Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Wrong Redirect? Weird


  • This topic is locked This topic is locked
6 replies to this topic

#1 Mike Krell

Mike Krell

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 09 February 2009 - 01:38 PM

Is it just me or is everyone getting this virus all of a sudden? But fear not, I have nothing like it....well. Okay I DID but I read through countless posts by the dude with Barney Stinson/Neil Patrick for his avatar, and he helped me out MAJORLY with his posts on CF, RIFS (or w/e it is...random/random), Smithfraudfix, etc.

Either way..as a lot of people report..I too am one that have been rid of this "Virtumonde" virus...it took 15 straight hours until the last 6 hours I came to these boards and found my solution. Thankfully.

But I have another problem: Google STILL redirects wrong going through : v1.adwarefeed.com. No matter what

Here's the catch..I turn off "Javascript" and it never does it again..but...I NEED javascript! >_< Help! Either way, I have the log below>:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:55 AM, on 2/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\program files\steam\steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Linksys\WUSBF54G\NICServ.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Michael\My Documents\Downloads\Lavasoft Ad-Aware 2008 Pro 7.1.0.8 Final\aaw2008.exe
C:\WINDOWS\system32\MSIEXEC.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Lavasoft\Ad-Aware\lsupdatemanager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Linksys Wireless Network Monitor.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
O9 - Extra 'Tools' menuitem: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.att.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234160227562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234160221265
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NICSer_WUSBF54G - Unknown owner - C:\Program Files\Linksys\WUSBF54G\NICServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 11782 bytes


Note: I have no vulnerable versions of Java...just latest one :thumbup2:

Also to note: I never visit "bad" sites other than CNN, etc. So I'm ..pardon my french...very bleeping surprised...I got this. :)

Edited by Mike Krell, 09 February 2009 - 01:48 PM.


BC AdBot (Login to Remove)

 


#2 Mike Krell

Mike Krell
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 09 February 2009 - 01:43 PM

RISIT LOG:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Michael at 2009-02-09 10:42:19
Microsoft Windows XP Professional Service Pack 2
Total RAM: 8067 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:22 AM, on 2/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\program files\steam\steam.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Linksys\WUSBF54G\NICServ.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Razer\Habu\razertra.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Documents and Settings\Michael\Desktop\Combo\RSIT.exe
C:\Program Files\trend micro\HijackThis\Michael.exe
C:\WINDOWS\system32\HPBPRO.EXE

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Linksys Wireless Network Monitor.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
O9 - Extra 'Tools' menuitem: Newz Crawler - {CA7C41C8-5C9D-4A03-A101-B0AA4F0C3ABC} - C:\Program Files\NewzCrawler\News.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.att.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234160227562
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234160221265
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NICSer_WUSBF54G - Unknown owner - C:\Program Files\Linksys\WUSBF54G\NICServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 11619 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-01 161352]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-03-29 624248]
"LifeCam"=c:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"VX3000"=C:\WINDOWS\vVX3000.exe [2007-04-10 709992]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-01-29 30248]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-01-29 46632]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-02-01 255528]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-23 663552]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536]
"StatusClient 2.6"=C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe [2004-02-11 61440]
"TomcatStartup 2.5"=C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [2004-02-12 163840]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-01-07 49152]
"Habu"=C:\Program Files\Razer\Habu\razerhid.exe [2007-05-11 176128]
"Motive SmartBridge"=C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [2005-08-24 442455]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-11-10 157312]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2007-11-14 405504]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-09 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\PROGRA~1\MESSEN~1\Msmsgs.exe [2008-06-02 1660952]
"Steam"=c:\program files\steam\steam.exe [2008-11-07 1410296]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-12 306088]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-06-02 1660952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\sttray.exe [2007-11-14 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Linksys EasyLink Advisor Setup.vbs]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Linksys EasyLink Advisor Setup.vbs []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe
Linksys Wireless Network Monitor.lnk - C:\Program Files\Linksys\WUSBF54G\wlMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Ubisoft\Prince of Persia\Prince of Persia.exe"="C:\Program Files\Ubisoft\Prince of Persia\Prince of Persia.exe:*:Enabled:Prince of Persia Dx"
"C:\Program Files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe"="C:\Program Files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:*:Enabled:Prince of Persia Update"
"C:\Program Files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe"="C:\Program Files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\WBGames\Monolith Productions\F.E.A.R. 2 SP Demo\FEAR2SPDemo.exe"="C:\Program Files\WBGames\Monolith Productions\F.E.A.R. 2 SP Demo\FEAR2SPDemo.exe:*:Enabled:FEAR2SPDemo.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.txt - open -

