11:35 1690952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-09-19 19:50 . 2010-09-19 19:50 6656 ----a-w- c:\windows\system32\drivers\qzsjgnvx.sys
2010-09-15 20:12 . 2010-09-15 20:12 81016 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\71\1\.cp\lib\S1SLEngineWrapper.dll
2010-09-15 20:12 . 2010-09-15 20:12 1772664 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\42\1\.cp\lib\BHQ.dll
2010-09-15 20:12 . 2010-09-15 20:12 105592 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\61\1\.cp\lib\MemStickFlash.dll
2010-09-15 20:12 . 2010-09-15 20:12 105592 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\42\1\.cp\lib\BHQFlash.dll
2010-09-15 20:10 . 2010-09-15 20:10 101496 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\81\1\.cp\lib\USBFlash.dll
2010-09-15 20:03 . 2010-09-15 20:03 56440 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\73\1\.cp\lib\sef3x1Controller.dll
2010-09-15 19:49 . 2010-09-15 19:49 109752 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\67\1\.cp\lib\osds.dll
2010-09-15 19:49 . 2010-09-15 19:49 85176 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\79\1\.cp\lib\UAC.dll
2010-09-15 19:49 . 2010-09-15 19:49 57344 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\4\1\.cp\lib\serialio.dll
2010-09-15 19:49 . 2010-09-15 19:49 323648 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\10\1\.cp\lib\win32\DIFxAPI.dll
2010-09-15 19:49 . 2010-09-15 19:49 216184 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\69\1\.cp\lib\RegistryReader.dll
2010-09-15 19:49 . 2010-09-15 19:49 158840 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\10\1\.cp\lib\win32\DriverInstaller.exe
2010-09-15 19:49 . 2010-09-15 19:49 154744 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\8\1\.cp\lib\win32\DeviceRemover.exe
2010-09-15 19:49 . 2010-09-15 19:49 117880 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\6\1\.cp\lib\DeviceManager.dll
2010-09-15 19:48 . 2010-09-15 19:48 -------- d-----w- c:\program files\Common Files\Sony Ericsson
2010-09-15 19:41 . 2010-09-15 19:41 -------- d-----w- c:\program files\Avanquest update
2010-09-15 19:39 . 2010-09-15 19:39 -------- d-----w- c:\users\Bobby Digital\AppData\Local\Sony Ericsson
2010-09-15 19:39 . 2010-09-15 19:39 -------- d-----w- c:\programdata\BVRP Software
2010-09-14 13:49 . 2010-09-14 13:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-14 03:37 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-14 03:37 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-14 03:24 . 2010-09-14 03:24 6656 ----a-w- c:\windows\system32\drivers\pacbmxlf.sys
2010-09-14 03:22 . 2010-09-19 19:50 -------- d-----w- c:\windows\system32\MpEngineStore
2010-09-13 15:01 . 2010-09-13 15:01 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-09-13 15:00 . 2010-09-13 15:00 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-09-13 15:00 . 2010-09-13 15:00 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-09-13 15:00 . 2010-09-13 15:00 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-09-13 14:59 . 2010-09-15 19:48 -------- d-----w- c:\program files\Sony Ericsson
2010-09-11 18:27 . 2010-09-11 18:27 -------- d-----w- c:\users\Bobby Digital\AppData\Local\AVG Security Toolbar
2010-09-09 17:50 . 2010-09-09 17:50 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-09-07 04:03 . 2010-09-07 04:03 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-09-07 04:03 . 2010-09-07 04:03 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-07 04:03 . 2010-09-07 04:03 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-08-31 18:01 . 2010-08-31 18:01 -------- d-----w- c:\program files\VideoLAN
2010-08-31 17:35 . 2010-08-31 17:35 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-08-27 23:18 . 2010-08-27 23:18 -------- d-----w- C:\$AVG
2010-08-27 16:14 . 2010-08-27 16:14 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\AVG9
2010-08-25 16:17 . 2010-08-25 16:17 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-25 16:17 . 2010-08-25 16:17 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-25 16:17 . 2010-08-25 16:17 25168 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-08-25 16:17 . 2010-08-25 16:17 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-25 16:17 . 2010-08-25 16:17 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-25 16:17 . 2010-09-21 08:40 -------- d-----w- c:\windows\system32\drivers\Avg
2010-08-25 16:17 . 2010-08-25 16:17 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-25 16:15 . 2010-08-25 16:15 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-08-23 21:19 . 2010-08-23 21:19 6656 ----a-w- c:\windows\system32\drivers\kjkwpvpg.sys
2010-08-23 19:44 . 2010-08-23 19:44 6656 ----a-w- c:\windows\system32\drivers\jhojzwca.sys
2010-08-23 18:58 . 2010-08-23 18:58 6656 ----a-w- c:\windows\system32\drivers\rkixfjlc.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-21 09:27 . 2010-05-13 01:18 0 ----a-w- c:\users\Bobby Digital\AppData\Local\prvlcl.dat
2010-09-21 09:14 . 2010-01-17 17:25 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\uTorrent
