Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to install any anti-virus software.


  • This topic is locked This topic is locked
29 replies to this topic

#1 IfIonlyknew

IfIonlyknew

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 13 February 2009 - 02:53 PM

First I apologize for posting a new topic under "Security > AntiVirus, Firewall and Privacy Products and Protection Methods > Unable to install anti-virus software." This is what I posted in first topic:
I first got an error message from from my anit-virus (Trend Micro) and said I should reinstall the program. I uninstalled then tried to reinstall and I get this error message: "unable to install the kernel drivers tmtdi.sys".
I tried to installing AVG free 8 and it wont install.
I ran Windows Defender, Combo fix & Malwarebytes. It still did not fix the problem.
I've searched around on the internet and not sure if I should try anything else or if I am making the problem worse. I dont want to format my computer if possible.

Sorry, I forgot to mention that I am running Vista 32 sp 1 and using Trend Micro PC-Illin Internet Security 14.


I read the forum guidlines and now posting here to include hijackthis and DDS logs.

HIJACK log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:43 AM, on 2/13/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\hijackthis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Jam On\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Jam On\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O13 - Gopher Prefix:
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8967 bytes



DDS log: (Attach Log included in attachments)



DDS (Ver_09-02-01.01) - NTFSx86
Run by Jam On at 10:57:23.44 on Fri 02/13/2009
Internet Explorer: 8.0.6001.18372
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.1808 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jam On\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080402
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080402
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-1 64160]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-10 124832]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-13 1153368]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2008-4-2 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2008-4-2 235616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-4-2 31616]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-2 30192]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2008-4-2 141376]
S3 SaiIFF04;Immersion's HID USB Driver (FF04);c:\windows\system32\drivers\SaiIFF04.sys [2009-2-5 16256]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-20 356920]
S3 usbsnoop;usbsnoop (display);c:\windows\system32\drivers\usbsnoop.sys [2009-2-5 40896]

=============== Created Last 30 ================

2009-02-13 10:49 <DIR> --d----- C:\hijackthis
2009-02-13 10:21 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-13 01:18 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-13 01:18 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-13 00:41 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-02-13 00:41 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-13 00:41 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-02-12 12:55 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-02-12 12:51 622,080 a------- c:\windows\system32\icardagt.exe
2009-02-12 12:51 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-12 12:51 97,800 a------- c:\windows\system32\infocardapi.dll
2009-02-12 12:51 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-02-12 12:51 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-02-12 12:51 11,264 a------- c:\windows\system32\icardres.dll
2009-02-12 12:51 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-02-12 12:51 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-02-12 12:46 96,760 a------- c:\windows\system32\dfshim.dll
2009-02-12 12:46 282,112 a------- c:\windows\system32\mscoree.dll
2009-02-12 12:46 41,984 a------- c:\windows\system32\netfxperf.dll
2009-02-12 12:45 158,720 a------- c:\windows\system32\mscorier.dll
2009-02-12 12:45 83,968 a------- c:\windows\system32\mscories.dll
2009-02-12 12:43 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-12 12:43 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-12 12:43 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-12 12:43 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-12 12:43 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-12 11:03 <DIR> --d----- C:\ComboFix
2009-02-11 10:14 <DIR> --d----- c:\programdata\WindowsSearch
2009-02-10 11:08 <DIR> --d----- c:\program files\LucasArts
2009-02-05 12:35 126,976 a------- c:\windows\system32\SaiQFF04.Dll
2009-02-05 12:35 16,256 a------- c:\windows\system32\drivers\SaiIFF04.sys
2009-02-05 12:35 <DIR> --d----- C:\Force RS
2009-02-05 10:32 40,896 a------- c:\windows\system32\drivers\usbsnoop.sys
2009-02-04 01:16 805,400 a----r-- c:\windows\system32\tmp276F.tmp
2009-02-04 01:14 805,400 a----r-- c:\windows\system32\tmp274F.tmp
2009-02-01 12:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-01 12:16 <DIR> --d----- c:\program files\Lavasoft
2009-01-28 01:17 <DIR> --d----- c:\program files\EA Games
2009-01-28 01:15 <DIR> --d----- c:\windows\system32\AGEIA
2009-01-28 01:15 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-27 15:01 <DIR> --d----- c:\windows\pss
2009-01-27 14:02 <DIR> --d----- c:\program files\MagicISO
2009-01-27 11:31 <DIR> --d----- c:\users\jamon~1\appdata\roaming\Disney Interactive Studios
2009-01-27 10:34 <DIR> --d----- c:\program files\Disney Interactive Studios
2009-01-27 10:32 1,048 a------- c:\windows\disney.ini
2009-01-26 11:07 <DIR> --d----- c:\programdata\Codemasters
2009-01-26 11:07 <DIR> --d----- c:\progra~2\Codemasters
2009-01-26 02:43 805,400 a----r-- c:\windows\system32\tmpF55A.tmp
2009-01-26 02:43 805,400 a----r-- c:\windows\system32\tmpA699.tmp
2009-01-26 02:43 805,400 a----r-- c:\windows\system32\tmp8E87.tmp
2009-01-26 02:43 805,400 a----r-- c:\windows\system32\tmp36C9.tmp
2009-01-26 02:43 805,400 a----r-- c:\windows\system32\tmp1D50.tmp
2009-01-26 02:43 <DIR> --d----- c:\program files\OpenAL
2009-01-26 02:41 805,400 a----r-- c:\windows\system32\tmpF51B.tmp
2009-01-26 01:56 <DIR> --d----- c:\program files\Codemasters
2009-01-26 01:43 802,816 a------- c:\windows\system32\imagXRA7.dll
2009-01-26 01:43 497,296 a------- c:\windows\system32\imagXpr7.dll
2009-01-26 01:43 368,640 a------- c:\windows\system32\TwnLib4.dll
2009-01-26 01:43 258,048 a------- c:\windows\system32\imagXR7.dll
2009-01-26 01:43 1,757,184 a------- c:\windows\system32\imagX7.dll
2009-01-26 01:43 <DIR> --d----- c:\programdata\Nero
2009-01-26 01:43 <DIR> --d----- c:\program files\Nero
2009-01-26 01:43 <DIR> --d----- c:\progra~2\Nero
2009-01-25 23:48 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-01-25 22:27 <DIR> --d----- c:\program files\City Interactive
2009-01-25 21:08 <DIR> --d----- c:\program files\Capcom
2009-01-25 11:04 2 a------- C:\149418224
2009-01-25 11:03 <DIR> --d----- c:\windows\system32\UZ
2009-01-25 11:03 <DIR> --d----- c:\temp\tmp90
2009-01-25 11:03 <DIR> --d----- C:\Temp
2009-01-24 11:30 <DIR> --d----- c:\program files\PostgreSQL
2009-01-24 11:25 <DIR> --d----- c:\program files\PokerTracker 3
2009-01-20 19:15 118 a------- c:\windows\system32\MRT.INI
2009-01-20 18:33 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-20 17:57 98,816 a------- c:\windows\sed.exe
2009-01-20 17:27 <DIR> --d----- c:\windows\system32\catroot2
2009-01-20 16:54 <DIR> --d----- c:\programdata\avg8
2009-01-20 16:54 <DIR> --d----- c:\progra~2\avg8
2009-01-20 14:13 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-01-20 14:13 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-01-20 14:13 42,376 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-01-20 14:13 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-01-20 14:13 <DIR> a-d----- c:\programdata\TEMP
2009-01-20 14:13 <DIR> --d----- c:\users\jamon~1\appdata\roaming\PC Tools
2009-01-20 14:13 <DIR> --d----- c:\program files\Spyware Doctor
2009-01-20 14:12 <DIR> --d----- c:\windows\system32\runtime
2009-01-20 14:00 <DIR> --d----- c:\programdata\Google Updater
2009-01-16 20:28 <DIR> --d----- c:\program files\Microsoft Xbox 360 Accessories
2009-01-16 20:11 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-01-16 14:04 <DIR> --d----- c:\program files\iPod
2009-01-16 14:04 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-16 14:04 <DIR> --d----- c:\program files\iTunes
2009-01-16 14:04 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-16 02:22 <DIR> --d----- c:\programdata\Lavasoft
2009-01-15 17:43 1,516,032 a--shr-- c:\windows\wintask.exe
2009-01-15 02:10 <DIR> --d----- c:\users\jamon~1\appdata\roaming\Ubisoft
2009-01-15 02:06 <DIR> --d----- c:\programdata\Ubisoft