======List of files/folders created in the last 3 months======

2009-02-09 10:07:16 ----D---- C:\Program Files\Lavasoft
2009-02-09 10:00:15 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-09 10:00:15 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-09 10:00:15 ----A---- C:\WINDOWS\system32\java.exe
2009-02-09 10:00:15 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-09 08:58:20 ----D---- C:\!KillBox
2009-02-09 08:54:38 ----SHD---- C:\RECYCLER
2009-02-09 08:54:24 ----A---- C:\rapport.txt
2009-02-09 08:54:18 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-02-09 08:54:18 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-02-09 08:54:18 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-02-09 08:54:18 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-02-09 08:54:18 ----A---- C:\WINDOWS\system32\swsc.exe
2009-02-09 08:54:18 ----A---- C:\WINDOWS\system32\swreg.exe
2009-02-09 08:54:18 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-02-09 08:54:18 ----A---- C:\WINDOWS\system32\Process.exe
2009-02-09 08:54:18 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-02-09 08:54:18 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-02-09 08:54:18 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-02-09 08:54:18 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-02-09 08:54:18 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-02-09 08:54:18 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-02-09 08:47:28 ----D---- C:\WINDOWS\temp
2009-02-09 08:47:26 ----A---- C:\ComboFix.txt
2009-02-09 08:32:23 ----A---- C:\WINDOWS\zip.exe
2009-02-09 08:32:23 ----A---- C:\WINDOWS\VFIND.exe
2009-02-09 08:32:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-09 08:32:23 ----A---- C:\WINDOWS\SWSC.exe
2009-02-09 08:32:23 ----A---- C:\WINDOWS\SWREG.exe
2009-02-09 08:32:23 ----A---- C:\WINDOWS\sed.exe
2009-02-09 08:32:23 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-09 08:32:23 ----A---- C:\WINDOWS\grep.exe
2009-02-09 08:32:23 ----A---- C:\WINDOWS\fdsv.exe
2009-02-09 08:32:19 ----D---- C:\ComboFix
2009-02-09 08:27:23 ----D---- C:\rsit
2009-02-09 07:24:24 ----D---- C:\Program Files\trend micro
2009-02-09 07:23:49 ----D---- C:\Documents and Settings\Michael\Application Data\Malwarebytes
2009-02-09 07:23:40 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-09 07:23:40 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-09 06:33:09 ----D---- C:\WINDOWS\ERDNT
2009-02-09 03:12:17 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-02-09 01:22:19 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-09 01:14:35 ----A---- C:\WINDOWS\system32\tmp.txt
2009-02-08 23:57:30 ----A---- C:\WINDOWS\system32\f399f6a0-.txt
2009-02-08 22:36:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-08 22:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-02-08 22:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-02-08 22:35:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-02-08 22:35:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-02-08 22:35:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-02-08 22:35:09 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-02-08 22:34:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-02-08 22:34:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-02-08 22:34:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-02-08 22:33:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-02-08 22:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-08 22:33:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-02-08 22:33:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-02-08 22:33:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-02-08 22:33:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-02-08 22:32:50 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-02-08 22:31:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-02-08 22:30:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-02-08 22:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-08 22:30:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-02-08 22:30:18 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-02-08 22:29:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-02-08 22:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2009-02-08 22:19:41 ----A---- C:\WINDOWS\system32\spmsg.dll
