Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Help


  • This topic is locked This topic is locked
8 replies to this topic

#1 D.rosado

D.rosado

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 11 July 2008 - 05:33 PM

Hi i am running Windows Vista, Windows Defender and Norton told me i have these trojans:
Trojan:win32/vundo.gen!R
Backdoor.Trojan
Trojan:Zlob
Trojan:Vundo

Here are the two DSS Logs and i also have Combo Fix if needed.

Deckard's System Scanner v20071014.68
Run by Elizabeth on 2008-07-11 18:27:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
13: 2008-07-11 21:51:28 UTC - RP104 - ComboFix created restore point
12: 2008-07-11 21:21:47 UTC - RP103 - Windows Defender Checkpoint
11: 2008-07-11 04:00:05 UTC - RP101 - Scheduled Checkpoint
10: 2008-07-10 13:49:54 UTC - RP100 - Installed USB Disk Win98 Driver
9: 2008-07-10 13:33:03 UTC - RP98 - Installed USB Disk Win98 Driver


-- First Restore Point --
1: 2008-07-07 04:13:26 UTC - RP87 - Windows Update


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-11 18:30:25
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\System32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\wpcumi.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\USB Disk Win98 Driver\Res.exe
C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Elizabeth\Desktop\dss.exe
C:\WINDOWS\System32\notepad.exe
C:\WINDOWS\System32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [FlyMonitor] "C:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: C:\WINDOWS\System32\wpclsp.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\System32\wpclsp.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\System32\drivers\XAudio.exe


--
End of file - 14907 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js - jsfile - DefaultIcon - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe",7
.js - jsfile - shell\open\command - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 TSHWMDTCP - \??\c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 DQLWinService - "c:\program files\common files\intel\inteldh\nms\adpplugins\dqlwinservice.exe" <Not Verified; ; DQLWinSe Application>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 IntelDHSvcConf (Intel DH Service) - "c:\program files\intel\inteldh\intel media server\tools\inteldhsvcconf.exe" <Not Verified; Intel® Corporation; Intel® Viiv™ Software>
S3 AlertService (Intel® Alert Service) - "c:\program files\intel\inteldh\ccu\alertservice.exe" <Not Verified; Intel® Corporation; Intel® Viiv™ Software>
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 ISSM (Intel® Software Services Manager) - "c:\program files\intel\inteldh\intel media server\media server\bin\issm.exe" <Not Verified; Intel® Corporation; Intel® Viiv™ Software>
S3 M1 Server (Intel® Viiv™ Media Server) - c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe
S3 MCLServiceATL (Intel® Application Tracker) - "c:\program files\intel\inteldh\intel media server\shells\mclserviceatl.exe" <Not Verified; Intel® Corporation; Intel® Viiv™ Software>
S3 Remote UI Service (Intel® Remoting Service) - "c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe" <Not Verified; Intel® Corporation; Intel® Viiv™ Software>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-11 18:29:59 414 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{77CB9F68-5ECA-490C-8813-BDB495CA5F08}.job
2008-07-11 09:16:30 426 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{89EB5536-BAD8-4D03-8F5B-2BB816ED180B}.job


