BleepingComputer.com: Unable to update

Thanks for the detailed feedback.

So we come to know the problems on the system. You may try it but I don't think you can delete the file you mentioned. It should be locked or corrupted causing the MBAM scanner to frees.

• Please perform a check disk as instructed here:
  
  http://www.windows-help-central.com/window...sta-chkdsk.html
  
  It might take quite long to perform it. You don't have to sit there as it the time taken might vary from a couple of hours to a whole day depending on the errors found and the amount of used space. You may initiate it and leave it there to finish.
  
  After the disk check is finished and the Windows started go to Start => Run => type eventvwr in the run box and click OK.
  Go to the Applications section and search for the Winlogon entry that corresponds to when you ran the check disk (in the Source column, click on it to sort the items alphabetically). Double-click that entry and you'll find the scan's results there, click the third button on the right (this copies the info in the memory to clipboard). Then right-click in a notepad to paste and post it to your reply, or right-click to paste it to your reply.
  
  
  
• After finishing with the disk check please run MBAM again to perform the scan.

1. I perfomed the scan and said everything was ok. I went to the event viewer and the only entry I found of winlogon what it had was empty.
Aplications > microsoft > windows > winlogon > operational

2. MBAM Log:

Malwarebytes' Anti-Malware 1.38
Database version: 2353
Windows 6.0.6001 Service Pack 1

02/07/2009 15:24:02
mbam-log-2009-07-02 (15-24-02).txt

Scan type: Quick Scan
Objects scanned: 76907
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Let's make sure of a few things.

• Click on Start button.
  • Type Cmd in the Start Search text box.
    
  • Press Ctrl-Shift-Enter keyboard shortcut to run Command Prompt as Administrator. Allow elevation request.
    
  • Copy and past or Type ipconfig /flushdns in the Command Prompt, and then press the Enter.
    
  • Note any error message if it occurs.
    
  • If there was no error restart the computer. See if you can update Windows. If not please proceed with the next step.
  
  
  
• Go to start > Run copy/paste the following line in the run box and click OK after each line.
  
  notepad C:\windows\system32\drivers\etc\hosts
  
  A text file opens. Please post its content to your reply.
  
  
  
• Go to start > Run copy/paste the following line in the run box and click OK.
  
  cmd /c dir /a /s "c:\tcpip.sys" >log.txt&log.txt&del log.txt
  
  A command window opens. Wait until a log.txt file opens. Please post the content to your reply.

1. Can't update

2. Hosts File:



3. tcpip.sys:

Volume in drive C has no label.
Volume Serial Number is 079B-54D2

Directory of c:\Windows\System32\drivers

31/01/2009 01:19 882,232 tcpip.sys
1 File(s) 882,232 bytes

Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6

19/01/2008 09:43 891,448 tcpip.sys
1 File(s) 891,448 bytes

Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1

26/04/2008 10:26 891,448 tcpip.sys
1 File(s) 891,448 bytes

Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7

26/04/2008 10:08 891,448 tcpip.sys
1 File(s) 891,448 bytes

Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16627_none_5f90b964923d030a

07/10/2008 00:15 803,328 tcpip.sys
1 File(s) 803,328 bytes

Directory of c:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20752_none_5ff4e4f9ab7777f4

07/10/2008 00:15 806,400 tcpip.sys
1 File(s) 806,400 bytes

Total Files Listed:
6 File(s) 5,166,304 bytes
0 Dir(s) 4,123,095,040 bytes free

• Close any open browsers.
  
  Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:
  
  

  FCopy::
  c:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys | c:\Windows\System32\drivers\tcpip.sys

  
  
  Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
  Referring to the picture above, drag CFScript into ComboFix.exe
  
  When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  
  
  
• If Combofix did not reboot please reboot and see if you still have the issue.

Still the problem.

ComboFix 09-07-01.04 - Serj 02/07/2009 20:43.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.2112 [GMT 2:00]
Running from: c:\users\Condom song\Desktop\ComboFix.exe
Command switches used :: c:\users\Condom song\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\42ba80.msi
c:\windows\Installer\46d06.msi
c:\windows\Installer\6e487.msi
c:\windows\system32\mlfcache.dat