2009-02-08 22:17:14 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-02-08 04:14:05 ----D---- C:\Documents and Settings\All Users\Application Data\Fallout3
2009-02-03 03:30:27 ----D---- C:\Program Files\CAPCOM
2009-02-01 06:06:48 ----D---- C:\WINDOWS\system32\xlive
2009-01-30 23:31:51 ----D---- C:\Program Files\WBGames
2009-01-29 19:17:47 ----D---- C:\Documents and Settings\Michael\Application Data\TeamViewer
2009-01-27 19:43:16 ----D---- C:\1264fb5313bb11f50cf1e9
2009-01-25 21:38:58 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2009-01-25 18:26:51 ----A---- C:\WINDOWS\system32\DUALSHOCK3FF.dll
2009-01-25 04:26:13 ----D---- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Pro
2009-01-25 04:26:07 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-01-25 04:26:04 ----D---- C:\Program Files\DAEMON Tools Lite
2009-01-25 04:21:56 ----D---- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Lite
2009-01-06 23:19:16 ----D---- C:\Documents and Settings\Michael\Application Data\AVS4YOU
2009-01-06 23:19:13 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-01-06 23:18:48 ----D---- C:\Program Files\Common Files\AVSMedia
2009-01-06 23:18:48 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-01-06 23:18:48 ----A---- C:\WINDOWS\system32\mfc70.dll
2009-01-06 23:18:47 ----D---- C:\Program Files\AVS4YOU
2009-01-06 23:18:47 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-01-06 23:18:47 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-01-06 23:10:14 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2008-12-12 22:36:35 ----A---- C:\WINDOWS\system32\stlang.dll
2008-12-12 22:36:35 ----A---- C:\WINDOWS\system32\stacsv.exe
2008-12-12 22:36:35 ----A---- C:\WINDOWS\sttray.exe
2008-12-12 22:36:29 ----A---- C:\WINDOWS\system32\staco.dll
2008-12-12 22:35:58 ----A---- C:\WINDOWS\system32\stacapi.dll
2008-12-12 22:35:50 ----D---- C:\Program Files\SigmaTel
2008-12-12 20:50:00 ----RA---- C:\WINDOWS\system32\Prounstl.exe
2008-12-12 20:50:00 ----RA---- C:\WINDOWS\system32\e1000msg.dll
2008-12-12 20:43:55 ----D---- C:\Program Files\Intel
2008-12-12 20:43:55 ----A---- C:\WINDOWS\system32\CSVer.dll
2008-12-12 20:43:50 ----D---- C:\Intel
2008-12-12 20:41:58 ----D---- C:\TempEI4
2008-12-11 05:24:14 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2008-12-11 05:24:14 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2008-12-11 05:24:14 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-12-11 05:24:13 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2008-12-11 05:24:13 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-12-11 05:24:11 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2008-12-11 05:24:11 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-12-11 04:23:38 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-12-10 22:16:04 ----D---- C:\Program Files\KONAMI
2008-12-08 22:32:03 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2008-12-08 11:48:57 ----HDC---- C:\WINDOWS\$NtUninstallKB938759$
2008-12-08 03:24:45 ----D---- C:\Program Files\Common Files\SpellEx
2008-12-08 03:22:07 ----D---- C:\WINDOWS\system32\URTTEMP
2008-12-08 01:20:08 ----D---- C:\Program Files\Rockstar Games
2008-12-06 02:24:39 ----D---- C:\Documents and Settings\Michael\Application Data\acccore
2008-12-06 02:23:41 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-12-06 02:23:17 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-12-06 02:23:17 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-06 02:22:51 ----D---- C:\Program Files\Common Files\AOL
2008-12-06 02:22:38 ----D---- C:\Program Files\AIM6
2008-12-01 20:37:37 ----D---- C:\Program Files\FreeMind
2008-12-01 11:53:16 ----A---- C:\WINDOWS\system32\amdcalrt.dll
2008-12-01 11:53:07 ----A---- C:\WINDOWS\system32\amdcalcl.dll
2008-12-01 11:50:36 ----A---- C:\WINDOWS\system32\Amdcaldd.dll
2008-11-26 18:56:57 ----D---- C:\Program Files\BestGameEver
2008-11-22 05:02:57 ----D---- C:\Program Files\Adobe Media Player
2008-11-22 04:52:07 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-10 12:23:42 ----A---- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-11-10 12:23:38 ----A---- C:\WINDOWS\system32\ZuneBusEnum.exe

