Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hp Pavillion With Vista 32 Stopped To Boot In Normal Mode. I Did Not Find Virus, Trojans, Etc.


  • This topic is locked This topic is locked
3 replies to this topic

#1 paulAster

paulAster

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 21 September 2008 - 06:57 PM

Hi,

I have a problem booting windows vista in normal mode.

Everything was fine until today at lunch time. I leaved and the notebook was running good. When I returned the machine was frozen. So I did a hard reboot.

The notebook started to boot vista 32, but it stopped in the black boot screen with the little green bar running. It stops forever and it is unable to follow the boot process. I am unable to reset the machine using a CTRL+ALT+DEL

I can only do a hard reset. So I did it.

I tried to do a system restore but there was only 1 (one) check point in the system restore registry. It was from yesterday. I used this check point but the restore did not solve the problem. I wonder where the others systems check points were gone...

Well, I ran all the antivirus, spybot, etc you recomended using the safe mode with network support in the site. And I could not find nothing at all.

Now I am posting the HijackThis log (I did in safe mode, I am unable to boot the machine in normal mode).

I hope someone could help to me. :D

PS: O! I delete some hosts entries. They belong to an intranet and I am not authorized to publish them. They were deleted from the HijackThis log report. The others parts are complete.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:53 PM, on 9/21/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\taskmgr.exe
D:\soft\quilombo\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL5 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Subversion Server (svn) - http://subversion.tigris.org/ - C:\Program Files\Subversion\bin\svnserve.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

--
End of file - 13786 bytes

BC AdBot (Login to Remove)

 


#2 paulAster

paulAster
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 21 September 2008 - 09:17 PM

I copy and paste a comboFix output. I ran it in safe mode with network support


ComboFix 08-09-20.05 - pabloa 2008-09-21 22:31:22.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2574 [GMT -3:00]
Running from: D:\soft\quilombo\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\pabloa\AppData\Roaming\Microsoft\Windows\Cookies\pabloa@2o7[2].txt
C:\Windows\system32\KBL.LOG
D:\install.exe

.
((((((((((((((((((((((((( Files Created from 2008-08-22 to 2008-09-22 )))))))))))))))))))))))))))))))
.