.
--------------- FCopy ---------------

c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys --> c:\windows\System32\drivers\tcpip.sys
.
((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-02 18:46 . 2009-07-02 18:46 -------- d-----w- c:\users\Condom song\AppData\Local\temp
2009-07-02 00:25 . 2009-07-02 00:25 -------- d-----w- c:\users\Condom song\AppData\Roaming\Malwarebytes
2009-07-02 00:25 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-02 00:25 . 2009-07-02 00:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-02 00:25 . 2009-07-02 00:25 -------- d-----w- c:\programdata\Malwarebytes
2009-07-02 00:25 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-01 20:57 . 2009-07-01 20:59 -------- d-----w- C:\Restoration
2009-07-01 17:55 . 2009-07-01 17:56 -------- d-----w- C:\rsit
2009-06-29 21:24 . 2009-06-29 21:24 -------- d-----w- c:\users\Condom song\AppData\Roaming\Mra
2009-06-29 18:41 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-29 18:41 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-29 18:40 . 2009-06-29 18:40 -------- d-----w- c:\program files\iPod
2009-06-29 18:40 . 2009-06-29 18:41 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-29 18:40 . 2009-06-29 18:41 -------- d-----w- c:\program files\iTunes
2009-06-29 18:38 . 2009-06-29 18:39 -------- d-----w- c:\program files\QuickTime
2009-06-29 18:29 . 2009-06-29 18:29 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-29 18:25 . 2009-06-29 18:25 -------- d-----w- c:\users\Condom song\AppData\Local\Apple
2009-06-29 18:24 . 2009-07-01 22:30 -------- d-----w- c:\users\Condom song\AppData\Local\Apple Computer
2009-06-29 18:01 . 2009-06-30 12:59 -------- d-----w- c:\users\Condom song\AppData\Local\Adobe
2009-06-29 17:40 . 2009-07-02 10:48 -------- d-----w- c:\program files\a-squared Free
2009-06-28 15:11 . 2009-07-01 19:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-28 15:11 . 2009-06-28 15:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-28 15:01 . 2009-06-30 08:45 -------- d-----w- c:\program files\SpywareBlaster
2009-06-27 01:38 . 2009-06-30 10:05 -------- d-----w- c:\program files\ICQ6.5
2009-06-16 21:37 . 2008-05-30 12:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2009-06-16 21:37 . 2008-05-30 12:17 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2009-06-16 21:37 . 2008-05-30 12:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2009-06-16 21:37 . 2007-07-19 22:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2009-06-16 21:37 . 2007-07-19 22:54 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll
2009-06-16 21:37 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-06-16 21:37 . 2007-03-12 14:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-06-15 18:15 . 2009-06-15 18:15 286720 ------w- c:\windows\Setup1.exe
2009-06-15 18:15 . 2009-06-15 18:15 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-15 18:15 . 2009-06-15 18:15 102912 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-06-02 20:50 . 2009-06-03 13:49 -------- d-----w- C:\[Programming]
2009-06-02 20:33 . 2009-06-02 20:33 -------- d-----w- c:\program files\Flash Decompiler Trillix
2009-06-02 20:27 . 2009-06-02 20:27 -------- d-----w- c:\users\Condom song\AppData\Roaming\KillProcess
2009-06-02 20:25 . 2009-06-02 20:25 -------- d-----w- c:\program files\Sun
2009-06-02 20:18 . 2009-06-02 20:18 4096 ----a-w- c:\windows\d3dx.dat
2009-06-02 20:16 . 2009-06-02 20:16 -------- d-----w- c:\users\Condom song\AppData\Local\{32A3A4F2-B792-11D6-A78A-00B0D0150060}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 18:05 . 2008-12-27 09:40 56544 ----a-w- c:\programdata\nvModes.dat
2009-07-02 17:57 . 2008-05-16 00:02 1660 ----a-w- c:\windows\bthservsdp.dat
2009-07-02 15:57 . 2008-10-05 11:20 -------- d-----w- c:\users\Condom song\AppData\Roaming\uTorrent
2009-07-01 22:30 . 2008-10-06 19:00 -------- d-----w- c:\users\Condom song\AppData\Roaming\Skype
2009-06-30 19:44 . 2008-10-06 19:01 -------- d-----w- c:\users\Condom song\AppData\Roaming\skypePM
2009-06-29 18:40 . 2008-10-06 17:51 -------- d-----w- c:\program files\Common Files\Apple
2009-06-25 14:54 . 2008-10-05 15:46 -------- d-----w- c:\program files\foobar2000
2009-06-18 11:51 . 2007-11-28 02:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 20:05 . 2008-10-05 11:26 -------- d-----w- c:\program files\ICQ6
2009-06-03 14:49 . 2008-10-27 10:51 -------- d-----w- c:\program files\Notepad++Portable
2009-06-02 20:24 . 2009-02-15 16:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-02 20:21 . 2007-11-28 04:00 -------- d-----w- c:\program files\Java
2009-05-27 22:53 . 2009-05-27 22:53 -------- d-----w- c:\users\Condom song\AppData\Roaming\Logitech
2009-05-27 22:51 . 2009-05-27 22:51 -------- d-----w- c:\programdata\LogiShrd