==================== Find3M ====================

2009-02-12 14:08 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-12 14:08 86,016 a------- c:\windows\inf\infstor.dat
2009-02-12 14:08 51,200 a------- c:\windows\inf\infpub.dat
2009-01-15 02:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 02:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 02:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 02:04 109,056 a------- c:\windows\system32\iesysprep.dll
2009-01-15 02:04 132,096 a------- c:\windows\system32\ieUnatt.exe
2009-01-15 02:04 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-01-15 02:04 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-01-15 02:04 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-01-15 02:04 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-01-15 02:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-01-15 02:03 72,704 a------- c:\windows\system32\admparse.dll
2009-01-15 02:03 71,680 a------- c:\windows\system32\iesetup.dll
2009-01-15 02:03 66,560 a------- c:\windows\system32\wextract.exe
2009-01-15 02:02 169,472 a------- c:\windows\system32\iexpress.exe
2009-01-15 02:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 02:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 02:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 01:50 156,160 a------- c:\windows\system32\msls31.dll
2008-12-20 21:21 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-20 21:21 22,328 a------- c:\users\jamon~1\appdata\roaming\PnkBstrK.sys
2008-12-20 21:21 103,736 a------- c:\windows\system32\PnkBstrB.exe
2008-12-18 18:01 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-16 09:53 717,296 a------- c:\windows\system32\drivers\sptd.sys
2008-11-26 00:45 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-09-27 10:28 174 a--sh--- c:\program files\desktop.ini
2008-09-27 10:20 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-02 07:27 76 a--shr-- c:\windows\CT4CET.bin

============= FINISH: 10:57:37.68 ===============

Thanks for the help in advance.

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:04:38 PM

Posted 25 February 2009 - 07:18 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 IfIonlyknew

IfIonlyknew
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 26 February 2009 - 01:32 AM

I wanted to mention that I currently do not have any av program installed. After I uninstalled Trend Micro, I could not reinstall it or any other free av program.

Here is the info:



DDS (Ver_09-02-01.01) - NTFSx86
Run by Jam On at 22:24:22.75 on Wed 02/25/2009
Internet Explorer: 8.0.6001.18372
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2245 [GMT -8:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jam On\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4E7K35ZB\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080402
uSearch Bar = Preserve
uWindow Title = Internet Explorer provided by Dell
mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080402
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-1 64160]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-10 124832]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-13 1153368]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2008-4-2 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2008-4-2 235616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-4-2 31616]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-2 30192]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2008-4-2 141376]
S3 SaiIFF04;Immersion's HID USB Driver (FF04);c:\windows\system32\drivers\SaiIFF04.sys [2009-2-5 16256]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-20 356920]
S3 usbsnoop;usbsnoop (display);c:\windows\system32\drivers\usbsnoop.sys [2009-2-5 40896]

=============== Created Last 30 ================

2009-02-16 14:22 339,111,494 a------- c:\windows\MEMORY.DMP
2009-02-13 10:49 <DIR> --d----- C:\hijackthis
2009-02-13 10:21 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-13 01:18 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-13 01:18 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-13 00:41 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-02-13 00:41 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-13 00:41 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-02-12 12:55 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-02-12 12:51 622,080 a------- c:\windows\system32\icardagt.exe
2009-02-12 12:51 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-12 12:51 97,800 a------- c:\windows\system32\infocardapi.dll
2009-02-12 12:51 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-02-12 12:51 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-02-12 12:51 11,264 a------- c:\windows\system32\icardres.dll
2009-02-12 12:51 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-02-12 12:51 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-02-12 12:46 96,760 a------- c:\windows\system32\dfshim.dll
2009-02-12 12:46 282,112 a------- c:\windows\system32\mscoree.dll
2009-02-12 12:46 41,984 a------- c:\windows\system32\netfxperf.dll
2009-02-12 12:45 158,720 a------- c:\windows\system32\mscorier.dll
2009-02-12 12:45 83,968 a------- c:\windows\system32\mscories.dll
2009-02-12 12:43 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-12 12:43 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-12 12:43 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-12 12:43 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-12 12:43 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-12 11:03 <DIR> --d----- C:\ComboFix
2009-02-11 10:14 <DIR> --d----- c:\programdata\WindowsSearch
2009-02-10 11:08 <DIR> --d----- c:\program files\LucasArts
2009-02-05 12:35 126,976 a------- c:\windows\system32\SaiQFF04.Dll
2009-02-05 12:35 16,256 a------- c:\windows\system32\drivers\SaiIFF04.sys
2009-02-05 12:35 <DIR> --d----- C:\Force RS
2009-02-05 10:32 40,896 a------- c:\windows\system32\drivers\usbsnoop.sys
2009-02-04 01:16 805,400 a----r-- c:\windows\system32\tmp276F.tmp
2009-02-04 01:14 805,400 a----r-- c:\windows\system32\tmp274F.tmp
2009-02-01 12:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-01 12:16 <DIR> --d----- c:\program files\Lavasoft
2009-01-28 01:17 <DIR> --d----- c:\program files\EA Games
2009-01-28 01:15 <DIR> --d----- c:\windows\system32\AGEIA
2009-01-28 01:15 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-27 15:01 <DIR> --d----- c:\windows\pss
2009-01-27 14:02 <DIR> --d----- c:\program files\MagicISO
2009-01-27 11:31 <DIR> --d----- c:\users\jamon~1\appdata\roaming\Disney Interactive Studios
2009-01-27 10:34 <DIR> --d----- c:\program files\Disney Interactive Studios
2009-01-27 10:32 1,048 a------- c:\windows\disney.ini

==================== Find3M ====================

2009-02-12 14:08 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-12 14:08 86,016 a------- c:\windows\inf\infstor.dat
2009-02-12 14:08 51,200 a------- c:\windows\inf\infpub.dat
2009-01-16 20:11 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-01-15 17:43 1,516,032 a--shr-- c:\windows\wintask.exe
2009-01-15 02:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 02:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 02:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 02:04 109,056 a------- c:\windows\system32\iesysprep.dll
2009-01-15 02:04 132,096 a------- c:\windows\system32\ieUnatt.exe
2009-01-15 02:04 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-01-15 02:04 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-01-15 02:04 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-01-15 02:04 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-01-15 02:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-01-15 02:03 72,704 a------- c:\windows\system32\admparse.dll
2009-01-15 02:03 71,680 a------- c:\windows\system32\iesetup.dll
2009-01-15 02:03 66,560 a------- c:\windows\system32\wextract.exe
2009-01-15 02:02 169,472 a------- c:\windows\system32\iexpress.exe
2009-01-15 02:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 02:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 02:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 01:50 156,160 a------- c:\windows\system32\msls31.dll
2008-12-20 21:21 22,328 a------- c:\users\jamon~1\appdata\roaming\PnkBstrK.sys
2008-12-20 21:21 103,736 a------- c:\windows\system32\PnkBstrB.exe
2008-12-18 18:01 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-09-27 10:28 174 a--sh--- c:\program files\desktop.ini
2008-09-27 10:20 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-02 07:27 76 a--shr-- c:\windows\CT4CET.bin

============= FINISH: 22:24:40.65 ===============

#4 IfIonlyknew

IfIonlyknew
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 26 February 2009 - 01:33 AM

Sorry forgot to attach the other log.

Attached Files



#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:38 PM

Posted 26 February 2009 - 07:55 AM

Hi IfIonlyknew,

Once more apologies for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • Empty all p2p (uTorrent, etc...) download folders. They might contain infected files. Please avoid using these p2p applications or uninstall them altogether. Using these applications might lead to reinfection or infecting other users. Using these applications is generally a risky job but it is suicidal if you don't have a proper antivirus on your system .

  • Since you don't have an antivirus minimize connecting to internet. Our first priority is to install an antivirus. Tell me if you already have a paid antivirus, otherwise we will try a good free antivirus.

  • You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do. This will only take a few seconds.
    • First disable TeaTimer:
      • Run Spybot-S&D
      • Go to the Mode menu, and make sure Advanced Mode is selected
      • On the left hand side, choose Tools -> Resident
      • Uncheck Resident TeaTimer and OK any prompts
      • Restart your computer.
      Instruction is also here: How to disable TeaTimer during HijackThis Cleanup

      Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

    • Then download ResetTeaTimer.exe to your desktop. (In case you use Firefox, rightclick the link and choose "Save Link As").
      • Doubleclick ResetTeaTimer.exe and let it run.
    Note: The Teatimer should be kept disabled until I give you the clean sign.