======List of files/folders modified in the last 3 months======

2009-02-09 10:40:32 ----SHD---- C:\WINDOWS\Installer
2009-02-09 10:40:32 ----SHD---- C:\Config.Msi
2009-02-09 10:40:32 ----D---- C:\WINDOWS
2009-02-09 10:27:57 ----D---- C:\Program Files\Mozilla Firefox
2009-02-09 10:07:16 ----RD---- C:\Program Files
2009-02-09 10:07:16 ----D---- C:\WINDOWS\system32
2009-02-09 10:06:58 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-09 10:00:01 ----D---- C:\Program Files\Java
2009-02-09 09:48:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 09:46:48 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-09 09:43:32 ----D---- C:\Documents and Settings\Michael\Application Data\Mozilla
2009-02-09 09:27:25 ----D---- C:\Program Files\Steam
2009-02-09 09:26:14 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-09 09:22:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-09 08:47:30 ----D---- C:\WINDOWS\system32\drivers
2009-02-09 08:41:11 ----A---- C:\WINDOWS\system.ini
2009-02-09 08:36:24 ----D---- C:\WINDOWS\system32\config
2009-02-09 08:34:03 ----D---- C:\WINDOWS\AppPatch
2009-02-09 08:34:03 ----D---- C:\Program Files\Common Files
2009-02-09 08:33:31 ----SD---- C:\WINDOWS\Tasks
2009-02-09 07:50:48 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-02-09 07:34:42 ----D---- C:\Program Files\Google
2009-02-09 06:30:24 ----RSH---- C:\boot.ini
2009-02-09 06:30:24 ----A---- C:\WINDOWS\win.ini
2009-02-09 06:06:11 ----D---- C:\WINDOWS\system32\appmgmt
2009-02-09 04:59:16 ----D---- C:\Program Files\Trainer Maker Kit
2009-02-09 04:04:03 ----D---- C:\Documents and Settings\Michael\Application Data\uTorrent
2009-02-09 02:33:19 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-09 02:21:11 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-09 02:20:45 ----RSD---- C:\WINDOWS\assembly
2009-02-09 01:41:07 ----D---- C:\WINDOWS\security
2009-02-09 01:40:35 ----A---- C:\WINDOWS\WININIT.INI
2009-02-09 01:23:06 ----D---- C:\Documents and Settings
2009-02-08 22:51:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-08 22:47:39 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-02-08 22:43:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-08 22:43:05 ----D---- C:\WINDOWS\WinSxS
2009-02-08 22:37:10 ----D---- C:\WINDOWS\Debug
2009-02-08 22:36:55 ----HD---- C:\WINDOWS\inf
2009-02-08 22:36:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-08 22:36:44 ----A---- C:\WINDOWS\imsins.BAK
2009-02-08 22:17:35 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-08 22:17:28 ----D---- C:\WINDOWS\Help
2009-02-08 22:17:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-08 22:12:56 ----D---- C:\WINDOWS\Minidump
2009-02-08 22:06:14 ----D---- C:\WINDOWS\Prefetch
2009-02-08 13:23:56 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-08 04:14:11 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-08 04:14:02 ----D---- C:\WINDOWS\system32\DirectX
2009-02-08 03:34:27 ----D---- C:\Documents and Settings\Michael\Application Data\FileZilla
2009-02-08 03:32:46 ----D---- C:\Program Files\Bethesda Softworks
2009-02-02 04:35:12 ----D---- C:\Documents and Settings\Michael\Application Data\mIRC
2009-02-01 19:07:10 ----D---- C:\Program Files\mIRC
2009-01-28 16:31:03 ----D---- C:\Program Files\EA GAMES
2009-01-28 16:25:25 ----D---- C:\Program Files\AGEIA Technologies
2009-01-26 17:49:48 ----D---- C:\Documents and Settings\Michael\Application Data\Adobe
2009-01-26 06:50:40 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-26 05:41:18 ----D---- C:\Fraps
2009-01-26 01:48:22 ----D---- C:\Program Files\QuickTime
2009-01-25 21:38:58 ----D---- C:\Program Files\Adobe
2009-01-25 21:30:45 ----D---- C:\Program Files\Common Files\Adobe
2009-01-25 19:23:46 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-25 18:59:10 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-25 04:26:13 ----D---- C:\Documents and Settings\Michael\Application Data\DAEMON Tools
2009-01-25 04:26:05 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-01-22 23:34:14 ----D---- C:\Program Files\Electronic Arts
2009-01-10 22:27:59 ----D---- C:\Documents and Settings\Michael\Application Data\Bioshock
2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-07 17:12:03 ----D---- C:\Program Files\WMR11
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 22:22:54 ----D---- C:\WINDOWS\system32\RTCOM
2008-12-11 05:23:39 ----HD---- C:\WINDOWS\msdownld.tmp
2008-12-11 04:52:41 ----RSD---- C:\WINDOWS\Fonts
2008-12-11 03:16:30 ----D---- C:\Program Files\ATI Technologies
2008-12-11 02:51:14 ----D---- C:\WINDOWS\system32\Restore
2008-12-11 02:12:08 ----D---- C:\Program Files\Cheat Engine
2008-12-10 00:36:20 ----D---- C:\Program Files\Ubisoft
2008-12-08 03:24:45 ----D---- C:\Program Files\TI Education
2008-12-08 03:24:45 ----D---- C:\Program Files\Common Files\TI Shared
2008-12-08 03:23:04 ----D---- C:\WINDOWS\Registration
2008-12-08 03:07:49 ----D---- C:\WINDOWS\SxsCaPendDel