2009-05-27 22:51 . 2009-05-27 22:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-05-27 22:51 . 2009-05-27 22:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-05-27 22:51 . 2009-05-27 22:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-05-27 22:50 . 2009-05-27 22:48 -------- d-----w- c:\program files\Common Files\Logishrd
2009-05-27 22:49 . 2009-05-27 22:49 -------- d-----w- c:\programdata\Logitech
2009-05-27 22:48 . 2009-05-27 22:48 -------- d-----w- c:\program files\Logitech
2009-05-26 22:41 . 2008-05-16 00:27 -------- d-----w- c:\programdata\NVIDIA
2009-05-26 17:51 . 2009-02-06 16:49 -------- d-----w- c:\programdata\FLEXnet
2009-05-24 15:15 . 2009-05-24 15:15 -------- d-----w- c:\program files\VideoLAN
2009-05-16 09:35 . 2008-10-07 19:38 -------- d-----w- c:\programdata\Microsoft Help
2009-05-09 22:08 . 2009-05-09 22:08 -------- d-----w- c:\program files\Mail.Ru
2009-05-09 17:29 . 2008-10-06 17:54 -------- d-----w- c:\users\Condom song\AppData\Roaming\Apple Computer
2009-05-09 17:29 . 2009-05-09 17:28 -------- d-----w- c:\program files\Safari
2009-05-09 17:28 . 2009-05-09 17:03 -------- d-----w- c:\users\Condom song\AppData\Roaming\Orbit
2009-05-09 17:21 . 2009-05-09 17:13 -------- d-----w- c:\program files\WMR11
2009-05-06 12:23 . 2009-05-28 08:39 372736 ----a-w- c:\users\Condom song\AppData\Roaming\Mozilla\Firefox\Profiles\q6yjnhiw.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-01_19.39.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-03 19:23 . 2009-07-01 19:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-03 19:23 . 2009-07-02 18:04 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-03 19:23 . 2009-07-01 19:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-03 19:23 . 2009-07-02 18:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-03 19:23 . 2009-07-01 19:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-03 19:23 . 2009-07-02 18:04 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-16 13:08 . 2008-10-16 13:08 70416 c:\windows\softwaredistribution.old1\SelfUpdate\Handler\WuSetupV.exe
+ 2009-02-07 20:20 . 2009-02-07 20:20 26112 c:\windows\Installer\2922a.msi
+ 2009-01-22 20:19 . 2009-01-22 20:19 25088 c:\windows\Installer\138ab3.msi
+ 2009-01-22 20:19 . 2009-01-22 20:19 28160 c:\windows\Installer\138aad.msi
+ 2009-01-22 20:19 . 2009-01-22 20:19 59904 c:\windows\Installer\138a94.msi
- 2009-07-01 19:09 . 2009-07-01 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-02 18:04 . 2009-07-02 18:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-02 18:04 . 2009-07-02 18:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-01 19:09 . 2009-07-01 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-28 19:41 . 2009-07-01 19:09 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-28 19:41 . 2009-07-02 18:04 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2008-07-29 22:44 . 2008-07-29 22:44 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2009-05-26 17:42 . 2009-05-26 17:42 228352 c:\windows\Installer\e1bf04.msi
+ 2009-02-21 00:44 . 2009-02-21 00:44 501248 c:\windows\Installer\dc95b.msi
+ 2009-02-21 00:43 . 2009-02-21 00:43 501248 c:\windows\Installer\dc943.msi
+ 2009-02-21 00:43 . 2009-02-21 00:43 506880 c:\windows\Installer\dc93d.msi
+ 2009-02-21 00:43 . 2009-02-21 00:43 516608 c:\windows\Installer\dc936.msi
+ 2009-02-21 00:43 . 2009-02-21 00:43 513024 c:\windows\Installer\dc92f.msi
+ 2009-02-21 00:42 . 2009-02-21 00:42 501248 c:\windows\Installer\dc923.msi
+ 2009-02-21 00:42 . 2009-02-21 00:42 501248 c:\windows\Installer\dc905.msi
+ 2009-01-21 03:07 . 2009-01-21 03:07 836096 c:\windows\Installer\c0b061a.msi
+ 2009-02-15 15:03 . 2009-02-15 15:03 236032 c:\windows\Installer\a4cf3cb.msi
+ 2008-11-02 13:59 . 2008-11-02 13:59 280576 c:\windows\Installer\964cc17.msi
+ 2008-11-02 13:59 . 2008-11-02 13:59 181248 c:\windows\Installer\964cc03.msi
+ 2008-11-02 13:59 . 2008-11-02 13:59 481280 c:\windows\Installer\964cbf8.msi
+ 2008-11-02 13:55 . 2008-11-02 13:55 431104 c:\windows\Installer\964cb00.msi
+ 2009-06-29 15:49 . 2009-06-29 15:49 569856 c:\windows\Installer\86877.msi
+ 2008-12-27 17:04 . 2008-12-27 17:04 857600 c:\windows\Installer\808b1.msi
+ 2008-12-13 08:58 . 2008-12-13 08:58 754688 c:\windows\Installer\7005008.msp
+ 2009-01-30 03:22 . 2009-01-30 03:22 648192 c:\windows\Installer\7004ffd.msi
+ 2009-02-03 23:25 . 2009-02-03 23:25 472064 c:\windows\Installer\6487555.msi
+ 2008-05-16 00:22 . 2008-05-16 00:22 741376 c:\windows\Installer\46cfc.msi
+ 2008-11-12 00:06 . 2008-11-12 00:06 432640 c:\windows\Installer\43d51f.msi
+ 2007-11-28 02:10 . 2007-11-28 02:10 331264 c:\windows\Installer\3f412.msi
+ 2008-10-07 19:27 . 2008-10-07 19:27 431104 c:\windows\Installer\3ba827.msi
+ 2007-10-14 22:44 . 2007-10-14 22:44 324608 c:\windows\Installer\38302ff.msp
+ 2007-10-14 22:46 . 2007-10-14 22:46 324608 c:\windows\Installer\38302f8.msp
+ 2009-03-06 11:59 . 2009-03-06 11:59 140288 c:\windows\Installer\3735e9a.msi