2010-09-20 21:27 . 2010-01-17 15:33 87400 ----a-w- c:\users\Bobby Digital\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-20 20:32 . 2010-01-24 20:32 -------- d-----w- c:\programdata\NVIDIA
2010-09-20 20:32 . 2010-01-31 11:03 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-20 19:59 . 2010-06-21 13:48 -------- d-----w- c:\program files\Microsoft.NET
2010-09-20 19:35 . 2009-07-14 00:01 6656 ----a-w- c:\windows\system32\drivers\RDPENCDD.sys
2010-09-16 14:59 . 2010-01-17 16:52 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\Vso
2010-09-15 19:58 . 2010-09-15 19:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-09-15 19:58 . 2010-09-15 19:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-09-15 19:48 . 2010-09-15 19:35 -------- d-----w- c:\programdata\Sony Ericsson
2010-09-15 19:42 . 2010-07-14 14:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-14 03:37 . 2010-08-20 23:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 03:37 . 2010-05-23 22:03 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2010-09-07 04:03 . 2010-04-05 13:48 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-07 04:03 . 2010-04-05 13:48 -------- d-----w- c:\programdata\DivX
2010-09-07 04:03 . 2010-01-17 16:00 -------- d-----w- c:\program files\DivX
2010-09-07 04:02 . 2010-09-01 15:22 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-09-07 04:02 . 2010-09-01 15:22 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-09-07 04:02 . 2010-08-16 19:02 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-07 03:59 . 2010-09-01 15:22 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-09-01 15:22 . 2010-01-17 16:00 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-09-01 12:43 . 2010-08-10 19:45 530158 ----a-w- c:\programdata\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-08-31 20:30 . 2010-01-17 17:10 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\IObit
2010-08-31 20:30 . 2010-01-17 16:56 -------- d-----w- c:\program files\IObit
2010-08-31 17:39 . 2010-02-19 18:16 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\DivX
2010-08-31 17:36 . 2010-01-17 17:03 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\URSoft
2010-08-31 17:32 . 2010-01-17 17:03 -------- d-----w- c:\program files\Your Uninstaller 2008
2010-08-30 09:39 . 2010-01-17 17:25 -------- d-----w- c:\program files\uTorrent
2010-08-27 23:18 . 2010-05-10 21:44 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\Royh
2010-08-25 18:04 . 2010-01-29 21:56 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\Spotify
2010-08-25 16:14 . 2010-03-28 14:25 -------- d-----w- c:\programdata\avg9
2010-08-24 00:21 . 2010-08-18 17:46 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\FrostWire
2010-08-23 17:33 . 2010-06-06 05:58 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\Ysahfy
2010-08-22 01:03 . 2010-02-04 18:02 -------- d-----w- c:\program files\PeerBlock
2010-08-21 10:31 . 2010-08-21 00:32 112 ----a-w- c:\programdata\kA2P3gX4O.dat
2010-08-21 00:52 . 2010-08-20 21:56 -------- d-----w- c:\programdata\STOPzilla!
2010-08-21 00:48 . 2010-08-21 00:48 224 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-08-21 00:09 . 2010-08-21 00:09 -------- d-----w- c:\program files\Common Files\Java
2010-08-21 00:09 . 2010-02-19 21:57 -------- d-----w- c:\program files\Java
2010-08-20 22:57 . 2010-01-17 17:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-20 21:58 . 2010-08-20 22:01 1129120 ----a-w- c:\programdata\STOPzilla!\vdb\vbcorent.dll
2010-08-18 18:01 . 2010-08-18 18:01 0 ----a-w- c:\users\Bobby Digital\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-08-18 17:47 . 2010-08-18 17:45 -------- d-----w- c:\program files\FrostWire
2010-08-14 19:41 . 2010-08-14 19:40 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-08-14 19:37 . 2010-08-14 19:37 -------- d-----w- c:\users\Bobby Digital\AppData\Roaming\Media Player Classic
2010-08-12 22:36 . 2010-08-12 22:36 -------- d-----w- c:\program files\GPL MPEG Decoder
2010-08-12 08:00 . 2010-08-14 19:41 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-08-10 21:05 . 2010-08-08 14:46 -------- d-----w- c:\program files\Ask.com
2010-08-08 14:46 . 2010-08-08 14:46 -------- d-----w- c:\program files\SopCast
2010-08-06 10:21 . 2010-08-06 10:21 -------- d-----w- c:\program files\CCleaner
2010-07-29 06:30 . 2010-08-11 13:18 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 13:18 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-17 04:00 . 2010-08-21 00:09 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-14 14:51 . 2010-07-14 14:51 10274313 ----a-w- c:\users\Bobby Digital\AppData\Roaming\bizarre creations\blur\BizUpdaterPack.exe
2010-07-09 15:37 . 2010-07-09 15:37 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 15:37 . 2010-07-09 15:37 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 15:37 . 2010-07-09 15:37 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 15:37 . 2010-07-09 15:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-30 06:25 . 2010-08-11 13:18 978432 ----a-w- c:\windows\system32\wininet.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

<pre>
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\IObit\IObit Security 360\IS360tray .exe
c:\windows\WindowsMobile\wmdcBase .exe
</pre>