2008-12-08 03:05:33 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-12-08 02:43:16 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-08 02:43:00 ----D---- C:\WINDOWS\system32\en-US
2008-12-08 02:31:54 ----D---- C:\Program Files\Internet Explorer
2008-12-01 14:35:00 ----A---- C:\WINDOWS\system32\ati2sgag.exe
2008-12-01 12:52:52 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2008-12-01 12:51:31 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-01 12:46:17 ----A---- C:\WINDOWS\system32\atioglxx.dll
2008-12-01 12:41:02 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2008-12-01 12:40:49 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2008-12-01 12:40:41 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2008-12-01 12:40:32 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2008-12-01 12:40:14 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2008-12-01 12:38:42 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2008-12-01 12:37:21 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2008-12-01 12:27:53 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-12-01 12:19:53 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2008-12-01 12:11:54 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-01 11:57:33 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2008-12-01 11:53:36 ----A---- C:\WINDOWS\system32\atikvmag.dll
2008-12-01 11:52:12 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2008-12-01 11:52:02 ----A---- C:\WINDOWS\system32\atitvo32.dll
2008-12-01 11:50:52 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2008-12-01 11:45:32 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-11-27 15:30:00 ----D---- C:\Program Files\Zune
2008-11-27 15:29:03 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-22 12:56:25 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-13 06:11:58 ----A---- C:\WINDOWS\system32\wintrust.dll
2008-11-13 06:11:58 ----A---- C:\WINDOWS\system32\crypt32.dll
2008-11-10 12:09:42 ----A---- C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-11-10 12:09:42 ----A---- C:\WINDOWS\system32\ZuneTcp2Udp.dll
2008-11-10 12:09:40 ----A---- C:\WINDOWS\system32\ZuneRegUtil.dll
2008-11-10 12:09:40 ----A---- C:\WINDOWS\system32\ZunePTDNS.dll
2008-11-10 12:09:38 ----A---- C:\WINDOWS\system32\ZuneNetProxy.dll
2008-11-10 12:09:36 ----A---- C:\WINDOWS\system32\ZuneMTPZ.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-08-24 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-08-24 25416]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-01 3452928]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-11-14 254872]
R3 HabuFltr;Habu Mouse; C:\WINDOWS\system32\drivers\habu.sys [2006-10-23 27776]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2007-11-14 54272]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-11-14 1222840]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
R4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta; C:\WINDOWS\system32\DRIVERS\dualshock3.sys [2008-11-22 11392]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 a4jweb09;a4jweb09; C:\WINDOWS\system32\drivers\a4jweb09.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-20 93696]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 FStarForce;FStarForce; C:\WINDOWS\system32\DRIVERS\FStarForce.sys [2008-10-24 9216]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
S3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable; C:\WINDOWS\System32\Drivers\SilvrLnk.sys [2004-01-28 21456]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 uisp;Freescale USB JW32 driver; C:\WINDOWS\System32\Drivers\usbicp.sys [2005-12-21 14592]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S3 ZD1211BU(Linksys A Division of Cisco Systems Inc.);Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2009-02-09 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2001-09-10 32256]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-14 168432]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-09 152984]
R2 MSCamSvc;MSCamSvc; c:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 NICSer_WUSBF54G;NICSer_WUSBF54G; C:\Program Files\Linksys\WUSBF54G\NICServ.exe [2005-10-20 530432]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-22 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-10-22 107832]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\STacSV.exe [2007-11-14 94208]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-11-10 60032]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-22 655624]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S2 LinksysUpdater;Linksys Updater; C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-01-15 204800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-10-22 65536]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-11-10 5117568]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-11-10 243840]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Edited by Mike Krell, 09 February 2009 - 01:43 PM.