-- Files created between 2008-06-11 and 2008-07-11 -----------------------------

2008-07-11 17:50:16 68096 --a------ C:\Windows\zip.exe
2008-07-11 17:50:16 49152 --a------ C:\Windows\VFind.exe
2008-07-11 17:50:16 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-11 17:50:16 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-11 17:50:16 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-11 17:50:16 98816 --a------ C:\Windows\sed.exe
2008-07-11 17:50:16 80412 --a------ C:\Windows\grep.exe
2008-07-11 17:50:16 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-11 17:20:23 0 d-------- C:\Program Files\Rollercoaster Rush
2008-07-11 16:06:57 0 d-------- C:\Users\All Users\Office Genuine Advantage
2008-07-10 17:23:06 0 d-------- C:\Program Files\Panda Security
2008-07-10 09:33:32 0 d-------- C:\Program Files\USB Disk Win98 Driver
2008-07-09 18:38:44 0 d-------- C:\Program Files\MP3 Player Utilities
2008-07-09 18:37:39 0 d-------- C:\Users\Elizabeth\{d2e55fab-88ac-49fa-8f40-ed0e1ffd5678}
2008-07-09 15:13:55 3816 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-07-09 15:13:55 88 -r-hs---- C:\Windows\system32\EAEF7F1997.sys
2008-07-09 15:13:03 0 d-------- C:\Users\All Users\Corel
2008-07-09 15:08:08 0 d-------- C:\Program Files\Corel
2008-07-09 15:08:08 0 d-------- C:\Program Files\Common Files\Corel
2008-07-08 17:12:57 0 d-------- C:\Program Files\CCleaner
2008-07-07 15:46:29 90112 --a------ C:\Windows\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-07-07 15:45:39 0 d-------- C:\Program Files\The Rosetta Stone
2008-07-07 15:10:50 0 d-------- C:\Program Files\MagicISO
2008-07-05 19:14:39 32768 --a------ C:\Windows\system32\FrogASPI.DLL <Not Verified; Frog ASPI / Millenod; frogaspi.dll>
2008-07-05 19:14:37 86016 --a------ C:\Windows\system32\WNASPINT.DLL <Not Verified; NexiTech, Inc.; NexiTech ASPI for Win32>
2008-07-05 19:14:07 0 d-------- C:\Program Files\CDRWIN
2008-07-05 17:43:25 0 d-------- C:\Program Files\uTorrent
2008-07-05 16:59:24 0 d-------- C:\Program Files\Essentials Codec Pack
2008-07-05 16:56:22 14909 --a------ C:\Windows\system32\A_reg.reg
2008-07-05 16:56:21 348160 --a------ C:\Windows\system32\cdga.dll <Not Verified; ; Cucusoft Audio Transparent Filter>
2008-07-05 16:56:21 364544 --a------ C:\Windows\system32\cdg.dll <Not Verified; Cucusoft Inc.; Cucusoft>
2008-07-05 16:47:30 0 d-------- C:\ConverterOutput
2008-07-05 16:47:20 34820 --a------ C:\Windows\system32\ffdshow.reg
2008-07-05 16:47:19 262144 --a------ C:\Windows\system32\TomsMoComp_ff.dll
2008-07-05 16:47:19 395776 --a------ C:\Windows\system32\libmplayer.dll
2008-07-05 16:47:19 112640 --a------ C:\Windows\system32\libmpeg2_ff.dll
2008-07-05 16:47:19 2255360 --a------ C:\Windows\system32\libavcodec.dll
2008-07-05 16:47:17 0 d-------- C:\Program Files\Cucusoft
2008-07-05 16:45:40 0 d-------- C:\Users\All Users\TEMP
2008-07-05 16:44:42 0 d-------- C:\Program Files\Blaze Media Pro
2008-07-05 16:37:42 0 d-------- C:\Program Files\WinAVIVideoConverter
2008-07-05 16:31:40 0 d-------- C:\Program Files\WinAVI Video Converter
2008-07-05 16:27:50 0 d-------- C:\Program Files\Boilsoft AVI Converter
2008-07-02 11:17:51 0 d-------- C:\Users\All Users\Roxio
2008-07-02 11:12:50 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-07-02 11:12:46 0 d-------- C:\Program Files\Research In Motion
2008-06-28 10:35:40 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-28 10:31:31 717296 --a------ C:\Windows\system32\drivers\sptd.sys
2008-06-27 17:30:59 0 d-------- C:\Users\All Users\Nero
2008-06-27 17:30:59 0 d-------- C:\Program Files\Nero
2008-06-27 17:30:59 0 d-------- C:\Program Files\Common Files\Nero
2008-06-27 17:10:50 0 d-------- C:\Program Files\CDRWIN 6
2008-06-27 13:38:22 0 d-------- C:\Program Files\BitComet
2008-06-27 08:04:48 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-27 08:04:42 0 d-------- C:\Program Files\DivX
2008-06-27 07:58:13 765952 --a------ C:\Windows\system32\xvidcore.dll
2008-06-27 07:58:12 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-06-27 07:58:12 0 d-------- C:\Program Files\Xvid
2008-06-26 12:29:39 50 --a------ C:\Windows\system32\BRIDF04A.dat
2008-06-26 12:27:27 53760 --a------ C:\Windows\system32\brinsstr.dll <Not Verified; Brother Industries,Ltd.; Brother MFL-Pro>
2008-06-26 12:25:43 126976 --------- C:\Windows\system32\BrfxD05a.dll <Not Verified; Brother Industries,LTD; Brother PC-FAX DIAL Dynamic Link Library>
2008-06-26 12:25:43 0 --a------ C:\Windows\brdfxspd.dat
2008-06-26 12:25:42 163840 --------- C:\Windows\system32\NSSearch.dll <Not Verified; brother; brother NSSearch>
2008-06-26 12:25:42 106496 --------- C:\Windows\system32\BrMuSNMP.dll
2008-06-26 12:25:41 61440 --------- C:\Windows\system32\BrMfNt.dll <Not Verified; Brother Industries,LTD.; Brother BrMfNt>
2008-06-26 12:25:41 147456 --------- C:\Windows\brunin03.dll <Not Verified; Brother Industries,Ltd.; Brother MFL-Pro>
2008-06-26 12:25:41 0 d-------- C:\Program Files\Brother
2008-06-26 12:09:20 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-06-26 12:09:14 0 d-------- C:\Users\All Users\ScanSoft
2008-06-26 12:09:14 0 d-------- C:\Program Files\ScanSoft
2008-06-26 12:07:50 0 d-------- C:\Users\All Users\Brother
2008-06-25 21:55:47 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-06-20 09:55:03 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-20 09:30:51 1528 --a------ C:\Windows\system32\ealregsnapshot1.reg
2008-06-16 15:12:43 0 d-------- C:\Users\All Users\FLEXnet
2008-06-16 14:53:44 0 d-------- C:\Program Files\Common Files\Macrovision Shared