+ 2008-10-03 19:35 . 2008-10-03 19:35 360448 c:\windows\Installer\2d5da.msi
+ 2009-06-02 20:25 . 2009-06-02 20:25 873472 c:\windows\Installer\2bf9c52.msi
+ 2009-06-02 20:24 . 2009-06-02 20:24 536576 c:\windows\Installer\2bf9c4c.msi
+ 2009-06-02 20:21 . 2009-06-02 20:21 417792 c:\windows\Installer\2bf99df.msi
+ 2008-10-06 22:10 . 2008-10-06 22:10 431104 c:\windows\Installer\223d54.msi
+ 2009-01-22 20:20 . 2009-01-22 20:20 431104 c:\windows\Installer\138abb.msi
+ 2009-01-22 20:19 . 2009-01-22 20:19 202752 c:\windows\Installer\138aa0.msi
+ 2009-01-22 20:19 . 2009-01-22 20:19 152576 c:\windows\Installer\138a9a.msi
+ 2009-01-22 20:19 . 2009-01-22 20:19 107008 c:\windows\Installer\138a8e.msi
+ 2009-01-22 20:19 . 2009-01-22 20:19 301056 c:\windows\Installer\138a88.msi
+ 2007-04-12 13:41 . 2007-04-12 13:41 4582912 c:\windows\Installer\dc96a.msp
+ 2009-02-21 00:44 . 2009-02-21 00:44 1640960 c:\windows\Installer\dc961.msi
+ 2009-02-21 00:44 . 2009-02-21 00:44 1652736 c:\windows\Installer\dc955.msi
+ 2009-02-21 00:44 . 2009-02-21 00:44 1652736 c:\windows\Installer\dc94f.msi
+ 2009-02-21 00:44 . 2009-02-21 00:44 1652736 c:\windows\Installer\dc949.msi
+ 2009-02-21 00:43 . 2009-02-21 00:43 2319872 c:\windows\Installer\dc929.msi
+ 2009-02-21 00:42 . 2009-02-21 00:42 1647616 c:\windows\Installer\dc91d.msi
+ 2009-02-21 00:42 . 2009-02-21 00:42 1640960 c:\windows\Installer\dc917.msi
+ 2009-02-21 00:42 . 2009-02-21 00:42 2022912 c:\windows\Installer\dc911.msi
+ 2009-02-21 00:42 . 2009-02-21 00:42 1713152 c:\windows\Installer\dc90b.msi
+ 2009-02-21 00:41 . 2009-02-21 00:41 2397184 c:\windows\Installer\dc8fe.msi
+ 2008-05-16 00:15 . 2008-05-16 00:15 3477504 c:\windows\Installer\9bf46.msi
+ 2009-02-22 22:21 . 2009-02-22 22:21 3180544 c:\windows\Installer\9bbbead.msi
+ 2008-11-02 13:59 . 2008-11-02 13:59 1292800 c:\windows\Installer\964cc1d.msi
+ 2008-11-02 07:51 . 2008-11-02 07:51 1894400 c:\windows\Installer\964c918.msi
+ 2008-06-19 16:28 . 2008-06-19 16:28 1573376 c:\windows\Installer\6e2354.msp
+ 2009-05-09 17:29 . 2009-05-09 17:29 1178112 c:\windows\Installer\6813ddf.msi
+ 2008-05-16 00:26 . 2008-05-16 00:26 1297920 c:\windows\Installer\46d0a.msi
+ 2009-05-27 22:51 . 2009-05-27 22:51 3104768 c:\windows\Installer\46cf1d.msi
+ 2009-05-27 22:48 . 2009-05-27 22:48 2708480 c:\windows\Installer\46cf17.msi
+ 2007-10-14 22:43 . 2007-10-14 22:43 5749760 c:\windows\Installer\38302da.msp
+ 2008-02-15 07:54 . 2008-02-15 07:54 9736192 c:\windows\Installer\3735f0d.msp
+ 2008-11-13 01:54 . 2008-11-13 01:54 9576960 c:\windows\Installer\3735ebf.msp
+ 2007-03-30 21:20 . 2007-03-30 21:20 5800960 c:\windows\Installer\3735eb8.msp
+ 2008-10-10 05:52 . 2008-10-10 05:52 5195264 c:\windows\Installer\3735ea2.msp
+ 2008-10-10 05:39 . 2008-10-10 05:39 1926144 c:\windows\Installer\3735e56.msp
+ 2008-04-11 17:08 . 2008-04-11 17:08 6302720 c:\windows\Installer\3735e3a.msp
+ 2009-01-07 19:25 . 2009-01-07 19:25 5046784 c:\windows\Installer\3735e1b.msp
+ 2008-04-11 17:48 . 2008-04-11 17:48 6774272 c:\windows\Installer\3735def.msp
+ 2008-05-20 23:45 . 2008-05-20 23:45 5246976 c:\windows\Installer\3735dcd.msp
+ 2008-10-10 05:48 . 2008-10-10 05:48 9688064 c:\windows\Installer\3735da1.msp
+ 2007-06-01 14:54 . 2007-06-01 14:54 9626624 c:\windows\Installer\3735d9a.msp
+ 2008-10-20 09:18 . 2008-10-20 09:18 6474240 c:\windows\Installer\3735d7c.msp
+ 2008-11-13 01:55 . 2008-11-13 01:55 1306624 c:\windows\Installer\3735d64.msp
+ 2008-10-03 19:35 . 2008-10-03 19:35 8440832 c:\windows\Installer\2d5d4.msi
+ 2009-02-07 20:59 . 2009-02-07 20:59 3568640 c:\windows\Installer\29400.msi
+ 2009-02-07 20:57 . 2009-02-07 20:57 3310080 c:\windows\Installer\293f8.msi
+ 2009-02-07 20:56 . 2009-02-07 20:56 3578880 c:\windows\Installer\293f1.msi
+ 2009-02-07 20:54 . 2009-02-07 20:54 3492864 c:\windows\Installer\293eb.msi
+ 2009-02-07 20:52 . 2009-02-07 20:52 3485696 c:\windows\Installer\293e4.msi
+ 2009-02-07 20:51 . 2009-02-07 20:51 3722752 c:\windows\Installer\293c2.msi
+ 2009-02-07 20:48 . 2009-02-07 20:48 3581952 c:\windows\Installer\2939f.msi
+ 2009-02-07 20:47 . 2009-02-07 20:47 3497984 c:\windows\Installer\29398.msi
+ 2009-02-07 20:45 . 2009-02-07 20:45 4009984 c:\windows\Installer\29391.msi
+ 2009-02-07 20:43 . 2009-02-07 20:43 4063232 c:\windows\Installer\2938a.msi
+ 2009-02-07 20:41 . 2009-02-07 20:41 3462656 c:\windows\Installer\29383.msi
+ 2009-02-07 20:39 . 2009-02-07 20:39 3094016 c:\windows\Installer\2935d.msi
+ 2009-02-07 20:39 . 2009-02-07 20:39 3511296 c:\windows\Installer\29356.msi
+ 2009-02-07 20:37 . 2009-02-07 20:37 3123200 c:\windows\Installer\2932c.msi
+ 2009-02-07 20:37 . 2009-02-07 20:37 3103744 c:\windows\Installer\29325.msi
+ 2009-02-07 20:36 . 2009-02-07 20:36 3095552 c:\windows\Installer\29316.msi
+ 2009-02-07 20:36 . 2009-02-07 20:36 3102720 c:\windows\Installer\2930e.msi