2008-09-21 19:51 . 2008-09-21 20:28 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-09-21 19:51 . 2008-09-21 19:57 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-21 19:51 . 2008-09-21 20:28 <DIR> d-------- C:\PROGRA~2\Spybot - Search & Destroy
2008-09-21 19:39 . 2008-09-21 19:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-21 18:07 . 2008-09-21 18:07 <DIR> d-------- C:\Users\pabloa\AppData\Roaming\Malwarebytes
2008-09-21 18:07 . 2008-09-21 18:07 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-21 18:07 . 2008-09-21 18:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-21 18:07 . 2008-09-21 18:07 <DIR> d-------- C:\PROGRA~2\Malwarebytes
2008-09-21 18:07 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2008-09-21 18:07 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\System32\drivers\mbam.sys
2008-09-21 17:22 . 2008-09-21 17:22 <DIR> d-------- C:\fsaua.data
2008-09-18 17:15 . 2008-09-18 17:16 <DIR> d-------- C:\Users\pabloa\terracotta
2008-09-17 22:56 . 2008-09-20 01:10 <DIR> d-------- C:\Users\pabloa\AppData\Roaming\SPORE
2008-09-17 22:56 . 2008-09-17 22:56 <DIR> dr-h----- C:\Users\pabloa\AppData\Roaming\SecuROM
2008-09-16 12:03 . 2008-09-17 22:40 6,746 --a------ C:\WINDOWS\System32\ealregsnapshot1.reg
2008-09-16 03:06 . 2008-07-19 02:09 1,811,656 --a------ C:\WINDOWS\System32\wuaueng.dll
2008-09-16 03:06 . 2008-07-19 00:44 1,524,736 --a------ C:\WINDOWS\System32\wucltux.dll
2008-09-16 03:06 . 2008-07-19 02:09 563,912 --a------ C:\WINDOWS\System32\wuapi.dll
2008-09-16 03:06 . 2008-07-19 00:44 83,456 --a------ C:\WINDOWS\System32\wudriver.dll
2008-09-16 03:06 . 2008-07-19 02:10 53,448 --a------ C:\WINDOWS\System32\wuauclt.exe
2008-09-16 03:06 . 2008-07-19 02:10 45,768 --a------ C:\WINDOWS\System32\wups2.dll
2008-09-16 03:06 . 2008-07-19 02:10 36,552 --a------ C:\WINDOWS\System32\wups.dll
2008-09-16 03:05 . 2008-07-18 22:08 163,904 --a------ C:\WINDOWS\System32\wuwebv.dll
2008-09-16 03:05 . 2008-07-18 20:44 31,232 --a------ C:\WINDOWS\System32\wuapp.exe
2008-09-14 10:07 . 2008-09-14 10:07 <DIR> d-------- C:\Users\pabloa\AppData\Roaming\DivX
2008-09-14 09:52 . 2008-09-14 09:53 <DIR> d-------- C:\Program Files\DivX
2008-09-14 09:52 . 2008-09-14 09:52 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-09-14 09:48 . 2008-09-14 09:48 <DIR> d-------- C:\Program Files\XMPEG
2008-09-12 10:08 . 2008-09-12 10:08 <DIR> d-------- C:\Program Files\Real
2008-09-12 10:08 . 2008-09-12 10:08 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-12 10:08 . 2008-09-12 10:08 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-11 11:34 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\System32\GEARAspi.dll
2008-09-11 11:34 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
2008-09-11 11:33 . 2008-09-11 11:34 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-11 11:33 . 2008-09-11 11:34 <DIR> d-------- C:\Program Files\iTunes
2008-09-11 11:33 . 2008-09-11 11:33 <DIR> d-------- C:\Program Files\iPod
2008-09-11 11:33 . 2008-09-11 11:34 <DIR> d-------- C:\PROGRA~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-11 11:28 . 2008-09-11 11:28 <DIR> d-------- C:\Program Files\Bonjour
2008-09-10 10:26 . 2008-07-30 22:13 4,240,384 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll
2008-09-10 10:26 . 2008-07-31 00:32 28,160 --a------ C:\WINDOWS\System32\Apphlpdm.dll
2008-09-10 09:35 . 2008-06-26 00:29 303,616 --a------ C:\WINDOWS\System32\wmpeffects.dll
2008-09-10 09:34 . 2008-08-01 22:01 625,152 --a------ C:\WINDOWS\System32\drivers\dxgkrnl.sys
2008-09-10 09:34 . 2008-06-26 00:29 565,248 --a------ C:\WINDOWS\System32\emdmgmt.dll
2008-09-10 09:34 . 2008-05-08 16:21 211,968 --a------ C:\WINDOWS\System32\drivers\mrxsmb10.sys
2008-09-10 09:34 . 2008-05-19 23:07 148,480 --a------ C:\WINDOWS\System32\drivers\nwifi.sys
2008-09-10 09:34 . 2008-06-26 00:29 45,056 --a------ C:\WINDOWS\System32\dataclen.dll
2008-09-10 09:34 . 2008-08-02 00:26 36,864 --a------ C:\WINDOWS\System32\cdd.dll
2008-09-09 18:07 . 2008-09-09 18:07 <DIR> d-------- C:\Users\pabloa\AppData\Roaming\postgresql
2008-09-09 17:50 . 2006-11-02 07:23 <DIR> dr------- C:\Users\postgres\Videos
2008-09-09 17:50 . 2006-11-02 07:23 <DIR> d-------- C:\Users\postgres\Saved Games
2008-09-09 17:50 . 2006-11-02 07:23 <DIR> dr------- C:\Users\postgres\Pictures
2008-09-09 17:50 . 2006-11-02 07:23 <DIR> dr------- C:\Users\postgres\Music
2008-09-09 17:50 . 2006-11-02 07:23 <DIR> dr------- C:\Users\postgres\Links
2008-09-09 17:50 . 2006-11-02 07:23 <DIR> dr------- C:\Users\postgres\Downloads
2008-09-09 17:50 . 2008-09-09 17:50 <DIR> dr------- C:\Users\postgres\Documents
2008-09-09 17:50 . 2006-11-02 08:18 <DIR> d--h----- C:\Users\postgres\AppData
2008-09-09 17:50 . 2008-09-21 21:01 <DIR> d-------- C:\Users\postgres
2008-09-09 17:49 . 2008-09-09 17:49 <DIR> d-------- C:\Program Files\PostgreSQL
2008-09-07 18:52 . 2008-09-07 18:52 <DIR> d-------- C:\Users\pabloa\.personalDomain
2008-09-07 18:52 . 2008-09-07 18:52 <DIR> d-------- C:\Users\pabloa\.netbeans-derby
2008-09-07 18:40 . 2008-09-07 18:40 <DIR> d-------- C:\Program Files\glassfish-v3-prelude-b15b
2008-09-07 18:40 . 2008-09-07 18:40 <DIR> d-------- C:\Program Files\Apache Software Foundation
2008-09-07 18:39 . 2008-09-07 18:48 <DIR> d-------- C:\Program Files\glassfish-v2ur2
2008-09-07 18:37 . 2008-09-07 18:38 <DIR> d-------- C:\Program Files\NetBeans 6.5 Beta
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\System32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\System32\QuickTime.qts
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\System32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\System32\dnssd.dll
2008-08-28 23:25 . 2008-08-28 23:25 <DIR> d-------- C:\Program Files\MSECache
2008-08-23 20:17 . 2008-08-23 20:17 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Videos
2008-08-23 20:17 . 2008-08-23 20:17 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Searches
2008-08-23 20:17 . 2008-08-23 20:17 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Saved Games
2008-08-23 20:17 . 2008-08-23 20:17 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Pictures
2008-08-23 20:17 . 2008-08-23 20:17 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Music
2008-08-23 20:17 . 2008-08-23 20:17 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Links
2008-08-23 20:17 . 2008-08-23 20:17 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Downloads
2008-08-23 20:17 . 2008-08-23 20:17 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Documents