-- Find3M Report ---------------------------------------------------------------

2008-07-11 17:36:43 0 dr------- C:\Users\Elizabeth\AppData\Roaming\Brother
2008-07-11 17:20:38 0 d-------- C:\Users\Elizabeth\AppData\Roaming\uTorrent
2008-07-11 17:01:21 0 d-------- C:\Users\Elizabeth\AppData\Roaming\LimeWire
2008-07-10 09:33:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-09 15:13:56 0 d-------- C:\Users\Elizabeth\AppData\Roaming\Corel
2008-07-09 15:08:08 0 d-------- C:\Program Files\Common Files
2008-07-09 03:15:06 174 --ahs---- C:\Program Files\desktop.ini
2008-07-09 03:03:39 0 d-------- C:\Program Files\Windows Mail
2008-07-07 09:34:30 0 d-------- C:\Users\Elizabeth\AppData\Roaming\Adobe
2008-07-05 17:01:03 0 d-------- C:\Users\Elizabeth\AppData\Roaming\Media Player Classic
2008-07-05 16:44:26 0 d-------- C:\Users\Elizabeth\AppData\Roaming\Roxio
2008-07-03 11:49:38 0 d-------- C:\Users\Elizabeth\AppData\Roaming\Research In Motion
2008-07-02 11:22:17 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-07-02 11:21:46 0 d-------- C:\Program Files\Roxio
2008-07-02 11:19:12 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-06-29 20:14:09 0 d-------- C:\Users\Elizabeth\AppData\Roaming\DivX
2008-06-28 11:05:05 0 d-------- C:\Program Files\EA GAMES
2008-06-28 10:31:02 0 d-------- C:\Users\Elizabeth\AppData\Roaming\DAEMON Tools
2008-06-27 17:34:42 0 d-------- C:\Users\Elizabeth\AppData\Roaming\Nero
2008-06-27 17:09:58 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 16:43:32 0 d-------- C:\Users\Elizabeth\AppData\Roaming\WinRAR
2008-06-27 11:55:45 0 d-------- C:\Users\Elizabeth\AppData\Roaming\Elluminate
2008-06-26 12:25:19 0 d-------- C:\Users\Elizabeth\AppData\Roaming\InstallShield
2008-06-26 12:10:19 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-17 15:41:06 0 d-------- C:\Users\Elizabeth\AppData\Roaming\Mozilla
2008-06-16 15:20:06 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-16 15:05:51 0 d-------- C:\Users\Elizabeth\AppData\Roaming\App Launcher Gadget
2008-06-15 00:24:24 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-14 23:22:27 0 d-------- C:\Program Files\Norton Internet Security
2008-06-14 23:14:36 0 d-------- C:\Program Files\Symantec
2008-06-14 13:11:18 0 dr-h----- C:\Users\Elizabeth\AppData\Roaming\SecuROM
2008-06-09 17:13:22 0 d-------- C:\Program Files\Apple Software Update
2008-06-03 18:30:59 0 d-------- C:\Users\Elizabeth\AppData\Roaming\Macromedia
2008-06-03 18:27:44 0 d-------- C:\Program Files\Common Files\Macromedia
2008-06-03 18:23:59 0 d-------- C:\Program Files\Macromedia
2008-06-02 16:29:46 0 d-------- C:\Program Files\Electronic Arts
2008-05-31 12:44:53 0 d-------- C:\Users\Elizabeth\AppData\Roaming\Apple Computer
2008-05-31 12:44:32 0 d-------- C:\Program Files\iTunes
2008-05-31 12:44:27 0 d-------- C:\Program Files\iPod
2008-05-31 12:43:00 0 d-------- C:\Program Files\Bonjour
2008-05-31 12:42:46 0 d-------- C:\Program Files\QuickTime
2008-05-31 12:38:48 0 d-------- C:\Program Files\Common Files\Apple
2008-05-30 19:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-29 20:05:36 0 d-------- C:\Users\Elizabeth\AppData\Roaming\Google
2008-05-28 06:09:12 0 d-------- C:\Program Files\Google
2008-05-27 19:16:44 61440 --a------ C:\Windows\system32\NormalizeDSP.dll
2008-05-26 18:56:10 0 d-------- C:\Program Files\LimeWire
2008-05-26 18:49:55 0 d-------- C:\Program Files\Ares
2008-05-25 14:34:55 0 d-------- C:\Users\Elizabeth\AppData\Roaming\AdobeUM
2008-05-25 14:30:33 0 d-------- C:\Program Files\DIFX
2008-05-25 14:27:29 0 d-------- C:\Program Files\LeapFrog
2008-05-25 12:27:17 0 d-------- C:\Program Files\Java
2008-05-25 12:25:32 0 d-------- C:\Program Files\Common Files\Java
2008-05-23 09:12:58 323584 --a------ C:\Windows\system32\AudioGenie2.dll <Not Verified; Stefan Toengi; audiogenie Module>
2008-05-22 18:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-05-19 06:59:07 0 d-------- C:\Program Files\Windows Calendar
2008-05-19 06:59:04 0 d-------- C:\Program Files\Windows Defender
2008-05-19 06:58:59 0 d-------- C:\Program Files\Windows Sidebar
2008-05-19 06:23:37 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-19 06:05:59 0 d-------- C:\Program Files\MSXML 4.0
2008-05-18 20:34:15 0 d-------- C:\Program Files\Microsoft Works
2008-05-18 20:33:28 0 d-------- C:\Program Files\Microsoft.NET
2008-05-18 20:27:06 0 d-------- C:\Users\Elizabeth\AppData\Roaming\GetRightToGo
2008-05-18 20:03:32 0 d-------- C:\Users\Elizabeth\AppData\Roaming\Template
2008-05-18 20:03:31 0 --a------ C:\Users\Elizabeth\AppData\Roaming\wklnhst.dat
2008-05-18 19:27:44 0 d-------- C:\Users\Elizabeth\AppData\Roaming\acccore
2008-05-16 17:39:22 0 d-------- C:\Users\Elizabeth\AppData\Roaming\Talkback
2008-05-16 17:38:51 0 --a------ C:\Windows\nsreg.dat
2008-05-16 17:31:14 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-16 13:23:42 0 d-------- C:\Program Files\AIM6
2008-05-16 13:22:40 0 d-------- C:\Program Files\Viewpoint
2008-05-16 13:22:12 0 d-------- C:\Program Files\Common Files\AOL
2008-05-16 13:19:00 0 d-------- C:\Users\Elizabeth\AppData\Roaming\Hewlett-Packard
2008-05-16 13:18:43 0 d-------- C:\Users\Elizabeth\AppData\Roaming\MSNInstaller
2008-05-16 13:17:35 0 d-------- C:\Users\Elizabeth\AppData\Roaming\Identities
2008-04-16 18:14:02 233472 --a------ C:\Windows\system32\viscomdvdimg.dll <Not Verified; Viscom Software www.viscomsoft.com; viscomdvdimg.dll>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [09/28/2006 09:42 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [09/29/2006 04:39 PM]
"RtHDVCpl"="RtHDVCpl.exe" [11/09/2006 06:57 AM C:\WINDOWS\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/17/2005 03:11 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/24/2006 05:08 PM]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [10/26/2006 07:18 PM]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [11/02/2006 08:35 AM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [03/25/2008 08:07 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [03/25/2008 08:07 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [03/25/2008 08:07 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 07:28 AM]
"FlyMonitor"="C:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe" [11/15/2007 05:32 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [04/14/2004 02:46 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [04/14/2004 03:04 PM]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [03/08/2007 02:00 PM]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [07/19/2006 02:51 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [08/16/2007 08:56 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [04/08/2007 12:44 PM]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [09/14/2005 08:44 PM]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [08/28/2007 12:00 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [05/19/2008 06:10 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"ares"="C:\Program Files\Ares\Ares.exe" [02/20/2008 10:33 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [05/26/2008 07:00 PM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 07:10 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 05:39 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [03/25/2008 04:21 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe

C:\Users\Elizabeth\Start Menu\Programs\Startup\
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [11/12/2007 2:22:04 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"=2 (0x2)
"DontDisplayLogonHoursWarnings"=1 (0x1)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{461ecee2-236a-11dd-8e02-001a920d03c3}]
AutoRun\command- K:\LaunchU3.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - PAVBOOT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-11 18:31:35 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 2.80GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 2037.88 MiB / 994.32 MiB
Pagefile Memory (total/avail): 4292.92 MiB / 3169.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1912.79 MiB

C: is Fixed (NTFS) - 226.73 GiB total, 142.76 GiB free.
D: is Fixed (NTFS) - 6.15 GiB total, 0.88 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JS-60NCB1 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 226.73 GiB - C:
\PARTITION1 - Installable File System - 6.15 GiB - D:

\\.\PHYSICALDRIVE1 - Generic- Compact Flash USB Device

\\.\PHYSICALDRIVE4 - Generic- MS/MS-Pro USB Device

\\.\PHYSICALDRIVE3 - Generic- SD/MMC USB Device

\\.\PHYSICALDRIVE2 - Generic- SM/xD-Picture USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v2007 (Symantec Corporation) Disabled
AV: Norton Internet Security v2007 (Symantec Corporation) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton Internet Security v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Elizabeth\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ELIZABETH-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Elizabeth
LOCALAPPDATA=C:\Users\Elizabeth\AppData\Local
LOGONSERVER=\\ELIZABETH-PC
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Presario
PLATFORM=HPD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\ELIZAB~1\AppData\Local\Temp
TMP=C:\Users\ELIZAB~1\AppData\Local\Temp
USERDOMAIN=Elizabeth-PC
USERNAME=Elizabeth
USERPROFILE=C:\Users\Elizabeth
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