+ 2009-02-07 20:36 . 2009-02-07 20:36 3109888 c:\windows\Installer\29305.msi
+ 2009-02-07 20:35 . 2009-02-07 20:35 3192832 c:\windows\Installer\292fe.msi
+ 2009-02-07 20:34 . 2009-02-07 20:34 6383616 c:\windows\Installer\292f4.msi
+ 2009-02-07 20:26 . 2009-02-07 20:26 3084800 c:\windows\Installer\292de.msi
+ 2009-02-07 20:26 . 2009-02-07 20:26 3076608 c:\windows\Installer\292d3.msi
+ 2009-02-07 20:26 . 2009-02-07 20:26 3214848 c:\windows\Installer\292cc.msi
+ 2009-02-07 20:25 . 2009-02-07 20:25 3082752 c:\windows\Installer\292c5.msi
+ 2009-02-07 20:25 . 2009-02-07 20:25 3084800 c:\windows\Installer\292bf.msi
+ 2009-02-07 20:25 . 2009-02-07 20:25 3097600 c:\windows\Installer\292b9.msi
+ 2009-02-07 20:24 . 2009-02-07 20:24 3078656 c:\windows\Installer\292a1.msi
+ 2009-02-07 20:24 . 2009-02-07 20:24 3080192 c:\windows\Installer\2929b.msi
+ 2009-02-07 20:24 . 2009-02-07 20:24 3079168 c:\windows\Installer\29295.msi
+ 2009-02-07 20:24 . 2009-02-07 20:24 3207680 c:\windows\Installer\2928d.msi
+ 2009-02-07 20:23 . 2009-02-07 20:23 4038656 c:\windows\Installer\29286.msi
+ 2009-02-07 20:23 . 2009-02-07 20:23 3080704 c:\windows\Installer\2927f.msi
+ 2009-02-07 20:23 . 2009-02-07 20:23 3085312 c:\windows\Installer\29279.msi
+ 2009-02-07 20:23 . 2009-02-07 20:23 3082752 c:\windows\Installer\29273.msi
+ 2009-02-07 20:23 . 2009-02-07 20:23 3085824 c:\windows\Installer\2926d.msi
+ 2009-02-07 20:23 . 2009-02-07 20:23 3102208 c:\windows\Installer\29267.msi
+ 2009-02-07 20:22 . 2009-02-07 20:22 4921344 c:\windows\Installer\29260.msi
+ 2009-02-07 20:22 . 2009-02-07 20:22 3122688 c:\windows\Installer\29256.msi
+ 2009-02-07 20:22 . 2009-02-07 20:22 4914176 c:\windows\Installer\29250.msi
+ 2009-02-07 20:22 . 2009-02-07 20:22 3101184 c:\windows\Installer\2924a.msi
+ 2009-02-07 20:21 . 2009-02-07 20:21 3095040 c:\windows\Installer\29244.msi
+ 2009-02-07 20:21 . 2009-02-07 20:21 3099648 c:\windows\Installer\2923e.msi
+ 2009-02-07 20:21 . 2009-02-07 20:21 3279360 c:\windows\Installer\29238.msi
+ 2009-02-07 20:20 . 2009-02-07 20:20 3078656 c:\windows\Installer\29231.msi
+ 2009-02-07 20:20 . 2009-02-07 20:20 3291648 c:\windows\Installer\29224.msi
+ 2009-02-07 20:19 . 2009-02-07 20:19 3089408 c:\windows\Installer\2921e.msi
+ 2009-02-07 20:18 . 2009-02-07 20:18 3191808 c:\windows\Installer\29218.msi
+ 2009-02-07 20:18 . 2009-02-07 20:18 3156480 c:\windows\Installer\29212.msi
+ 2009-02-07 20:18 . 2009-02-07 20:18 3080192 c:\windows\Installer\2920b.msi
+ 2009-02-07 20:18 . 2009-02-07 20:18 3077632 c:\windows\Installer\29204.msi
+ 2009-02-07 20:18 . 2009-02-07 20:18 3076096 c:\windows\Installer\291fe.msi
+ 2009-02-07 20:18 . 2009-02-07 20:18 3346432 c:\windows\Installer\291f7.msi
+ 2009-02-07 20:16 . 2009-02-07 20:16 3084288 c:\windows\Installer\291f0.msi
+ 2009-02-07 20:16 . 2009-02-07 20:16 3122176 c:\windows\Installer\291e9.msi
+ 2009-02-07 20:15 . 2009-02-07 20:15 3521536 c:\windows\Installer\291e2.msi
+ 2009-02-07 20:14 . 2009-02-07 20:14 3082752 c:\windows\Installer\291db.msi
+ 2009-02-07 20:13 . 2009-02-07 20:13 3079168 c:\windows\Installer\291d5.msi
+ 2009-02-07 20:13 . 2009-02-07 20:13 3079680 c:\windows\Installer\291ce.msi
+ 2009-02-07 20:13 . 2009-02-07 20:13 3078656 c:\windows\Installer\291c7.msi
+ 2009-02-07 20:13 . 2009-02-07 20:13 3211776 c:\windows\Installer\291c0.msi
+ 2009-02-07 20:13 . 2009-02-07 20:13 3184128 c:\windows\Installer\291ba.msi
+ 2009-02-07 20:12 . 2009-02-07 20:12 3092992 c:\windows\Installer\291b4.msi
+ 2009-02-07 20:11 . 2009-02-07 20:11 3116544 c:\windows\Installer\291ae.msi
+ 2009-02-07 20:11 . 2009-02-07 20:11 3152896 c:\windows\Installer\291a8.msi
+ 2009-02-07 20:11 . 2009-02-07 20:11 3233792 c:\windows\Installer\291a2.msi
+ 2009-02-07 20:11 . 2009-02-07 20:11 3076608 c:\windows\Installer\2919c.msi
+ 2009-06-29 18:41 . 2009-06-29 18:41 4074496 c:\windows\Installer\1b8c91.msi
+ 2009-06-29 18:38 . 2009-06-29 18:38 8992256 c:\windows\Installer\1b896c.msi
+ 2009-06-29 18:35 . 2009-06-29 18:35 3295232 c:\windows\Installer\1b86dd.msi
+ 2007-11-28 03:50 . 2007-11-28 03:50 1063424 c:\windows\Installer\18c3e2.msi
+ 2008-10-06 17:52 . 2008-10-06 17:52 1549312 c:\windows\Installer\12daf4.msi
+ 2008-10-06 17:48 . 2008-10-06 17:48 1247744 c:\windows\Installer\12dae8.msi
+ 2007-11-28 02:25 . 2007-11-28 02:25 1057280 c:\windows\Installer\11847e.msi
+ 2008-10-03 19:32 . 2007-01-19 11:20 16633344 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi
+ 2009-02-21 00:49 . 2009-02-21 00:49 18181632 c:\windows\Installer\dc969.msi
+ 2008-08-11 09:51 . 2008-08-11 09:51 15916544 c:\windows\Installer\6e237d.msp
+ 2008-08-11 09:49 . 2008-08-11 09:49 22457344 c:\windows\Installer\6e2310.msp
+ 2007-10-14 21:59 . 2007-10-14 21:59 26614784 c:\windows\Installer\49d65.msp
+ 2008-09-24 11:05 . 2008-09-24 11:05 16381440 c:\windows\Installer\43d530.msp
+ 2008-10-10 05:45 . 2008-10-10 05:45 12962816 c:\windows\Installer\3830308.msp