  • If the following application is installed on the computer (it comes preinstalled with Dell computers) without your consent you may go to Add/Remove programs and uninstall it:

    Browser Address Error Redirector

  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

  • Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
  • You mentioed running combofix. I need to see its log. You can find it here:

    C:\Qoobox\combofixX.txt (note that X is a number, if you have run it more than once post the log with the highest number. If you have run Combofix just once the log will be here: C:\Combofix.txt)

  • Please copy and paste a fresh Hijackthis log to your reply.
Please include in your next reply:
  • The log of MBAM.
  • The Combofix log.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#6 IfIonlyknew

IfIonlyknew
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 27 February 2009 - 01:32 AM

Hi Farbar,

I have Trend Micro PC-cillin Internet Security 14 that came bundled with my computer. It expires sometime in 2010.

I followed all the instructions all the way up to "Please do a scan with Kaspersky Online Scanner". I had some problems and got stuck here. Regarding the part: "Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan".... I wasn't sure if I did this right. I had to click the "Kaspersky link" and copy the web adress, close my browser and open it again via right click, "run as admin.", then pasted the web link.

So I get to Kaspersky online and the "accept" button on the webpage will not higlight (Screenshot attached). I then get an error message (attached) that says "I have to install Java 1.6 or later".

I head to Java.com and click update, and says I have 1.6 oem and suggest update. I go thru the update process close my browser and restart and go back to Jave to verify Installation. I run "Java version verify" and a message window appears (attached). I tried both run and cancel. I tried clicking "Run" first but it keeps showing that I need to update (attached). I tried clicking "cancel" and nothing happens.

So I stopped and have not done anything further.

I am including the Malware log that I completed in the previous steps. I also uninstalled Dell browser redirect.


Malwarebytes' Anti-Malware 1.34
Database version: 1807
Windows 6.0.6001 Service Pack 1

2/26/2009 6:52:07 PM
mbam-log-2009-02-26 (18-52-07).txt

Scan type: Quick Scan
Objects scanned: 71808
Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:38 PM

Posted 27 February 2009 - 05:43 AM

Nice job providing those screenshots.

Let see if you can install Java and proceed with Kaspersky scan:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 12".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java or Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.


#8 IfIonlyknew

IfIonlyknew
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 27 February 2009 - 01:36 PM

I followed your latest instructions and everything went smooth with uninstalling any Java (restart comp.), and installing the offline update went through with no problems.

Note: I included a screenshot of "Add/remove programs" window before I unistalled Java. It shows that I had Java 6 and update, but does not show any entry with "Java 1.6". I unistalled anyways.

I assumed that if I got Java to install, that I should move to next step "Kaspersky Online Scanner".

I am getting the same thing. Not able to click the "accept" button (Kaspersky Online) and the Java error message comes up again saying that I need "java 1.6 or later".

Attached Files



#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:38 PM

Posted 27 February 2009 - 05:28 PM

  • Please post the Combofix log as requested before.

  • Please download http://OTListIt2 by OldTimer.
    • Save it to your desktop.
    • Double click on the OTListIt2 icon on your desktop.
      • Click the "Scan All Users" checkbox.
      • Check under Services All.
      • Set Extra Registry to Use Safelist
      • Check the boxes nest to LOP Check and Purity Check.
    • Click Run Scan button.
    • Two reports will open, please attach them to your reply:
      • OTListIt.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
  • To remove temporary files, disable browser add-ons, and reset all the changed settings:
    • Close all the open windows.
    • Go to start > Control Panel.
    • Open Internet Options.
    • Click the Advanced tab, and then click Reset.
    • Click Reset again and OK.
  • Now right-click IE shortcut to run it as administrator and try Kaspersky online scanner once more.


#10 IfIonlyknew

IfIonlyknew
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 28 February 2009 - 02:12 AM

Farbar:

After following your last instructions I was able to "accept" Kaspersky Online and scan my computer.

I included the Kaspersky, ComboFix, and a fresh HiJack log. I've attached "OTlistit.txt" and I had to post the "Extras.txt" becuase I don't have enough attachment space.

Kaspersky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, February 27, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, February 28, 2009 00:39:57
Records in database: 1854199
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
L:\

Scan statistics:
Files scanned: 325070
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 05:51:33


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Windows\System32\gaopdxmvqstuty.dll.vir Infected: Packed.Win32.Tdss.c 1
C:\Windows\wintask.exe Infected: Packed.Win32.PePatch.bq 1

The selected area was scanned.



COMBO FIX Log:

ComboFix 09-01-19.05 - Jam On 2009-01-20 18:16:32.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2051 [GMT -8:00]
Running from: c:\users\Jam On\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated)
FW: PC-cillin Internet Security - Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ap1.exe
c:\windows\system32\ap2.exe
c:\windows\system32\ap3.exe
c:\windows\system32\drivers\gaopdxbwpcnsoe.sys
c:\windows\system32\gaopdxmvqstuty.dll
D:\resycled
d:\resycled\boot.com
K:\resycled
k:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.