IUSR_NMPR (new local, net ready)
Elizabeth
Poodle Puff
Liz


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
--> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
--> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
--> "C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
--> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
--> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
--> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
--> "C:\Program Files\HP Games\FATE\Uninstall.exe"
--> "C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
--> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
--> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
--> "C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
--> "C:\Program Files\HP Games\Mahjong Journey of Enlightenment\Uninstall.exe"
--> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
--> "C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
--> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
--> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
--> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
--> "C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
--> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
--> "C:\Program Files\HP Games\The Apprentice\Uninstall.exe"
--> "C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
--> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
--> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
--> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Users\Elizabeth\AppData\Local\{71502C40-CE33-4AB6-9416-0A620783FB71}\setup_blazemp.exe
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA}
--> MsiExec.exe /I{267D350E-51AB-40B8-AF9F-DA7ED5687044}
--> MsiExec.exe /I{3BF1390E-9EAE-4C2A-B30C-3992233FBCBA}
--> MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
--> MsiExec.exe /I{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> MsiExec.exe /I{EA9741F6-A7F2-497B-BBE4-2ED0136649BE}
--> MsiExec.exe /X{C628EC93-8E17-4114-BCE7-2D181B93FA0F}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\7d27d533949941418d33ba1f052e783\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F347B7CC-F3F5-4464-8FB2-CC3CB42CC59E}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3 --> C:\Program Files\Common Files\Adobe\Installers\bbef028176efa5abf0233d3e1747be8\Setup.exe
Adobe Fireworks CS3 --> MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Setup --> MsiExec.exe /I{09885750-A6D7-4536-B7CA-E61AD7DFE5AB}
Adobe Setup --> MsiExec.exe /I{C92A5A89-B218-46F7-8898-77C52113FFE0}
Adobe Shockwave Player --> C:\WINDOWS\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\System32\Adobe\SHOCKW~1\Install.log
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
BitComet 1.02 --> C:\Program Files\BitComet\uninst.exe
BlackBerry Desktop Software 4.3 --> MsiExec.exe /i{3AE87269-BD57-4A58-B13D-FC67664BCFB8}
BlackBerry Desktop Software 4.3 --> MsiExec.exe /I{3AE87269-BD57-4A58-B13D-FC67664BCFB8}
Blaze Media Pro --> "C:\Users\Elizabeth\AppData\Local\{71502C40-CE33-4AB6-9416-0A620783FB71}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Boilosft AVI to VCD SVCD DVD Converter 3.61 --> "C:\Program Files\Boilsoft AVI Converter\unins000.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Brother MFL-Pro Suite --> "C:\Program Files\InstallShield Installation Information\{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDRWIN --> C:\PROGRA~1\CDRWIN\UNWISE.EXE C:\PROGRA~1\CDRWIN\INSTALL.LOG
CDRWIN 6.1 --> MsiExec.exe /I{C8310658-4019-4934-A7AC-AD1E35EDD8F5}
Compaq Connections (remove only) --> C:\Windows\HPCPCUninstall-3572475\HPBWSetup.exe -appid 3572475 -uninstall
Corel Paint Shop Pro Photo X2 --> MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Cucusoft Ultimate DVD + Video Converter Suite 7.5.7.3 --> "C:\Program Files\Cucusoft\Ultimate-Converter\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
EA Download Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
FLY World --> C:\Windows\system32\msiexec.exe /i {5D946D0D-9437-4E15-AC1F-F9BCF0B32561}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hardware Diagnostic Tools --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback --> MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Total Care Advisor --> MsiExec.exe /X{0373779B-A362-4B2E-B8E9-7442F19F9394}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
Intel® Viiv™ Software --> MsiExec.exe /X{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B} /qb!
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Magic ISO Maker v5.4 (build 0239) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities --> MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
Nero 8 --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_1_0_26\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
Python 2.4.3 --> MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Roxio Creator Audio --> MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Media Manager --> MsiExec.exe /X{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
The Rosetta Stone --> C:\Windows\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
The Sims 2 Family Fun Stuff --> C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Glamour Life Stuff --> C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Open For Business --> C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims™ 2 Double Deluxe --> C:\Program Files\EA GAMES\The Sims 2 Double Deluxe\EAUninstall.exe
Update for Office 2007 (KB934391) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
USB Disk Win98 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}\Setup.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WinAVI Video Converter --> "C:\Program Files\WinAVI Video Converter\unins000.exe"
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe"
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6) --> C:\PROGRA~1\DIFX\5BE688ACC8BC158E\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\flyusb.inf_99c52c59\flyusb.inf
Windows Essentials Media Codec Pack 1.0 --> C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Toolbar for Internet Explorer --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type5542 / Success
Event Submitted/Written: 07/11/2008 06:04:32 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type5541 / Success
Event Submitted/Written: 07/11/2008 06:04:19 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type5522 / Success
Event Submitted/Written: 07/11/2008 06:03:53 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type5498 / Warning
Event Submitted/Written: 07/11/2008 06:01:17 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3915680421-3567616749-366080696-1001_Classes:
Process 964 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3915680421-3567616749-366080696-1001_CLASSES

Event Record #/Type5497 / Warning
Event Submitted/Written: 07/11/2008 06:01:17 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-3915680421-3567616749-366080696-1001:
Process 5692 (\Device\HarddiskVolume1\WINDOWS\System32\WerFault.exe) has opened key \REGISTRY\USER\S-1-5-21-3915680421-3567616749-366080696-1001
Process 964 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3915680421-3567616749-366080696-1001
Process 5692 (\Device\HarddiskVolume1\WINDOWS\System32\WerFault.exe) has opened key \REGISTRY\USER\S-1-5-21-3915680421-3567616749-366080696-1001\Software\Microsoft\Windows\CurrentVersion\Explorer



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type92558 / Warning
Event Submitted/Written: 07/11/2008 06:08:06 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type92540 / Error
Event Submitted/Written: 07/11/2008 06:04:34 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
vkquwexg

Event Record #/Type92534 / Error
Event Submitted/Written: 07/11/2008 06:04:34 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
BrSplService0

Event Record #/Type92489 / Error
Event Submitted/Written: 07/11/2008 06:04:34 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event Record #/Type92430 / Warning
Event Submitted/Written: 07/11/2008 06:01:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Elizabeth-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Elizabeth-PC27 can't undo changes that you allow.

For more information please see the following:
%Elizabeth-PC275

Scan ID: {4EC686C2-F3D1-4779-9B2D-37F2D03DAF5D}

User: Elizabeth-PC\Elizabeth

Name: %Elizabeth-PC271

ID: %Elizabeth-PC272

Severity ID: %Elizabeth-PC273

Category ID: %Elizabeth-PC274

Path Found: %Elizabeth-PC276

Alert Type: %Elizabeth-PC278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-07-11 18:31:35 ------------

BC AdBot (Login to Remove)

 


#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:05:50 AM

Posted 14 July 2008 - 06:25 PM

Hi & welcome,

Sorry for delay.
Some of the helpers are not familliar with Vista yet to reply so Vista gets skipped over by some -- so Vista logs sometimes take longer to get a response.
Some people have been waiting 2 weeks.

You still getting warnings from Norton & Defender about the above said infections?
If so.. where? Can you provide the Norton/Defender details please?

ComboFix backs up files it deletes in c:\qoobox\quarentine.
If Norton is jumping on those -- no need to worry.
However -- don't delete that folder yet till I see ComboFix log.
Windows will also have backed up baddies in System Restore.
Those files can't hurt you at this time.
However -- don't purge system restore yet please.
I want that safety net while we work.

Any other wierdness going on?

Yes. If you still have the ComboFix log please post it.