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 02:25 27,430 ----a-w C:\Users\pabloa\AppData\Roaming\nvModes.dat
2008-09-18 01:29 --------- d-----w C:\Program Files\Electronic Arts
2008-09-18 01:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-17 21:28 --------- d-----w C:\Users\pabloa\AppData\Roaming\OpenOffice.org2
2008-09-14 12:52 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-09-11 14:28 --------- d-----w C:\Program Files\QuickTime
2008-09-11 14:27 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-10 15:08 --------- d-----w C:\Users\pabloa\AppData\Roaming\Skype
2008-09-10 14:48 --------- d-----w C:\Users\pabloa\AppData\Roaming\skypePM
2008-09-10 14:12 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-08-29 15:26 97,928 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-08-23 23:19 --------- d-----w C:\Program Files\Microsoft Games
2008-08-23 18:51 --------- d-----w C:\Program Files\Java
2008-08-22 02:09 --------- d-----w C:\Program Files\TechSmith
2008-08-20 13:36 --------- d--h--w C:\Program Files\InstallJammer Registry
2008-08-20 12:42 --------- d-----w C:\PROGRA~2\webex
2008-08-19 12:12 --------- d-----w C:\Users\pabloa\AppData\Roaming\Yahoo!
2008-08-14 03:30 --------- d-----w C:\Program Files\MozyHome
2008-08-13 03:04 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 02:31 --------- d-----w C:\Users\pabloa\AppData\Roaming\GHISLER
2008-08-13 02:31 --------- d-----w C:\Program Files\totalcmd
2008-08-09 13:47 --------- d-----w C:\Users\pabloa\AppData\Roaming\eMule
2008-08-09 13:02 --------- d-----w C:\Program Files\Nmap
2008-08-09 12:59 --------- d-----w C:\Program Files\WinPcap
2008-08-05 22:02 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-08-05 22:02 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-08-05 22:00 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-08-05 13:47 --------- d-----w C:\Program Files\Apple Software Update
2008-08-04 05:12 --------- d-----w C:\Program Files\Sun
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-30 00:24 54,896 ----a-w C:\Windows\system32\drivers\VBoxDrv.sys
2008-07-30 00:24 47,152 ----a-w C:\Windows\system32\drivers\VBoxTAP.sys
2008-07-30 00:24 41,616 ----a-w C:\Windows\system32\drivers\VBoxUSBMon.sys
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 13:40 10,520 ----a-w C:\Windows\System32\avgrsstx.dll
2008-06-27 05:38 174 --sha-w C:\Program Files\desktop.ini
2008-06-27 05:07 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-27 05:07 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-05-21 14:08 56,912 ----a-w C:\Users\pabloa\g2mdlhlpx.exe
2008-05-12 19:50 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-05-12 19:50 56 ---ha-w C:\PROGRA~2\ezsidmv.dat
2008-05-08 11:17 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4A9D-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}]
2008-07-14 12:26 2405680 --a------ C:\Program Files\MozyHome\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}]
2008-07-14 12:26 2405680 --a------ C:\Program Files\MozyHome\mozyshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 4269296]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 C:\WINDOWS\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 C:\WINDOWS\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe [2008-08-14 2311472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=C:\Windows\pss\Vongo Tray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^pabloa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\pabloa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9342E098-7706-4FE8-8F9A-624ACA27EBA5}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CFE80780-DDFE-41F3-A865-0D1C94E75A2D}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{76A92721-0FA9-44E3-80C2-9355D826DD64}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A5AB5996-DD94-4343-9402-FB6DC60E2890}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7B5DC0CA-379F-4AC0-BE66-FBD3A2AAA964}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{631E9C83-0E1C-43E5-BA73-3ECBFB0ADE74}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F81DA635-8174-44A4-8640-7AF6203309AC}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{406F7022-D534-4162-8DFD-FAF687149B87}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3CFC5995-8AB2-44AE-80A4-ADB206643548}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{68DB92CE-70D0-492C-9DA9-4A77EA8BA5D8}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1599BF5E-D67A-4104-8A1E-2793F2E98A80}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DDB0CF50-D893-411C-9BE5-9642946676C3}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{B3F1F9B5-F7C7-4D79-8BD4-574F251079F2}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{3D2E3DF4-3E51-46B4-A721-CCB3CD740C69}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{5F4B3745-4BC5-4438-9C76-4DA3B75C46AD}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{8AC54187-EDAE-4F7C-A061-9F9D1BD4E7B3}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{3D4BED81-11A6-491A-A859-321468349AC6}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{6371CB59-A9F8-4072-AB38-E21B16C17CB2}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{0F17C771-B8ED-42A0-A253-A40CF47DDD24}C:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{F41D8E60-CF82-4605-9203-60502E133642}C:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:C:\program files\gamespy\comrade\comrade.exe:Comrade