2009-01-20 18:06 . 2009-01-20 18:06 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-20 17:27 . 2009-01-20 17:31 <DIR> d-------- c:\windows\System32\catroot2
2009-01-20 16:54 . 2009-01-20 16:54 <DIR> d-------- c:\windows\System32\drivers\Avg
2009-01-20 16:54 . 2009-01-20 16:58 <DIR> d-------- c:\users\All Users\avg8
2009-01-20 16:54 . 2009-01-20 16:58 <DIR> d-------- c:\programdata\avg8
2009-01-20 16:54 . 2009-01-20 16:54 <DIR> d-------- c:\program files\AVG
2009-01-20 16:54 . 2009-01-20 16:54 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys
2009-01-20 16:54 . 2009-01-20 16:54 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys
2009-01-20 16:54 . 2009-01-20 16:54 10,520 --a------ c:\windows\System32\avgrsstx.dll
2009-01-20 16:43 . 2009-01-20 16:44 338,820,678 --a------ c:\windows\MEMORY.DMP
2009-01-20 14:13 . 2009-01-20 14:13 <DIR> d-------- c:\users\Jam On\AppData\Roaming\PC Tools
2009-01-20 14:13 . 2009-01-20 17:50 <DIR> d-a------ c:\users\All Users\TEMP
2009-01-20 14:13 . 2009-01-20 17:50 <DIR> d-a------ c:\programdata\TEMP
2009-01-20 14:13 . 2009-01-20 14:39 <DIR> d-------- c:\program files\Spyware Doctor
2009-01-20 14:13 . 2009-01-20 15:30 <DIR> d-------- c:\program files\Norton Security Scan
2009-01-20 14:13 . 2009-01-20 14:13 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-01-20 14:13 . 2008-06-10 21:22 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2009-01-20 14:13 . 2008-06-02 15:19 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2009-01-20 14:13 . 2008-06-02 15:19 42,376 --a------ c:\windows\System32\drivers\ikfilesec.sys
2009-01-20 14:13 . 2008-06-02 15:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2009-01-20 14:12 . 2009-01-20 14:12 <DIR> d-------- c:\windows\System32\runtime
2009-01-20 14:00 . 2009-01-20 15:00 <DIR> d-------- c:\users\All Users\Google Updater
2009-01-20 14:00 . 2009-01-20 15:00 <DIR> d-------- c:\programdata\Google Updater
2009-01-17 10:24 . 2009-01-17 10:24 <DIR> d-------- c:\users\Tilly\AppData\Roaming\Yahoo!
2009-01-16 20:28 . 2009-01-16 20:28 <DIR> d-------- c:\program files\Microsoft Xbox 360 Accessories
2009-01-16 20:11 . 2009-01-16 20:11 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-01-16 14:04 . 2009-01-16 14:04 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-16 14:04 . 2009-01-16 14:04 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-16 14:04 . 2009-01-16 14:04 <DIR> d-------- c:\program files\iTunes
2009-01-16 14:04 . 2009-01-16 14:04 <DIR> d-------- c:\program files\iPod
2009-01-16 14:02 . 2009-01-16 14:03 <DIR> d-------- c:\program files\QuickTime
2009-01-16 10:26 . 2009-01-16 10:26 <DIR> d-------- c:\program files\CCleaner
2009-01-16 02:22 . 2009-01-16 02:23 <DIR> d-------- c:\users\All Users\Lavasoft
2009-01-16 02:22 . 2009-01-16 02:23 <DIR> d-------- c:\programdata\Lavasoft
2009-01-16 02:22 . 2009-01-16 02:22 <DIR> d-------- c:\program files\Lavasoft
2009-01-16 02:21 . 2009-01-16 02:21 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-15 13:51 . 2009-01-15 13:51 <DIR> d-------- c:\users\All Users\Yahoo! Companion
2009-01-15 13:51 . 2009-01-15 13:51 <DIR> d-------- c:\programdata\Yahoo! Companion
2009-01-15 02:10 . 2009-01-15 02:10 <DIR> d-------- c:\users\Jam On\AppData\Roaming\Ubisoft
2009-01-15 02:06 . 2009-01-15 02:06 <DIR> d-------- c:\users\All Users\Ubisoft
2009-01-15 02:06 . 2009-01-15 02:06 <DIR> d-------- c:\programdata\Ubisoft
2009-01-14 12:12 . 2009-01-14 12:12 <DIR> d-------- c:\program files\SEGA
2009-01-14 01:32 . 2009-01-14 01:32 <DIR> d-------- c:\program files\EA Sports
2009-01-10 18:27 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\System32\D3DX9_39.dll
2009-01-10 18:27 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\System32\D3DCompiler_39.dll
2009-01-10 18:27 . 2008-07-31 10:40 509,448 --a------ c:\windows\System32\XAudio2_2.dll
2009-01-10 18:27 . 2008-07-12 08:18 467,984 --a------ c:\windows\System32\d3dx10_39.dll
2009-01-10 18:27 . 2008-07-31 10:41 238,088 --a------ c:\windows\System32\xactengine3_2.dll
2009-01-10 18:27 . 2008-07-31 10:41 68,616 --a------ c:\windows\System32\XAPOFX1_1.dll
2009-01-10 17:59 . 2009-01-10 17:59 <DIR> d-------- c:\users\Jam On\AppData\Roaming\Capcom
2009-01-08 17:57 . 2009-01-08 17:57 <DIR> d-------- c:\windows\System32\Brain Trainer 2
2009-01-08 17:51 . 2009-01-08 17:51 <DIR> d-------- c:\windows\System32\Brain Trainer
2009-01-08 17:51 . 2009-01-08 17:57 <DIR> d-------- c:\program files\Mindscape
2009-01-08 01:53 . 2009-01-08 01:53 <DIR> d--h-c--- c:\users\All Users\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2009-01-08 01:53 . 2009-01-08 01:53 <DIR> d--h-c--- c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2009-01-08 01:37 . 2009-01-08 01:37 3,888 --a------ c:\windows\System32\ealregsnapshot1.reg
2009-01-07 12:04 . 2009-01-07 16:51 <DIR> d-------- c:\program files\Atari
2009-01-05 19:09 . 2009-01-05 19:09 <DIR> d-------- c:\program files\Adobe Media Player
2009-01-05 19:06 . 2009-01-05 19:06 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-05 02:09 . 2009-01-05 12:31 <DIR> d-------- c:\users\All Users\Autodesk
2009-01-05 02:09 . 2009-01-05 12:31 <DIR> d-------- c:\programdata\Autodesk
2009-01-05 02:05 . 2009-01-05 13:32 <DIR> d-------- c:\program files\Common Files\Autodesk Shared
2009-01-04 16:00 . 2009-01-05 02:08 <DIR> d-------- c:\program files\Autodesk
2008-12-30 11:11 . 2008-12-30 11:11 <DIR> d-------- c:\users\Tilly\AppData\Roaming\Malwarebytes
2008-12-28 20:23 . 2008-12-28 20:23 <DIR> d-------- c:\users\All Users\2DBoy
2008-12-28 20:23 . 2008-12-28 20:23 <DIR> d-------- c:\programdata\2DBoy
2008-12-28 20:23 . 2008-12-28 20:23 <DIR> d-------- c:\program files\WorldOfGoo
2008-12-28 18:15 . 2008-12-28 18:15 <DIR> d-------- c:\users\Tilly\AppData\Roaming\InstallShield
2008-12-28 18:15 . 2008-12-28 18:15 <DIR> d-------- c:\users\Tilly\AppData\Roaming\DAEMON Tools Pro
2008-12-28 18:15 . 2008-12-28 18:15 <DIR> d-------- c:\users\Tilly\AppData\Roaming\DAEMON Tools Lite
2008-12-28 18:15 . 2008-12-28 18:15 <DIR> d-------- c:\users\Tilly\AppData\Roaming\DAEMON Tools
2008-12-27 15:54 . 2009-01-07 19:03 <DIR> d-------- c:\users\All Users\FLEXnet
2008-12-27 15:54 . 2009-01-07 19:03 <DIR> d-------- c:\programdata\FLEXnet
2008-12-27 11:51 . 2008-12-27 11:51 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2008-12-27 11:51 . 2008-12-27 11:51 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2008-12-27 11:51 . 2008-12-27 11:51 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2008-12-27 11:51 . 2008-12-27 11:51 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2008-12-27 11:51 . 2008-12-27 11:51 <DIR> d-------- c:\users\All Users\Electronic Arts
2008-12-27 11:51 . 2008-12-27 11:51 <DIR> d-------- c:\programdata\Electronic Arts
2008-12-27 10:14 . 2008-12-27 10:14 <DIR> d-------- c:\users\Jam On\AppData\Roaming\HandBrake
2008-12-27 09:59 . 2008-12-27 09:59 <DIR> d-------- c:\program files\HandBrake
2008-12-25 22:29 . 2008-12-25 22:29 <DIR> d-------- c:\users\Jam On\AppData\Roaming\Malwarebytes
2008-12-25 22:29 . 2008-12-25 22:29 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-25 22:29 . 2008-12-25 22:29 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-25 22:29 . 2008-12-25 22:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-25 22:29 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-25 22:29 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-23 11:13 . 2008-12-23 11:13 <DIR> d-------- c:\program files\Bethesda Softworks
2008-12-23 11:10 . 2008-12-23 11:10 <DIR> d-------- c:\windows\System32\xlive
2008-12-22 02:50 . 2008-12-22 02:50 <DIR> d--h----- c:\users\All Users\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-12-22 02:50 . 2008-12-22 02:50 <DIR> d--h----- c:\programdata\{0E8E33D8-193A-414A-A909-0F101A142D26}
2008-12-22 02:44 . 2008-12-22 02:44 <DIR> d-------- c:\program files\Stardock Games
2008-12-21 12:55 . 2008-12-21 12:55 <DIR> d-------- c:\program files\Telltale