Thanks
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#3 D.rosado

D.rosado
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 14 July 2008 - 08:34 PM

Windows Defender and Norton have been calm for past few days here is combo fix log:


ComboFix 08-07-11.1 - Elizabeth 2008-07-11 17:52:38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1010 [GMT -4:00]
Running from: C:\Users\Elizabeth\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\iifcYRii.dll
C:\Windows\system32\wvUoNGXO.dll
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 21:36 --------- d-----r C:\Users\Elizabeth\AppData\Roaming\Brother
2008-07-11 21:20 --------- d-----w C:\Users\Elizabeth\AppData\Roaming\uTorrent
2008-07-11 21:20 --------- d-----w C:\Program Files\Rollercoaster Rush
2008-07-11 21:01 --------- d-----w C:\Users\Elizabeth\AppData\Roaming\LimeWire
2008-07-11 20:06 --------- d-----w C:\ProgramData\Office Genuine Advantage
2008-07-10 21:53 3,816 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-07-10 21:23 --------- d-----w C:\Program Files\Panda Security
2008-07-10 13:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 13:33 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2008-07-09 22:38 --------- d-----w C:\Program Files\MP3 Player Utilities
2008-07-09 19:13 --------- d-----w C:\Users\Elizabeth\AppData\Roaming\Corel
2008-07-09 19:13 --------- d-----w C:\ProgramData\Corel
2008-07-09 19:10 --------- d-----w C:\Program Files\Common Files\Corel
2008-07-09 19:08 --------- d-----w C:\Program Files\Corel
2008-07-09 07:15 174 --sha-w C:\Program Files\desktop.ini
2008-07-09 07:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-09 07:03 --------- d-----w C:\Program Files\Windows Mail
2008-07-08 21:19 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-08 21:12 --------- d-----w C:\Program Files\CCleaner
2008-07-08 16:57 --------- d-----w C:\ProgramData\Symantec
2008-07-07 19:46 --------- d-----w C:\Program Files\The Rosetta Stone
2008-07-07 19:11 --------- d-----w C:\Program Files\MagicISO
2008-07-05 23:14 --------- d-----w C:\Program Files\CDRWIN
2008-07-05 21:43 --------- d-----w C:\Program Files\uTorrent
2008-07-05 21:01 --------- d-----w C:\Users\Elizabeth\AppData\Roaming\Media Player Classic
2008-07-05 20:59 --------- d-----w C:\Program Files\Essentials Codec Pack
2008-07-05 20:56 --------- d-----w C:\Program Files\Cucusoft
2008-07-05 20:45 --------- d-----w C:\ProgramData\TEMP
2008-07-05 20:45 --------- d-----w C:\Program Files\Blaze Media Pro
2008-07-05 20:44 --------- d-----w C:\Users\Elizabeth\AppData\Roaming\Roxio
2008-07-05 20:37 --------- d-----w C:\Program Files\WinAVIVideoConverter
2008-07-05 20:31 --------- d-----w C:\Program Files\WinAVI Video Converter
2008-07-05 20:27 --------- d-----w C:\Program Files\Boilsoft AVI Converter
2008-07-05 20:03 --------- d-----w C:\Program Files\Common Files\Nero
2008-07-05 20:00 --------- d-----w C:\ProgramData\Nero
2008-07-03 15:49 --------- d-----w C:\Users\Elizabeth\AppData\Roaming\Research In Motion
2008-07-03 07:17 --------- d-----w C:\ProgramData\Roxio
2008-07-02 15:22 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-07-02 15:22 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-07-02 15:21 --------- d-----w C:\ProgramData\Sonic
2008-07-02 15:21 --------- d-----w C:\Program Files\Roxio
2008-07-02 15:19 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-07-02 15:13 --------- d-----w C:\Program Files\Common Files\Research In Motion
2008-07-02 15:12 --------- d-----w C:\Program Files\Research In Motion
2008-06-30 00:14 --------- d-----w C:\Users\Elizabeth\AppData\Roaming\DivX
2008-06-28 20:10 --------- d-----w C:\Users\Liz\AppData\Roaming\Nero
2008-06-28 15:05 --------- d-----w C:\Program Files\EA GAMES
2008-06-28 14:35 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-06-28 14:31 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-06-28 14:31 --------- d-----w C:\Users\Elizabeth\AppData\Roaming\DAEMON Tools
2008-06-27 21:34 --------- d-----w C:\Users\Elizabeth\AppData\Roaming\Nero
2008-06-27 21:30 --------- d-----w C:\Program Files\Nero
2008-06-27 21:10 --------- d-----w C:\Program Files\CDRWIN 6
2008-06-27 21:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 17:38 --------- d-----w C:\Program Files\BitComet
2008-06-27 15:55 --------- d-----w C:\Users\Elizabeth\AppData\Roaming\Elluminate
2008-06-27 12:04 --------- d-----w C:\Program Files\DivX
2008-06-27 11:58 --------- d-----w C:\Program Files\Xvid
2008-06-26 16:27 --------- d-----w C:\Program Files\Brother
2008-06-26 16:25 --------- d-----w C:\Users\Elizabeth\AppData\Roaming\InstallShield
2008-06-26 16:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-26 16:09 --------- d-----w C:\ProgramData\ScanSoft
2008-06-26 16:09 --------- d-----w C:\Program Files\ScanSoft
2008-06-26 16:09 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2008-06-26 16:07 --------- d-----w C:\ProgramData\Brother
2008-06-26 01:55 --------- d-----w C:\Program Files\Common Files\EasyInfo
2008-06-20 13:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-20 13:30 1,528 ----a-w C:\Windows\System32\ealregsnapshot1.reg
2008-06-19 21:24 28,544 ----a-w C:\Windows\system32\drivers\pavboot.sys
2008-06-16 19:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-16 19:12 --------- d-----w C:\ProgramData\FLEXnet
2008-06-16 19:05 --------- d-----w C:\Users\Elizabeth\AppData\Roaming\App Launcher Gadget
2008-06-16 18:53 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-06-15 04:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-15 03:22 --------- d-----w C:\Program Files\Norton Internet Security
2008-06-15 03:14 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-15 03:14 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-06-15 03:14 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-15 03:14 --------- d-----w C:\Program Files\Symantec
2008-06-14 17:11 --------- d--h--r C:\Users\Elizabeth\AppData\Roaming\SecuROM
2008-06-09 21:13 --------- d-----w C:\Program Files\Apple Software Update
2008-06-03 22:27 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-06-03 22:23 --------- d-----w C:\Program Files\Macromedia
2008-06-03 12:56 --------- d-----w C:\Users\Liz\AppData\Roaming\Hewlett-Packard
2008-06-02 22:15 445,504 ----a-w C:\Windows\System32\vp6vfw.dll
2008-06-02 20:29 --------- d-----w C:\ProgramData\Electronic Arts
2008-06-02 20:29 --------- d-----w C:\Program Files\Electronic Arts
2008-06-02 17:27 --------- d-----w C:\Users\Liz\AppData\Roaming\LimeWire
2008-06-02 16:47 --------- d-----w C:\Users\Liz\AppData\Roaming\FMZilla
2008-05-31 16:44 --------- d-----w C:\Users\Elizabeth\AppData\Roaming\Apple Computer
2008-05-31 16:44 --------- d-----w C:\ProgramData\Apple Computer
2008-05-31 16:44 --------- d-----w C:\Program Files\iTunes
2008-05-31 16:44 --------- d-----w C:\Program Files\iPod
2008-05-31 16:43 --------- d-----w C:\Program Files\Bonjour
2008-05-31 16:42 --------- d-----w C:\Program Files\QuickTime
2008-05-31 16:38 --------- d-----w C:\ProgramData\Apple
2008-05-31 16:38 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-19 06:10 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"ares"="C:\Program Files\Ares\Ares.exe" [2008-02-20 10:33 963072]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-26 19:00 171448]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39 486856]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 16:21 50528]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 09:42 65536]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 16:39 151552]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 03:11 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 17:08 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-26 19:18 22696]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 08:35 176128]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-25 20:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-25 20:07 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-25 20:07 133656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 07:28 144784]
"FlyMonitor"="C:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe" [2007-11-15 17:32 669000]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-08 14:00 622592]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 14:51 65536]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 08:56 236016]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"Media Codec Update Service"="C:\Program Files\Essentials Codec Pack\update.exe" [2007-04-08 12:44 303104]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 12:00 531272]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 06:57 3784704 C:\WINDOWS\RtHDVCpl.exe]