+ 2007-10-14 22:43 . 2007-10-14 22:43 12743168 c:\windows\Installer\38302eb.msp
+ 2007-10-14 22:43 . 2007-10-14 22:43 21981184 c:\windows\Installer\3830292.msp
+ 2008-10-20 09:22 . 2008-10-20 09:22 11758592 c:\windows\Installer\3735ef7.msp
+ 2008-10-10 05:51 . 2008-10-10 05:51 14699520 c:\windows\Installer\3735ee0.msp
+ 2008-10-20 09:21 . 2008-10-20 09:21 11937280 c:\windows\Installer\3735ed7.msp
+ 2008-10-20 09:16 . 2008-10-20 09:16 13211648 c:\windows\Installer\3735e6f.msp
+ 2008-10-10 05:30 . 2008-10-10 05:30 19258880 c:\windows\Installer\3735e24.msp
+ 2008-10-10 05:31 . 2008-10-10 05:31 18447872 c:\windows\Installer\3735dd6.msp
+ 2008-05-21 00:30 . 2008-05-21 00:30 14308864 c:\windows\Installer\3735db7.msp
+ 2008-10-10 05:39 . 2008-10-10 05:39 18344960 c:\windows\Installer\3735d83.msp
+ 2007-11-28 03:48 . 2007-11-28 03:48 13082624 c:\windows\Downloaded Installations\{4E9D4FDC-80D0-447A-B23C-7F115FF705D7}\HP Doc Viewer.msi
+ 2007-10-14 22:43 . 2007-10-14 22:43 229852160 c:\windows\Installer\3830289.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-06-17 414992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
"RtHDVCpl"=RtHDVCpl.exe
"MAgent"=c:\program files\Mail.Ru\Agent\MAgent.exe -LM
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiSpyWareDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4047481444-1457897285-824502694-1000]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5139885B-F2ED-47BE-B98B-529FEFA65EEB}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{BD46FB37-8E85-4E4B-B7DA-7432B5BC76B8}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{942DD15C-35F7-4126-A94E-61A316D6C78F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{AB617F83-FC93-41A0-B08A-AA28561A14F1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{C56BF27E-E31F-4C18-B153-6223A34B5343}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{7DC5FF7E-0A31-459D-A1D7-D84987841200}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{8C7480B7-AD70-4461-95C2-EE1A1C638161}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{6EAB08AB-EE1D-45EB-AA75-94CEF155BAC2}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{3D49576F-7945-42A0-90BE-7CE460A25456}"= UDP:5353:Adobe CSI CS4
"{B10A1883-F784-493B-89A3-A001AE2BEC22}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{931C915C-BB94-4A74-B15D-9064FBC5E802}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{9015CDAF-C06F-42E5-BACB-969031B4B1FD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{27EC97A6-86E8-4471-8C54-D279C4A14B20}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BBFEAB2D-86AD-404C-BE26-41068E33E3B5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [16/05/2008 02:19 39408]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24/10/2008 21:51 468224]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [02/07/2009 02:25 195856]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [28/06/2009 17:11 1153368]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [02/07/2009 02:25 19096]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [28/01/2009 20:52 3668480]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe [02/11/2006 10:32 9216]
S3 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [10/12/2008 01:10 24636]
S3 XAMPP;XAMPP Service;c:\xampp\service.exe [21/12/2007 04:01 60928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1246278035&rver=5.5.4177.0&wp=mbi&wreply=http:%2f%2fmail.live.com%2fmail%2finboxlight.aspx%3ffolderid%3d00000000-0000-0000-0000-000000000001%26inboxsortascending%3dfalse%26inboxsortby%3ddate%26n%3d1563220431&lc=2057&id=64855&mkt=en-gb
mStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1246278035&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fmail%2FInboxLight.aspx%3FFolderID%3D00000000-0000-0000-0000-000000000001%26InboxSortAscending%3DFalse%26InboxSortBy%3DDate%26n%3D1563220431&lc=2057&id=64855&mkt=en-GB
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Condom song\AppData\Roaming\Mozilla\Firefox\Profiles\q6yjnhiw.default\
FF - prefs.js: browser.search.selectedEngine - IMDb
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\users\Condom song\AppData\Roaming\Mozilla\Firefox\Profiles\q6yjnhiw.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 2
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 20:46
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (3) (LocalSystem)
@Allowed: (3) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"="TemDono FiX 1.2 (31 days remaining forever up to 2050)"
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"ProductBase"=dword:00000001
"ProductCode"="{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="3.0.684.0"
"UniqueId"="000A674A4956600A"
"ScannerBuild"=dword:00000ed0
"ScannerVersionId"=dword:00000de1
"ScannerVersion"=""
"FixId"=dword:00000002
"PackageTag"=dword:04ff9687