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 22:13 --------- d-----w c:\program files\Google
2009-01-20 10:08 --------- d-----w c:\users\Jam On\AppData\Roaming\uTorrent
2009-01-20 10:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-20 09:22 --------- d-----w c:\program files\Electronic Arts
2009-01-16 22:04 --------- d-----w c:\program files\Common Files\Apple
2009-01-15 21:51 --------- d-----w c:\program files\Yahoo!
2009-01-15 21:50 --------- d-----w c:\programdata\Yahoo!
2009-01-15 09:52 --------- d-----w c:\program files\Ubisoft
2009-01-14 20:11 --------- d-----w c:\users\Jam On\AppData\Roaming\InstallShield
2009-01-06 03:41 --------- d-----w c:\program files\Common Files\Adobe
2008-12-28 19:25 --------- d-----w c:\programdata\Roxio
2008-12-21 05:21 669,184 ----a-w c:\windows\System32\pbsvc.exe
2008-12-21 05:21 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-21 05:21 22,328 ----a-w c:\users\Jam On\AppData\Roaming\PnkBstrK.sys
2008-12-21 05:21 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-12-21 05:19 --------- d-----w c:\programdata\Media Center Programs
2008-12-20 21:44 --------- d-----w c:\users\Jam On\AppData\Roaming\Roxio
2008-12-20 20:57 --------- d-----w c:\users\Jam On\AppData\Roaming\Stardock
2008-12-20 20:56 --------- dc-h--w c:\programdata\{1EB63B4B-5639-4477-8E24-05C31B5F8019}
2008-12-20 20:56 --------- d-----w c:\program files\Stardock
2008-12-20 20:55 --------- d-----w c:\programdata\Stardock
2008-12-20 20:55 --------- d-----w c:\program files\Kalypso
2008-12-19 02:05 --------- d--h--r c:\users\Jam On\AppData\Roaming\SecuROM
2008-12-19 02:01 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-12-16 18:09 --------- d-----w c:\program files\NovaLogic
2008-12-16 18:07 --------- d-----w c:\users\Jam On\AppData\Roaming\DAEMON Tools Lite
2008-12-16 17:58 --------- d-----w c:\users\Jam On\AppData\Roaming\DAEMON Tools Pro
2008-12-16 17:58 --------- d-----w c:\users\Jam On\AppData\Roaming\DAEMON Tools
2008-12-16 17:57 --------- d-----w c:\programdata\DAEMON Tools Lite
2008-12-16 17:57 --------- d-----w c:\program files\DAEMON Tools Lite
2008-12-16 17:53 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-11 17:32 --------- d-----w c:\program files\Windows Mail
2008-12-11 17:29 --------- d-----w c:\programdata\Microsoft Help
2008-12-07 22:25 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-27 01:42 36,368 ----a-w c:\windows\system32\drivers\tmpreflt.sys
2008-11-27 01:42 205,328 ----a-w c:\windows\system32\drivers\tmxpflt.sys
2008-11-27 01:39 1,195,384 ----a-w c:\windows\system32\drivers\vsapint.sys
2008-11-26 09:36 --------- d-----w c:\programdata\NVIDIA
2008-11-26 09:29 0 ---ha-w c:\windows\system32\drivers\Msft_User_AuxiliaryDisplayEnhancedDriver_01_00_00.Wdf
2008-11-26 09:27 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-26 08:45 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-11-26 08:16 --------- d-----w c:\users\Jam On\AppData\Roaming\Turbine
2008-11-26 07:22 --------- d-----w c:\program files\Activision
2008-11-22 17:27 --------- d-----w c:\users\Tilly\AppData\Roaming\ArcSoft
2008-11-21 19:31 --------- d-----w c:\users\Jam On\AppData\Roaming\ArcSoft
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll
2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-09-27 18:28 174 --sha-w c:\program files\desktop.ini
2008-04-02 15:27 76 --sha-r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-02 68856]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-01-08 4363504]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-18 17920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-20 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]
"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-08-21 36864]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-20 1261336]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 c:\windows\System32\HCIMNTR.DLL]

c:\users\Jam On\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-12-16 256000]
Registration Assassin's Creed.LNK - c:\program files\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe [2009-01-15 967304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-13 715568]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G G

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E0130A23-8425-4D24-8D06-DDF86EE6E0DF}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{878E3448-1256-418D-94BA-B21C86A04842}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{B74C9EB7-BEB5-4310-BBFD-913BBB35ACE5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DF1296FD-F3AD-40F9-80C4-D48E7A6C536F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{455AA0D2-C7EB-4A30-ADBF-A6F03E0190F6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{25511AFD-FD47-4352-80A1-26F7CDA8AEBC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A23908EA-2DF9-4757-B45E-2FDBDFCD7114}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{CA28E897-8BA6-4564-97F3-143D0E4628E0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{5132C1EC-ADCE-49F8-94E9-F20BCBE73C73}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D6EA6609-F086-4F15-A4BF-37935141F8FC}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C9BCE54C-BE76-456C-B65B-E58CABB8D35D}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D5E0BC5C-16B6-4AC7-8939-EF9EF0923817}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4A15F9FC-8D87-4469-BD2E-9E829B57EDD1}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{64B2CE1E-5109-4062-A757-A1BC083A38BB}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{25C2C39D-E992-4A58-8A40-BB14E1886C73}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{652785E6-73FA-4D62-8B03-EF7026552815}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{FEFC5330-F07B-45C3-9785-8BCD1ECBDE78}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{24344D2E-6102-4555-AD4F-B2BD204E4F62}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{013AFABB-21C5-41BE-B32E-C4A89A2D7329}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{3530F750-AF62-4B3B-9FB0-F7D021B1853E}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{54BB99C8-48BA-4F60-8C4D-BD3A75EC9B24}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{986F42CD-1AF9-4036-9181-A708CA764953}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor
"{68E6757C-080D-4ECB-8E25-E1282006876E}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{A87604A9-35B0-4DAF-A28B-68D5549A9B48}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2D0290A7-77DE-4CF3-AEC2-78237039E892}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{AFB74A05-DA3B-48B7-97D2-CA37587B3F89}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{62C97F1D-0F9F-4804-A86A-B268C9604164}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{846ADF7B-DD1D-4308-988A-9852FB0F072D}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{F46871DA-1508-435C-9E33-C368BCC9D7B6}"= UDP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{3BB69371-67CB-4DCA-A1FA-39572639B39D}"= TCP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{775771FA-AF60-4A15-A3DF-06943E50B63F}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{EFC6E9E4-5F1A-4E98-874C-71574ED20B38}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{7BDAA3B1-4F6A-457D-9767-5D953446D6EC}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{1332A507-683A-40CC-9EE5-A84FBABF7472}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{1C368D8F-F768-478E-A949-469CD9F30584}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{B76E7E2C-74C8-4EE7-B52C-12B2D710167A}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{24FB2849-B10E-4D49-83B2-78A886B80643}"= UDP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{D875D094-0787-4F92-A3EF-AEA48E194EE8}"= TCP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{DB1F9A53-4DE2-4EBE-83A2-34DFEF1DE50A}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{0A692E49-A389-4055-AF26-306DE0B4B614}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{18AFBFC9-E7A0-4C85-8AAB-EE093AB80F86}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{1F8C5077-250D-4A85-ABEA-F2BB0DD9AC18}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{5DC54F14-A22E-4FA7-B7F9-4E7F0D0E1280}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{4C81A593-386D-42ED-AE02-46B088BED0E1}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{2FC883F0-BC03-4CE3-AB64-3A6B37C478C9}"= UDP:5353:Adobe CSI CS4
"{7A638391-47EF-486C-B070-945E56AF8A54}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{3FDC90F0-7121-4D2B-8662-9394DAEF92BC}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{41D78E39-862F-456B-9E67-F76479CFA1DB}"= UDP:c:\program files\Ubisoft\Prince of Persia\Prince of Persia.exe:Prince of Persia Dx
"{11E4A31D-A0DC-41A6-9502-47A4272352DC}"= TCP:c:\program files\Ubisoft\Prince of Persia\Prince of Persia.exe:Prince of Persia Dx
"{EDD4D3E2-4935-40F3-A3EC-96D6A3C5FE0A}"= UDP:c:\program files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update
"{BC20D96C-1634-4A4E-AC90-3180BE081482}"= TCP:c:\program files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update
"{C0074B72-DCB7-4B02-863A-353EECCBB18E}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{C937013A-8034-45AC-B775-C5F1C01D8764}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{56855343-8B64-4A2E-B5C3-51861579C9A6}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{776F0697-6D8C-4ABA-A322-79CED93C782C}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{DBB8DF99-E6A1-4B04-9513-91215A84728A}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{A7BBA34A-D1D6-48B0-80F6-4FC4ACC13288}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{A3F65F09-30F6-4D83-9752-DC3470E963DD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CC5D4F51-CA25-4DDF-BE11-62E2B7CD8E3F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{D2DDC3C1-3ECD-40BA-832B-2971B0410D36}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{05716B9F-3476-454C-9E63-7FAE18ED21A7}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-01-20 97928]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\System32\drivers\avgwfpx.sys [2009-01-20 69128]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\System32\drivers\OEM05Vfx.sys [2008-04-02 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\System32\drivers\OEM05Vid.sys [2008-04-02 235616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\System32\drivers\livecamv.sys [2008-04-02 31616]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\System32\drivers\TM_CFW.sys [2008-04-02 280392]
R4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-20 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-20 231704]
R4 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [2008-04-02 36368]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-02 30192]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\System32\drivers\OEM05Afx.sys [2008-04-02 141376]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-01-15 c:\windows\Tasks\EasyShare Registration Task.job
- c:\progra~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.9.30.1.sxt _RegistrationOffer@16 []

2008-12-21 c:\windows\Tasks\iavyczke.job
- c:\users\JAMON~1\AppData\Local\Temp\vtUnolKa.dll []

2008-12-22 c:\windows\Tasks\lwonwiku.job
- c:\users\Tilly\AppData\Local\Temp\pmnkHATj.dll []

2009-01-20 c:\windows\Tasks\Norton Security Scan for Jam On.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080402
mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080402
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-20 18:22:23
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-01-20 18:24:25
ComboFix-quarantined-files.txt 2009-01-21 02:24:22