C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-11-12 14:22:04 1447184]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{17E4BC82-3A41-4E45-B1DB-393804C831BA}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{DC97AE6E-6D71-4D33-981C-711FF5BB8B03}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{ABBAC0DE-8483-4F02-98F0-93FB675EEA2B}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{432B9307-066F-4CCC-B9A6-1CF1F8FA0AF5}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{CF0C3F2E-6756-4DD6-94AA-6952FA47577F}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{8B7C6C38-24F6-4E58-8F49-DE6C98353317}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{20198E60-33BE-4DD1-8625-EE07D73606A0}"= TCP:9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{EA8D18C0-DDFA-49D1-A143-EC44E40DB490}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{DC546300-CCC5-41B0-97E9-A4192D67F95D}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{67C85172-9899-47C5-B70D-0168B088FD0F}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{9FD9DF9B-5A0D-4774-9561-B61288488C9D}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{B9F08ABE-C01B-45F2-9153-01C82F8F4F8E}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{6AB417EC-BFFF-4874-B813-6D458408D9FA}"= C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{59BA5B39-BE2F-40EC-9602-59A1D5184399}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{ABE216FF-DAF5-4264-974B-0B719E66D547}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{5C4BB2A7-F1F0-4FA6-A6C7-D9F6D3ECCBA9}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4C48197D-1649-46B8-AAD3-427DBD4AB8F1}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B48731A5-9347-4CEE-8933-C20B77C5710F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9770B33F-490D-4EC7-9DB0-A47BCC3081EE}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{81E4E0D7-C0D9-42EB-9130-F81DD46EB77A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F81062BE-8E6C-4769-B7FC-D40504233E89}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0FD40771-20B5-4F6A-9AEF-A4944443383B}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4E8497B3-84D7-438E-8027-B65B43A4D7CD}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F9FE4832-3CFA-4D12-B37C-E25CB61238F8}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{BF796D7C-8B1D-42B0-9A2A-BEEFB919AD89}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{99CF46EF-8475-42B8-9CC4-BBADC71E5EBF}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{A29091B5-28D2-4793-9A3E-AAFF264EF6E6}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{D17DC6B4-D16E-478E-94D4-12E8422EC5C6}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1F9ABD73-BE6A-442C-9EB4-BF5CABC1C1EC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{55F1F04E-C56C-46DA-8583-2A89862D94AD}"= UDP:C:\Program Files\LeapFrog\FlyWorld\bin\FLYMonitor.exe:FLYMonitor.exe
"{733383DE-F862-4E69-B31A-9DCB89C88246}"= TCP:C:\Program Files\LeapFrog\FlyWorld\bin\FLYMonitor.exe:FLYMonitor.exe
"{F2B886D0-632C-414A-8E40-3655A52CBBEE}"= UDP:C:\Program Files\LeapFrog\FlyWorld\bin\FLYWorld.exe:FLYWorld.exe
"{8CAA0B3F-886E-4988-B1E5-511409BF5793}"= TCP:C:\Program Files\LeapFrog\FlyWorld\bin\FLYWorld.exe:FLYWorld.exe
"TCP Query User{B574C085-7ACA-441A-B711-CB77C2787DA5}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{25ED5233-A153-45BB-A614-560848A27BC6}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{7048CD7F-1ECA-400F-B4ED-F3D896B7DE6D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{831B03DD-55C0-490A-B4B0-D1EAE87083E1}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{4A4E3399-66B4-43D9-A242-948155FF4C0C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{67D55C6E-2BD4-4BC6-9623-4728AF8038AD}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{07ACA4D0-7E49-4094-BE7F-E17B9F14EF9C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{B3C76497-D213-4754-B67C-4C317EA9824F}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{D6246461-5BB6-4111-A41C-F7C149BC1B0E}C:\\program files\\free music zilla\\fmzilla.exe"= UDP:C:\program files\free music zilla\fmzilla.exe:FMZilla Module
"UDP Query User{D8FDD966-8464-4ED6-8038-25041EF84C3F}C:\\program files\\free music zilla\\fmzilla.exe"= TCP:C:\program files\free music zilla\fmzilla.exe:FMZilla Module
"{FB23B414-90FA-439D-B7AE-7B6B72727E3B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{53CF95E6-7241-468F-B2C1-E3ECE38DB77B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080709.001\IDSvix86.sys [2008-06-03 17:55]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 14:32]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 17:38]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 08:40]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 13:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{461ecee2-236a-11dd-8e02-001a920d03c3}]
\shell\AutoRun\command - K:\LaunchU3.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - PAVBOOT
.
Contents of the 'Scheduled Tasks' folder
"2008-07-11 22:09:59 C:\Windows\Tasks\User_Feed_Synchronization-{77CB9F68-5ECA-490C-8813-BDB495CA5F08}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-07-11 13:16:30 C:\Windows\Tasks\User_Feed_Synchronization-{89EB5536-BAD8-4D03-8F5B-2BB816ED180B}.job"
- C:\Windows\system32\msfeedssync.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MSServer - C:\Windows\system32\iifcYRii.dll
ShellExecuteHooks-{BC728C13-5691-4529-A1C2-E662A9AD1C87} - C:\Windows\system32\iifcYRii.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 18:04:53
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\WUDFHost.exe
C:\WINDOWS\System32\drivers\XAudio.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-07-11 18:16:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-11 22:15:38