#3 Mike Krell

Mike Krell
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 09 February 2009 - 01:50 PM

Did full scan/quick scan with Malware Byte + Spybot (normal) + Ad-aware (smart scan & quick scan--not full) and all results come to ZERO infection :/ I really hate the french now for some reason..and I speak French lol


Also ran PC through ComboFix 2 additional times (after running it through for Virtumonde about 11 or 12 times lol)

Edited by Mike Krell, 09 February 2009 - 01:52 PM.


#4 Mike Krell

Mike Krell
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 09 February 2009 - 07:18 PM

Also have more info: clickfraudmanager

Edited by Mike Krell, 09 February 2009 - 07:43 PM.


#5 Mike Krell

Mike Krell
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 09 February 2009 - 07:40 PM

I have no idea what to do...tried everything. I mean..I DEFEATED Virtumonde..I would hate to format over a stupid browser redirect. Funny thing is...it only happens in firefox (already tried uninstall/reinstall). Worst thing ever. : (

Edited by Mike Krell, 09 February 2009 - 07:44 PM.


#6 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:34 AM

Posted 10 February 2009 - 10:29 AM

Hi :thumbup2:

In Firefox, click Tools >> Add-Ons. Check for an entry called XUL Cache in either the Extensions heading or the Plugins heading. If it is there - remove it (uninstall), restart Firefox and then check for redirects. If not, don't worry, we'll find another way in.

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done two logs should open:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scrolling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#7 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:34 AM

Posted 24 February 2009 - 07:11 AM

Due to inactivity this topic is now closed.

If you need help please start a new topic.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users