Pre-Run: 73,824,514,048 bytes free
Post-Run: 74,266,714,112 bytes free

349


HIJACK Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:44 PM, on 2/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 218.234.127.68:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Jam On\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Jam On\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O13 - Gopher Prefix:
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8617 bytes



Extras Text File:

OTListIt Extras logfile created on: 2/27/2009 3:58:27 PM - Run
OTListIt2 by OldTimer - Version 2.0.2.0 Folder = C:\Users\Jam On\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.71 Gb Total Space | 88.48 Gb Free Space | 19.63% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 5.02 Gb Free Space | 33.43% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMON-PC
Current User Name: Jam On
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.21
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD®
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.4
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7C11154F-3539-4CB5-979D-EF7913473E53}" = Prince of Persia
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84D58782-A2F0-47D4-A557-3041363893CF}" = Adobe Setup
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}" = Roxio MyDVD Premier
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B40EA8AE-322B-46DE-B422-480A40F43AEE}" = Brain Trainer
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BDA825AD-D60B-4935-9590-B0F1AC2E0D22}" = MotoGP 08
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C127414C-A625-4E0A-8AC1-F970F9E566A3}" = Adobe Elements Studio Launcher
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Premier
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E43ED0A0-C85E-40F0-807C-6A8A9D2FAEF3}_is1" = King's Bounty. The Legend (Remove Only)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F20AE04A-3FDC-4A14-A90B-85DEE2812030}" = Sam & Max Season 1
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F441C985-4F07-4163-978E-BFD3B2BA20EC}" = Brain Trainer 2
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_19c4ee81f9cc4b3dffb9a17d9b648b2" = Adobe Soundbooth CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combat Wings - Battle of Britain_is1" = Combat Wings - Battle of Britain (1.0)
"Combat Wings_is1" = Combat Wings (1.0)
"Creative OEM005" = Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)
"Crysis WARHEAD®" = Crysis WARHEAD®
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0044)
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HandBrake" = HandBrake 0.9.3
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.4 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nero8Lite_is1" = Nero 8 Lite 8.3.6.0
"NVIDIA Drivers" = NVIDIA Drivers
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PROSetDX" = Intel® PRO Network Connections 12.1.12.4
"PunkBusterSvc" = PunkBuster Services
"Spyware Doctor" = Spyware Doctor 6.0
"WinRAR archiver" = WinRAR archiver
"World War II - Pacific Heroes_is1" = World War II - Pacific Heroes (1.0)
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1762430492-3976075232-2685152399-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1762430492-3976075232-2685152399-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2009 10:33:31 PM | Computer Name = JamOn-PC | Source = EventSystem | ID = 4621
Description =

Error - 2/13/2009 5:18:12 AM | Computer Name = JamOn-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/13/2009 1:47:10 PM | Computer Name = JamOn-PC | Source = EventSystem | ID = 4621
Description =

Error - 2/14/2009 2:06:00 PM | Computer Name = JamOn-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 8.0.6001.18372 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 15a4 Start Time: 01c98ecc3d7b4858 Termination Time: 0

Error - 2/14/2009 5:45:19 PM | Computer Name = JamOn-PC | Source = EventSystem | ID = 4621
Description =

Error - 2/15/2009 4:35:38 PM | Computer Name = JamOn-PC | Source = EventSystem | ID = 4622
Description =

Error - 2/17/2009 2:50:19 AM | Computer Name = JamOn-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2/18/2009 6:13:17 AM | Computer Name = JamOn-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 8.0.6001.18372 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1068 Start Time: 01c9919cfe6df1a3 Termination Time: 16

Error - 2/19/2009 3:16:27 AM | Computer Name = JamOn-PC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 8.0.6001.18372 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 7dc Start Time: 01c9925b2d9b7db0 Termination Time: 16

Error - 2/20/2009 5:29:33 AM | Computer Name = JamOn-PC | Source = EventSystem | ID = 4622
Description =

[ OSession Events ]
Error - 1/10/2009 1:29:44 PM | Computer Name = JamOn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 424
seconds with 420 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/13/2009 3:15:40 PM | Computer Name = JamOn-PC | Source = HTTP | ID = 15016
Description =

Error - 1/14/2009 5:32:57 AM | Computer Name = JamOn-PC | Source = DCOM | ID = 10010
Description =

Error - 1/14/2009 5:59:42 AM | Computer Name = JamOn-PC | Source = HTTP | ID = 15016
Description =

Error - 1/14/2009 3:10:08 PM | Computer Name = JamOn-PC | Source = HTTP | ID = 15016
Description =

Error - 1/14/2009 3:15:35 PM | Computer Name = JamOn-PC | Source = HTTP | ID = 15016
Description =

Error - 1/15/2009 4:21:19 PM | Computer Name = JamOn-PC | Source = HTTP | ID = 15016
Description =

Error - 1/15/2009 7:01:16 PM | Computer Name = JamOn-PC | Source = HTTP | ID = 15016
Description =

Error - 1/15/2009 7:29:32 PM | Computer Name = JamOn-PC | Source = HTTP | ID = 15016
Description =

Error - 1/15/2009 7:33:52 PM | Computer Name = JamOn-PC | Source = HTTP | ID = 15016
Description =

Error - 1/15/2009 7:41:48 PM | Computer Name = JamOn-PC | Source = HTTP | ID = 15016
Description =


< End of report >

Attached Files



#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:38 PM

Posted 28 February 2009 - 11:53 AM

  • I see an unknown suspicious proxy setting showed up on your log. Tell me if you have set a proxy server and if you know the following proxy: 218.234.127.68
    If the answer is no proceed with the next step. Otherwise skip step 2.

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 218.234.127.68:8080

    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Download both the attached files (hosts.txt and vistahostfix.bat) to your desktop.
    Right-click and rename hosts.txt to hosts (hosts without extension) and confirm renaming.
    Right-click vistahostfix.bat to run it as administrator.
    A text file opens, please post the content to your reply.

  • Delete your copy of Combofix from your desktop if you still have it and download the latest version of ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • Double click on ComboFix.exe & follow the prompts.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

  • Please copy and paste a fresh Hijackthis log to your reply.
Please include in your next reply:
  • Feedback on step 1.
  • The txt file of step 3.
  • The Combofix log.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#12 IfIonlyknew

IfIonlyknew
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 02 March 2009 - 02:36 PM

Regarding suspicious proxy settings, I had no idea where that came from so I used Hijackthis to get rid of it.

I followed your steps and almost everything went smooth, only thing was when I ran "ComboFix" and it finished, it had disabled my internet so I had to restart computer.

Here are the various logs you requested:

Note*, I will have to post 3 replys for the logs. When I paste the combofix log , it slows down my computer and almost locks up. Then I get an error message saying my post is too long.

Hosts Log:

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

#13 IfIonlyknew

IfIonlyknew
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 02 March 2009 - 02:40 PM

Farbar: I am unable to post my ComboFix log. Website says post is too large. I can't attach because I don't have enough room.

Let me know what you want to do about Combo log.


Here is the Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:19 AM, on 3/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\hijackthis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Jam On\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\Jam On\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O13 - Gopher Prefix:
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8306 bytes

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:38 PM

Posted 02 March 2009 - 05:09 PM

IfIonlyknew,

Open Combofix.txt, there is a section with the heading: snapshot@followed by a date. If that section is too large: Highlight, right-click and Cut that section. Paste it to a notepad and save it in case we needed it. Save the shortened Combofix and attach the rest of it. All other sections before and after snapshot are needed.

#15 IfIonlyknew

IfIonlyknew
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 03 March 2009 - 02:52 AM

Here you go:

ComboFix 09-03-02.01 - Jam On 2009-03-02 11:08:38.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.1940 [GMT -8:00]
Running from: c:\users\Jam On\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-02 to 2009-03-02 )))))))))))))))))))))))))))))))
.