The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 153,320,120,320 bytes free

291 --- E O F --- 2008-07-09 07:04:41

#4 D.rosado

D.rosado
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 14 July 2008 - 08:36 PM

Also comboFix backed up iifcYRii.dll.vir, and wvUoNGXO.dll.vir out of System 32

#5 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:05:50 AM

Posted 15 July 2008 - 12:51 AM

Hi,

Thanks for the log/info.

I see a few P2P apps installed.
Please keep these disabled till we're done cleaning.

How is the system running in general? No popups or anything?

Was it you who disabled UAC?
Once done troubleshooting/cleaning I advise re-enabling it.
Some info about how it prevents infections:

http://technet.microsoft.com/en-us/library...echNet.10).aspx

I'd like to get an online scan done.
This scan only reports. It will not clean.
Whatever it flags -- we'll deal with it.

If you already have used Kaspersky online scanner, please uninstall it via add/remove programs because this is a new version I need you to download.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Graphics tutorial available here if needed:

http://i275.photobucket.com/albums/jj285/B...ng/KAS/KAS9.gif

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#6 D.rosado

D.rosado
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 15 July 2008 - 10:28 AM

No clue what UAC is :thumbsup: Only thing I've disabled was my firewall while I run all these tests because Vista's firewall is quite annoying with incoming programs. I have not seen any pop up's in a few days since i have ran the combofix



FireFox Crashed Upon saving the kasperky report but the log was clear only said red for two files in qoobox.

#7 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:05:50 AM

Posted 16 July 2008 - 12:15 AM

Hi,

Good to hear.

UAC is part of how Windows Vista protects your system from unwanted/malicious system changes.
If you are installing a program -- you will get a prompt asking if this is what you want.
If you allow it -- program installs.
If you deny it -- program is prevented from running.

I was mistaken thinking you shut off UAC -- but rather the setting I saw was you (or something) disabled the notifications from security center if UAC was to become disabled.
I think your Norton likely did this.
Just like Norton's security center is being used in place of Window's Security Center to tell you if your antivirus is out of date, off, if Firewall is off, etc.

You don't need Vista Firewall because you have the Norton one.
Don't try running both or you'll run into conflicts.

If all is well now we can remove ComboFix.

Press the Windows key + R on keyboard to bring up run box.
Type:

combofix /u

Hit OK

This removes combofix, its files & folders it dropped, removes files/folders DSS dropped and resets system restore.

See these pages for help in making your system more secure:

http://users.telenet.be/bluepatchy/miekiem...prevention.html
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
http://www.getsafeonline.org/

Anything new you install do check for special instructions that may be needed for Vista.

Let me know if there are any other issues on the machne please.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#8 D.rosado

D.rosado
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:50 AM

Posted 16 July 2008 - 07:13 AM

Thank you for all your help.

#9 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:05:50 AM

Posted 16 July 2008 - 07:16 PM

You're welcome.
Glad we could help.

Since issue appears to be resolved this topic is now closed.
If yoiu need it re-opened please PM myself or a member of the moderating team with a link to your topic.
All others please begin new topic.

Thanks

Keep well & surf safe!

Blender
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users