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-02 20:47
ComboFix-quarantined-files.txt 2009-07-02 18:47
ComboFix2.txt 2009-07-01 19:41

Pre-Run: 4,355,137,536 bytes free
Post-Run: 4,316,123,136 bytes free

449

Are you able to update ESET?
Did you tried to update MBAM, if not please do that.
Are you able to update other programs on the computer?

ESET i'm able to update but MBAM no, and spybot too, programs that are not antivirus, antispyware and so I think I don't have any problem. And to update windows I still have the same problem. And to access some webpage of antivirus I have problem too, for example the one of MBAM.

See if you can get to this page: https://www.opendns.com/start/computer/

Yes I can enter it

I made an account in opendns and now everything works fine. I can connect to windows update, and update mbam and spybot.
But i still have this thing that got my computer no?
Reading about opendns because I wanted to know more about it. It's the conficker worm what I have?
I'm installing all the updates of windows but I'll wait your answer to scan my system with antivirus, mbam and so, for if I have to do some step more
before finish your work. I should always use opendns or after I update everyhting I'm able to work without it?

This post has been edited by Seigetsu: 03 July 2009 - 02:59 AM

Quote

I couldn't see the first log of ComboFix or what was removed before we started. So without files or logs we can't say what it was/is. But it behaves like the DNS-Changer Trojan. The trojan either reset the DNS setting to a static trojan server or hijacks the routers and changes the router sever with its own router. That is why I wanted to check your routers settings in the first place.
Now the question is if the malware is still on your computer or it has changed some registry which takes effect. I'm not sure.