2009-02-26 21:42 . 2009-02-27 10:23 410,984 --a------ c:\windows\System32\deploytk.dll
2009-02-26 21:40 . 2009-02-26 21:40 <DIR> d-------- c:\windows\Sun
2009-02-26 18:44 . 2009-02-26 18:44 <DIR> d-------- c:\program files\CCleaner
2009-02-16 14:22 . 2009-02-16 14:23 339,111,494 --a------ c:\windows\MEMORY.DMP
2009-02-13 10:49 . 2009-03-02 11:02 <DIR> d-------- C:\hijackthis
2009-02-13 10:21 . 2009-02-13 01:24 15,688 --a------ c:\windows\System32\lsdelete.exe
2009-02-13 01:18 . 2009-02-13 01:18 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-13 01:18 . 2009-02-13 01:18 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-13 00:41 . 2009-02-26 18:47 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-02-13 00:41 . 2009-02-26 18:47 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-02-13 00:41 . 2009-02-13 00:41 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-12 12:55 . 2009-02-12 12:55 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-02-12 12:51 . 2008-06-19 17:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-12 12:51 . 2008-06-19 17:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-12 12:51 . 2008-06-19 17:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-12 12:51 . 2008-06-19 17:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-12 12:51 . 2008-06-19 17:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-12 12:51 . 2008-06-19 17:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-12 12:51 . 2008-06-19 17:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-12 12:51 . 2008-06-19 17:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-12 12:46 . 2008-07-27 10:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-12 12:46 . 2008-07-27 10:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-12 12:46 . 2008-07-27 10:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-12 12:45 . 2008-07-27 10:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-12 12:45 . 2008-07-27 10:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-12 12:43 . 2008-12-04 20:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-12 12:43 . 2008-12-04 20:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-12 12:43 . 2008-12-04 20:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-12 12:43 . 2008-12-04 20:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-12 12:43 . 2008-12-04 20:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 10:14 . 2009-02-11 10:14 <DIR> d-------- c:\users\All Users\WindowsSearch
2009-02-11 10:14 . 2009-02-11 10:14 <DIR> d-------- c:\programdata\WindowsSearch
2009-02-10 11:08 . 2009-02-10 11:08 <DIR> d-------- c:\program files\LucasArts
2009-02-05 12:35 . 2009-02-05 12:36 <DIR> d-------- C:\Force RS
2009-02-05 12:35 . 2007-05-01 16:06 126,976 --a------ c:\windows\System32\SaiQFF04.Dll
2009-02-05 12:35 . 2007-05-01 16:06 16,256 --a------ c:\windows\System32\drivers\SaiIFF04.sys
2009-02-05 10:32 . 2009-02-05 10:32 40,896 --a------ c:\windows\System32\drivers\usbsnoop.sys
2009-02-04 01:16 . 2008-04-28 15:53 805,400 -ra------ c:\windows\System32\tmp276F.tmp
2009-02-04 01:14 . 2008-04-28 15:53 805,400 -ra------ c:\windows\System32\tmp274F.tmp
2009-02-03 16:02 . 2009-02-03 16:02 <DIR> d-------- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 20:15 --------- d-----w c:\programdata\Google Updater
2009-02-27 18:23 --------- d-----w c:\program files\Java
2009-02-27 06:47 --------- d-----w c:\users\Jam On\AppData\Roaming\uTorrent
2009-02-27 02:49 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-27 02:43 --------- d-----w c:\program files\Dell
2009-02-26 17:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-13 09:17 --------- d-----w c:\programdata\Lavasoft
2009-02-13 09:17 --------- d-----w c:\program files\Lavasoft
2009-02-12 21:16 --------- d-----w c:\program files\Windows Mail
2009-02-12 19:37 --------- d--h--w c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2009-02-12 19:37 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-12 19:37 --------- d-----w c:\program files\Spyware Doctor
2009-02-12 19:37 --------- d-----w c:\program files\Microsoft Works
2009-02-12 19:37 --------- d-----w c:\program files\MagicISO
2009-02-12 18:31 --------- d-----w c:\programdata\avg8
2009-02-12 10:11 --------- d-----w c:\programdata\Ubisoft
2009-02-12 09:49 --------- d-----w c:\program files\Ubisoft
2009-02-12 08:57 --------- d-----w c:\program files\Codemasters
2009-02-12 08:55 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-12 08:07 --------- d---a-w c:\programdata\TEMP
2009-02-12 07:59 --------- d-----w c:\programdata\NVIDIA
2009-02-11 18:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 18:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-11 09:30 --------- d-----w c:\program files\Electronic Arts
2009-02-10 10:21 --------- d-----w c:\users\Jam On\AppData\Roaming\InstallShield
2009-02-04 09:24 --------- d-----w c:\programdata\Codemasters
2009-02-02 20:32 --------- d-----w c:\programdata\Roxio
2009-01-28 09:17 --------- d-----w c:\program files\EA Games
2009-01-28 09:15 --------- d-----w c:\program files\AGEIA Technologies
2009-01-27 22:41 --------- d-----w c:\program files\Trend Micro
2009-01-27 19:31 --------- d-----w c:\users\Jam On\AppData\Roaming\Disney Interactive Studios
2009-01-27 18:49 --------- d-----w c:\users\Jam On\AppData\Roaming\Leadertech
2009-01-27 18:34 --------- d-----w c:\program files\Disney Interactive Studios
2009-01-26 10:43 --------- d-----w c:\program files\OpenAL
2009-01-26 09:44 --------- d-----w c:\users\Jam On\AppData\Roaming\Nero
2009-01-26 09:44 --------- d-----w c:\program files\Nero
2009-01-26 09:43 --------- d-----w c:\programdata\Nero
2009-01-26 09:43 --------- d-----w c:\program files\Common Files\Nero
2009-01-26 07:48 --------- d-----w c:\program files\DAEMON Tools Lite
2009-01-26 06:49 --------- d-----w c:\program files\Common Files\Adobe
2009-01-26 06:33 --------- d-----w c:\program files\City Interactive
2009-01-26 05:08 --------- d-----w c:\program files\Capcom
2009-01-25 19:58 --------- d-----w c:\program files\PokerTracker 3
2009-01-24 19:30 --------- d-----w c:\program files\PostgreSQL
2009-01-24 19:15 --------- d-----w c:\program files\Bonjour
2009-01-24 10:29 --------- d-----w c:\program files\Atari
2009-01-22 08:56 --------- d-----w c:\program files\Bethesda Softworks
2009-01-21 18:54 --------- d-----w c:\program files\Roxio
2009-01-21 03:11 --------- d-----w c:\program files\Yahoo!
2009-01-20 22:13 --------- d-----w c:\users\Jam On\AppData\Roaming\PC Tools
2009-01-20 22:13 --------- d-----w c:\program files\Google
2009-01-18 21:30 64,160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-01-17 18:24 --------- d-----w c:\users\Tilly\AppData\Roaming\Yahoo!
2009-01-17 04:28 --------- d-----w c:\program files\Microsoft Xbox 360 Accessories
2009-01-17 04:11 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-01-16 22:04 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-16 22:04 --------- d-----w c:\program files\iTunes
2009-01-16 22:04 --------- d-----w c:\program files\iPod
2009-01-16 22:04 --------- d-----w c:\program files\Common Files\Apple
2009-01-16 22:03 --------- d-----w c:\program files\QuickTime
2009-01-16 01:43 1,516,032 --sha-r c:\windows\wintask.exe
2009-01-15 21:50 --------- d-----w c:\programdata\Yahoo!
2009-01-15 10:10 --------- d-----w c:\users\Jam On\AppData\Roaming\Ubisoft
2009-01-15 10:05 911,872 ----a-w c:\windows\System32\wininet.dll
2009-01-15 10:05 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-01-15 10:04 18,944 ----a-w c:\windows\System32\corpol.dll
2009-01-15 10:04 132,096 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-15 10:04 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-01-15 10:04 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-01-15 10:04 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-01-15 10:04 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-01-15 10:04 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-01-15 10:03 72,704 ----a-w c:\windows\System32\admparse.dll
2009-01-15 10:03 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 10:03 66,560 ----a-w c:\windows\System32\wextract.exe
2009-01-15 10:03 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-01-15 10:02 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-01-15 10:01 34,304 ----a-w c:\windows\System32\imgutil.dll
2009-01-15 10:00 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-01-15 10:00 45,568 ----a-w c:\windows\System32\mshta.exe
2009-01-15 09:50 156,160 ----a-w c:\windows\System32\msls31.dll
2009-01-14 09:32 --------- d-----w c:\program files\EA Sports
2009-01-11 01:59 --------- d-----w c:\users\Jam On\AppData\Roaming\Capcom
2009-01-09 01:57 --------- d-----w c:\program files\Mindscape
2009-01-08 03:03 --------- d-----w c:\programdata\FLEXnet
2009-01-06 03:09 --------- d-----w c:\program files\Adobe Media Player
2009-01-05 21:32 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-01-05 20:31 --------- d-----w c:\programdata\Autodesk
2009-01-05 10:08 --------- d-----w c:\program files\Autodesk
2008-12-21 05:21 22,328 ----a-w c:\users\Jam On\AppData\Roaming\PnkBstrK.sys
2008-12-21 05:21 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-12-19 02:01 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-09-27 18:28 174 --sha-w c:\program files\desktop.ini
2008-04-02 15:27 76 --sha-r c:\windows\CT4CET.bin
.