"TCP Query User{8EC6115C-5DCA-4ECD-96BD-D963796D569D}C:\\program files\\counterpath\\x-lite\\x-lite.exe"= UDP:C:\program files\counterpath\x-lite\x-lite.exe:X-Lite
"UDP Query User{271FAD61-985A-4639-BE86-EE40B39190B7}C:\\program files\\counterpath\\x-lite\\x-lite.exe"= TCP:C:\program files\counterpath\x-lite\x-lite.exe:X-Lite
"TCP Query User{4CBAD361-BEB2-4317-A2B8-95447E1F84C1}C:\\windows\\system32\\migwiz\\migwiz.exe"= UDP:C:\windows\system32\migwiz\migwiz.exe:Windows Easy Transfer
"UDP Query User{3B603B83-85E6-4BD2-99FB-9A8372D31208}C:\\windows\\system32\\migwiz\\migwiz.exe"= TCP:C:\windows\system32\migwiz\migwiz.exe:Windows Easy Transfer
"TCP Query User{5DAE5719-38D2-457A-B4A7-B411B004ED4F}C:\\program files\\java\\jdk1.5.0_15\\jre\\bin\\java.exe"= UDP:C:\program files\java\jdk1.5.0_15\jre\bin\java.exe:Java™ 2 Platform Standard Edition binary
"UDP Query User{8E4C5636-B94F-4FDC-854C-E37662C4DC70}C:\\program files\\java\\jdk1.5.0_15\\jre\\bin\\java.exe"= TCP:C:\program files\java\jdk1.5.0_15\jre\bin\java.exe:Java™ 2 Platform Standard Edition binary
"TCP Query User{9A59EDD3-F0EB-4FF1-8A9C-E13E0FEDFFE2}C:\\dev\\eclipse\\eclipse.exe"= UDP:C:\dev\eclipse\eclipse.exe:eclipse
"UDP Query User{5269CECD-EFF4-4D7A-BD54-113AA5E34C00}C:\\dev\\eclipse\\eclipse.exe"= TCP:C:\dev\eclipse\eclipse.exe:eclipse
"TCP Query User{952A63E8-C254-4BD0-AA31-3DBDAE2EA72B}C:\\users\\pabloa\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:C:\users\pabloa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{3A04C560-59F4-4C2B-BDD1-AF9D7BF88765}C:\\users\\pabloa\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:C:\users\pabloa\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"{8615EE6A-CA6D-46FE-A39B-892CA0655CFC}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{AE4C5A2C-2C57-48D0-B5A4-BE1177524F70}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{BA4C771D-9175-4DC6-B444-A65EEA445AF6}C:\\program files\\java\\jdk1.5.0_15\\bin\\javaw.exe"= UDP:C:\program files\java\jdk1.5.0_15\bin\javaw.exe:Java™ 2 Platform Standard Edition binary
"UDP Query User{19160B96-76D1-4F4F-9205-785A083B6615}C:\\program files\\java\\jdk1.5.0_15\\bin\\javaw.exe"= TCP:C:\program files\java\jdk1.5.0_15\bin\javaw.exe:Java™ 2 Platform Standard Edition binary
"{C5D10DB4-136D-45C5-B9E9-48BD82054F9C}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{5B0F5D85-FC2F-4CA6-AB3F-ECB73D5D988C}C:\\program files\\java\\jdk1.5.0_15\\bin\\java.exe"= UDP:C:\program files\java\jdk1.5.0_15\bin\java.exe:Java™ 2 Platform Standard Edition binary
"UDP Query User{FEA643C9-F3F0-42D7-A170-3E614EC872CC}C:\\program files\\java\\jdk1.5.0_15\\bin\\java.exe"= TCP:C:\program files\java\jdk1.5.0_15\bin\java.exe:Java™ 2 Platform Standard Edition binary
"TCP Query User{DAFBEC52-EE07-4097-9634-55953AD6902C}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java™ Platform SE binary
"UDP Query User{B4FFAF6B-70CE-44FC-AFC6-5C8697F04377}C:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java™ Platform SE binary
"TCP Query User{42129AA0-C87F-49CA-8CEB-4D3437B0737B}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{18AB103C-46EB-4A70-A17C-B5F5E87E2AEA}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{38557499-050A-4F27-920D-6DF36C7596A5}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{B6C03D38-CD4F-437D-9C1C-0C22FFAD9291}C:\\program files\\java\\jre1.6.0_06\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_06\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{8444657D-395D-4FB1-99E8-E8B78F336154}D:\\javaprogs\\eclipse\\eclipse.exe"= UDP:D:\javaprogs\eclipse\eclipse.exe:eclipse
"UDP Query User{42D36AEA-5907-4526-934E-17E20A187C68}D:\\javaprogs\\eclipse\\eclipse.exe"= TCP:D:\javaprogs\eclipse\eclipse.exe:eclipse
"TCP Query User{F5CD51A7-1D53-4A41-A8F0-B22F8913E606}C:\\program files\\java\\jdk1.6.0_06\\bin\\javaw.exe"= UDP:C:\program files\java\jdk1.6.0_06\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{ECE6A324-B77C-4E57-B27F-917E74FDD9FB}C:\\program files\\java\\jdk1.6.0_06\\bin\\javaw.exe"= TCP:C:\program files\java\jdk1.6.0_06\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{E3D7845C-189F-477D-8D7D-5C50E539BADF}C:\\program files\\java\\jdk1.6.0_06\\bin\\java.exe"= UDP:C:\program files\java\jdk1.6.0_06\bin\java.exe:Java™ Platform SE binary
"UDP Query User{027E5271-320E-4D1E-B251-BD62CD1CDA9A}C:\\program files\\java\\jdk1.6.0_06\\bin\\java.exe"= TCP:C:\program files\java\jdk1.6.0_06\bin\java.exe:Java™ Platform SE binary
"{66CA6D6F-A5B3-439B-95AE-7707A22ABCED}"= UDP:C:\Program Files\Microsoft Games\Rise Of Legends\legends.exe:Rise Of Legends
"{D9BF76B1-56AA-485C-8FD1-950C4EBDF4A2}"= TCP:C:\Program Files\Microsoft Games\Rise Of Legends\legends.exe:Rise Of Legends