Quote

As long as you can't update Windows without it you'll need it.

Quote

It is not clear to me though what you mean. Did you install Windows updates?
You may also run the updated MBAM, but I don't expect it catches anything, if yes post the log, otherwise no need to post the log.
When you are finished with what you are doing (updating, etc) let me know.

I installed the updates of windows. pass the Microsoft Windows Malicious Software Removal Tool and there was nothing in quick scan. Update mbam and got nothing. I'm passing the stinger of McAfee and seems nothing and maybe I'll pass kaspersky online one.
But on the whole seems they find nothing. I updated everything.

The Kaspersky Online Scanner you can do later on.

I would like to scan the system for unknown rootkit and the next round check the whole system with another scanner. At least if you want to do that. I'm not sure we are going to find anything but at least we can try. It is entirely up to you and if you find it not needed we will round off. If you decide to do it please proceed otherwise tell me.

Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
  
• Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  
• Click on this link to see a list of programs that should be disabled.
  
• Disconnect from the Internet and close all running programs.
  
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
• In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:
  • Sections
    
  • IAT/EAT
    
  • Drives/Partition other than C:\ drive (C:\ drive should remain checked)
    
  • Show All (don't miss this one, this should not be checked)
  
  
• Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
  
• When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
  
• Save the file as gmer.log and copy/paste the contents in your next reply.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-03 21:22:01
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

INT 0x51 ? 86D16F00
INT 0x52 ? 86D16F00
INT 0x72 ? 86D16F00
INT 0x72 ? 86D16F00
INT 0x82 ? 85529BF8
INT 0x92 ? 84769BF8
INT 0xA2 ? 84769BF8
INT 0xB3 ? 86D16F00

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8552C1F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 8476B1F8
Device \Driver\usbuhci \Device\USBPDO-0 86C4A1F8
Device \Driver\usbuhci \Device\USBPDO-1 86C4A1F8
Device \Driver\usbehci \Device\USBPDO-2 86C4B1F8
Device \Driver\usbuhci \Device\USBPDO-3 86C4A1F8
Device \Driver\usbuhci \Device\USBPDO-4 86C4A1F8

AttachedDevice \Driver\tdx \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\usbuhci \Device\USBPDO-5 86C4A1F8
Device \Driver\usbehci \Device\USBPDO-6 86C4B1F8
Device \Driver\volmgr \Device\HarddiskVolume1 8476B1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8476B1F8
Device \Driver\cdrom \Device\CdRom0 86E891F8
Device \Driver\netbt \Device\NetBT_Tcpip_{2E1594B1-4450-4C91-80EF-ED300B192C49} 885CB500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8552A1F8
Device \Driver\atapi \Device\Ide\IdePort0 8552A1F8
Device \Driver\atapi \Device\Ide\IdePort1 8552A1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 885CB500
Device \Driver\Smb \Device\NetbiosSmb 885BF1F8
Device \Driver\iScsiPrt \Device\RaidPort0 8705E1F8

AttachedDevice \Driver\tdx \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\tdx \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\usbuhci \Device\USBFDO-0 86C4A1F8
Device \Driver\usbuhci \Device\USBFDO-1 86C4A1F8
Device \Driver\usbehci \Device\USBFDO-2 86C4B1F8
Device \Driver\usbuhci \Device\USBFDO-3 86C4A1F8
Device \Driver\usbuhci \Device\USBFDO-4 86C4A1F8
Device \Driver\usbuhci \Device\USBFDO-5 86C4A1F8
Device \Driver\usbehci \Device\USBFDO-6 86C4B1F8
Device \FileSystem\cdfs \Cdfs 8A0FE1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218608c137
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218608c137@001247925607 0x8B 0x2E 0x16 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00218608c137@00192d183e2a 0xB9 0x86 0xB0 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2A 0x3F 0xF1 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00218608c137
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00218608c137@001247925607 0x8B 0x2E 0x16 0x31 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00218608c137@00192d183e2a 0xB9 0x86 0xB0 0xAB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x2A 0x3F 0xF1 0x71 ...

---- Files - GMER 1.0.15 ----

File C:\Users\Condom song\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\557K7R77\carldekeyzer.com.\home.swf 0 bytes
File C:\Users\Condom song\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\557K7R77\carldekeyzer.com.\home.swf\cdk.sol 43 bytes
File C:\Users\Condom song\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#carldekeyzer.com.\settings.sol 87 bytes
File C:\Users\Condom song\Desktop\Downloads\[Telecommunications]\[Programming]\[Tutorials]\Certifications\Curso Certificacion Java\Fase II\Fase 2 Objetivos de Certificación\Section 1 Declaration, Initialization and scope\Examenes y Respuestas Dia 1 y 2, Section 1\Test1 Secion1(Day 1).doc 221696 bytes
File C:\Users\Condom song\Desktop\Downloads\[Telecommunications]\[Programming]\[Tutorials]\Certifications\Curso Certificacion Java\Fase II\Fase 2 Objetivos de Certificación\Section 1 Declaration, Initialization and scope\Examenes y Respuestas Dia 1 y 2, Section 1\Test2 Section2(Day2).doc 219648 bytes

---- EOF - GMER 1.0.15 ----