.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-20 30192]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-13 509784]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-27 148888]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 c:\windows\System32\HCIMNTR.DLL]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-13 715568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Jam On^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Pure Registration.lnk]
path=c:\users\Jam On\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pure Registration.lnk
backup=c:\windows\pss\Pure Registration.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-02-13 01:24 509784 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a------ 2008-11-20 10:06 178688 c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-29 02:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
--a------ 2007-07-27 12:43 118784 c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 23:04 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2008-02-13 15:21 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2008-01-18 03:40 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 20:52 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2007-08-30 10:50 205480 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Mon.exe]
--a------ 2007-08-21 21:39 36864 c:\windows\OEM05Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wintask]
-rahs---- 2009-01-15 17:43 1516032 c:\windows\wintask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-18 23:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E0130A23-8425-4D24-8D06-DDF86EE6E0DF}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{878E3448-1256-418D-94BA-B21C86A04842}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{B74C9EB7-BEB5-4310-BBFD-913BBB35ACE5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DF1296FD-F3AD-40F9-80C4-D48E7A6C536F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{455AA0D2-C7EB-4A30-ADBF-A6F03E0190F6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{25511AFD-FD47-4352-80A1-26F7CDA8AEBC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A23908EA-2DF9-4757-B45E-2FDBDFCD7114}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{CA28E897-8BA6-4564-97F3-143D0E4628E0}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{5132C1EC-ADCE-49F8-94E9-F20BCBE73C73}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D6EA6609-F086-4F15-A4BF-37935141F8FC}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C9BCE54C-BE76-456C-B65B-E58CABB8D35D}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D5E0BC5C-16B6-4AC7-8939-EF9EF0923817}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4A15F9FC-8D87-4469-BD2E-9E829B57EDD1}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{64B2CE1E-5109-4062-A757-A1BC083A38BB}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{25C2C39D-E992-4A58-8A40-BB14E1886C73}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{652785E6-73FA-4D62-8B03-EF7026552815}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{68E6757C-080D-4ECB-8E25-E1282006876E}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{A87604A9-35B0-4DAF-A28B-68D5549A9B48}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2D0290A7-77DE-4CF3-AEC2-78237039E892}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{AFB74A05-DA3B-48B7-97D2-CA37587B3F89}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F46871DA-1508-435C-9E33-C368BCC9D7B6}"= UDP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{3BB69371-67CB-4DCA-A1FA-39572639B39D}"= TCP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{775771FA-AF60-4A15-A3DF-06943E50B63F}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{EFC6E9E4-5F1A-4E98-874C-71574ED20B38}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{7BDAA3B1-4F6A-457D-9767-5D953446D6EC}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{1332A507-683A-40CC-9EE5-A84FBABF7472}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{1C368D8F-F768-478E-A949-469CD9F30584}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{B76E7E2C-74C8-4EE7-B52C-12B2D710167A}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{24FB2849-B10E-4D49-83B2-78A886B80643}"= UDP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{D875D094-0787-4F92-A3EF-AEA48E194EE8}"= TCP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{DB1F9A53-4DE2-4EBE-83A2-34DFEF1DE50A}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{0A692E49-A389-4055-AF26-306DE0B4B614}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{18AFBFC9-E7A0-4C85-8AAB-EE093AB80F86}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{1F8C5077-250D-4A85-ABEA-F2BB0DD9AC18}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{5DC54F14-A22E-4FA7-B7F9-4E7F0D0E1280}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{4C81A593-386D-42ED-AE02-46B088BED0E1}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{41D78E39-862F-456B-9E67-F76479CFA1DB}"= UDP:c:\program files\Ubisoft\Prince of Persia\Prince of Persia.exe:Prince of Persia Dx
"{11E4A31D-A0DC-41A6-9502-47A4272352DC}"= TCP:c:\program files\Ubisoft\Prince of Persia\Prince of Persia.exe:Prince of Persia Dx
"{EDD4D3E2-4935-40F3-A3EC-96D6A3C5FE0A}"= UDP:c:\program files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update
"{BC20D96C-1634-4A4E-AC90-3180BE081482}"= TCP:c:\program files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update
"{C0074B72-DCB7-4B02-863A-353EECCBB18E}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{C937013A-8034-45AC-B775-C5F1C01D8764}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{56855343-8B64-4A2E-B5C3-51861579C9A6}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{776F0697-6D8C-4ABA-A322-79CED93C782C}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{DBB8DF99-E6A1-4B04-9513-91215A84728A}"= UDP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{A7BBA34A-D1D6-48B0-80F6-4FC4ACC13288}"= TCP:c:\program files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{A3F65F09-30F6-4D83-9752-DC3470E963DD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CC5D4F51-CA25-4DDF-BE11-62E2B7CD8E3F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{72A1D3C9-011F-47AD-A5E7-8B118B129071}"= UDP:c:\program files\Windows Mail\WinMail.exe:Windows Mail
"{E1A408D6-1D6F-4F63-8866-4E49ABC41740}"= TCP:c:\program files\Windows Mail\WinMail.exe:Windows Mail
"{283187B6-4300-42B3-9B80-7DA309E6F002}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{D943B816-4923-4B85-A162-49584CE1CA2C}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{91F7A00A-55E3-4E9F-A497-E9C7DDC8B6D4}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{FF8F6646-12C3-414B-8973-4C496BEC84D9}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{CA1CD8CD-665E-48BC-B0C0-55E849F9FB63}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{486771B5-C38F-4CC7-9BE8-C2D502D089D0}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{AA848B24-C190-4950-9CA9-2678874F5DD7}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{CE638D9B-043A-448C-9F4D-0A14FB3BB876}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{16E8975A-BB0A-42B4-BFA2-81376F213E29}"= UDP:c:\program files\Capcom\MotoGP 08\Launcher.exe:MotoGP 08
"{851BEA9E-A920-49EB-9978-4C6BE9F75AE9}"= TCP:c:\program files\Capcom\MotoGP 08\Launcher.exe:MotoGP 08
"{2C48C9A8-7614-41B9-89FC-4F603D731186}"= UDP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{1172B96B-72CC-4DAD-86D6-BAB11581DE20}"= TCP:c:\program files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{2FC18862-7FA5-41BD-AD92-D03D322DED9C}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID
"{D6948985-CDC1-4464-8EA7-123AE084EF9B}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-02-01 64160]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-02-13 1153368]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\System32\drivers\OEM05Vfx.sys [2008-04-02 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\System32\drivers\OEM05Vid.sys [2008-04-02 235616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\System32\drivers\livecamv.sys [2008-04-02 31616]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-02 30192]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\System32\drivers\OEM05Afx.sys [2008-04-02 141376]
S3 SaiIFF04;Immersion's HID USB Driver (FF04);c:\windows\System32\drivers\SaiIFF04.sys [2009-02-05 16256]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-20 356920]
S3 usbsnoop;usbsnoop (display);c:\windows\System32\drivers\usbsnoop.sys [2009-02-05 40896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-02-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-13 01:24]

2009-02-12 c:\windows\Tasks\EasyShare Registration Task.job
- c:\progra~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.9.30.1.sxt _RegistrationOffer@16 []

2008-12-21 c:\windows\Tasks\iavyczke.job
- c:\users\JAMON~1\AppData\Local\Temp\vtUnolKa.dll []

2008-12-22 c:\windows\Tasks\lwonwiku.job
- c:\users\Tilly\AppData\Local\Temp\pmnkHATj.dll []

2009-03-01 c:\windows\Tasks\User_Feed_Synchronization-{3ED7601D-0E12-4A79-ABAB-CE0C4784156C}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 02:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080402
mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080402
uInternet Settings,ProxyOverride = *.local;<local>
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 11:13:26
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-02 11:15:06
ComboFix-quarantined-files.txt 2009-03-02 19:15:04
ComboFix2.txt 2009-02-12 19:10:42
ComboFix3.txt 2009-01-25 21:24:46
ComboFix4.txt 2009-01-21 02:24:27

Pre-Run: 90,175,549,440 bytes free
Post-Run: 90,208,743,424 bytes free

2485 --- E O F --- 2009-03-02 17:04:32




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users