"TCP Query User{15C378B7-CEEB-48D3-BC84-30BC2F0A98B4}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"UDP Query User{A0674561-A0E9-4839-8287-427495D952F4}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3
"{64E48F49-62F2-4B92-BBB2-5CE58C3DEDC3}"= UDP:443:mozyport
"{15F8321E-99BB-4EA7-B490-4926672472DB}"= UDP:C:\Program Files\MozyHome\mozybackup.exe:mozybackup.exe
"{9F86D8D2-36D8-47D4-B647-9C4316B6C211}"= TCP:C:\Program Files\MozyHome\mozybackup.exe:mozybackup.exe
"{B70C5E0D-3BD9-408A-9BCC-CFCDBE865FA1}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7BCA22D3-7A89-4760-A4F8-5236E1DC5343}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C46D96F6-EFEF-42C9-A8EB-EF83A0C0234E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3CB1A90D-1639-4012-84E0-08A0B51788E1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{D9077F2A-228D-4151-A75F-C5F56C99DB3B}C:\\program files\\collabnet subversion server\\svnserve.exe"= UDP:C:\program files\collabnet subversion server\svnserve.exe:Subversion Server
"UDP Query User{627390E3-B6EC-4E29-82C6-452957661DDD}C:\\program files\\collabnet subversion server\\svnserve.exe"= TCP:C:\program files\collabnet subversion server\svnserve.exe:Subversion Server
"TCP Query User{E00D8B06-E6E7-4D2D-8765-9B5C0BE0F724}C:\\program files\\subversion\\bin\\svnserve.exe"= UDP:C:\program files\subversion\bin\svnserve.exe:Subversion Server
"UDP Query User{DD2CDDB1-9F0D-47A8-A831-787FC557788C}C:\\program files\\subversion\\bin\\svnserve.exe"= TCP:C:\program files\subversion\bin\svnserve.exe:Subversion Server
"TCP Query User{C3D15FE4-F1CF-4E27-B78D-0E16F07635B1}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{C8449C04-96B4-45DC-9369-E82EE4E3C9B8}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R3 dsNcAdpt;Juniper Network Connect Adapter;C:\Windows\system32\DRIVERS\dsNcAdpt.sys [2008-02-08 23552]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 VBoxTAP;VirtualBox TAP Adapter;C:\Windows\system32\DRIVERS\VBoxTAP.sys [2008-07-29 47152]
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-29 97928]
S1 mozyFilter;mozyFilter;C:\Windows\system32\DRIVERS\mozy.sys [2008-07-14 53752]
S1 VBoxDrv;VirtualBox Service;C:\Windows\system32\DRIVERS\VBoxDrv.sys [2008-07-29 54896]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2008-07-29 41616]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\QuickPlay\000.fcl [2007-10-01 00:34 39408]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe runservice -w -N pgsql-8.3 -D C:\Program Files\PostgreSQL\8.3\data\ [ ]
S2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-10-01 271760]
S2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-10-01 112016]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
S2 svn;Subversion Server;C:\Program Files\Subversion\bin\svnserve.exe [2007-12-20 561238]
S3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-07-10 69128]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-23 181800]
S3 MySQL5;MySQL5;C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL5 [ ]
S3 npf;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2008-06-01 34064]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f67a936-2d1a-11dd-8b04-001b24e3d745}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3348bf27-3057-11dd-b8a7-001b24e3d745}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3348bf28-3057-11dd-b8a7-001b24e3d745}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c938652-1c67-11dd-96b9-806e6f6e6963}]
\shell\AutoRun\command - F:\autorun.exe
\shell\directx\command - F:\DirectX9\dxsetup.exe
\shell\setup\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72fe648c-421f-11dd-b7af-001b24e3d745}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1ed3dbe-4132-11dd-95d4-001b24e3d745}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a744dd7f-2f3c-11dd-aa78-001b24e3d745}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afd879dd-2e86-11dd-b142-806e6f6e6963}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afd87ab4-2e86-11dd-b142-001b24e3d745}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9f9b816-3355-11dd-9c74-001b24e3d745}]
\shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f184057d-34b0-11dd-83e5-001b24e3d745}]
\shell\AutoRun\command - G:\AutoRun.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\pabloa\AppData\Roaming\Mozilla\Firefox\Profiles\41qn43dc.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 22:38:03
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\MozyHome\mozyshell.dll
.
Completion time: 2008-09-21 22:46:08
ComboFix-quarantined-files.txt 2008-09-22 01:46:06

Pre-Run: 10,329,767,936 bytes free
Post-Run: 10,410,225,664 bytes free

380 --- E O F --- 2008-09-10 14:14:49

#3 paulAster

paulAster
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 23 September 2008 - 08:10 AM

I reformated the notebook. Please close the case. Thanks.

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:03 PM

Posted 03 October 2008 - 04:11 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users