Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to update


  • This topic is locked This topic is locked
57 replies to this topic

#1 Seigetsu

Seigetsu

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 30 June 2009 - 04:10 PM

Good day. Seems I got something in my laptop and I'm not able to update from windows or get anything from windows (it redirects to google). I can't update other antispyware tools as well, always fail connection.
I couldn't do the dds report, shows the next error: "FINDSTR.exe is not recongized as an internal or external command, operable program or batch file."
I tried disconnecting from internet and disable antivirus but didin't work, in safe mode didn't too.
Operating system is a Windows Vista. I passed diffent anti spyware tools like spybot search and destroy, antimalware bytes and if it find something it killed it but still the same.
I upload the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:18, on 30/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\B2BPOKER\GoPlay\Client.exe
C:\Program Files\B2BPOKER\GoPlay\jre\bin\javaw.exe
C:\Program Files\CyberLink\Power2Go\Power2Go.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Users\Condom song\Downloads\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...5&mkt=en-gb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...5&mkt=en-GB
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/...NPUpldes-es.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\xampp\service.exe

--
End of file - 8057 bytes


Thank you for your time

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:23 AM

Posted 01 July 2009 - 06:36 AM

Hi Seigetsu,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Set the list of files/folders created to 3 Months and click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).

      Note 1: If you have difficulty finding the logs, the logs are in this folder: C:\rsit

      Note 2: The tool takes not more than one minute to scan the system.
  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

    @echo off
    cd\
    >Log1.txt (
    ipconfig /all
    nslookup google.com
    ping -n 2 google.com
    route print
    )
    start Log1.txt
    Del %0
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select save in: desktop
    • Fill in File name: test.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate and double-click test.bat on the desktop.
    • A notepad opens, copy and paste the content it (log.txt) to your reply.


#3 Seigetsu

Seigetsu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 01 July 2009 - 01:04 PM

Here are the files of RSIT. I tried to do the other one but gives me always the txt file empty.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Serj at 2009-07-01 19:55:41
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 8 GB (3%) free of 230 GB
Total RAM: 3070 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:55, on 01/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Condom song\Desktop\RSIT.exe
C:\Users\Condom song\Downloads\Programs\Serj.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...5&mkt=en-gb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...5&mkt=en-GB
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/...NPUpldes-es.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\xampp\service.exe

--
End of file - 7958 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-02 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-15 178712]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-10-24 1451264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=00000000
"NoDriveTypeAutoRun"=149
"NoDriveAutoRun"=67108803

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 3 months======

2009-07-01 19:55:41 ----D---- C:\rsit
2009-06-29 23:24:12 ----D---- C:\Users\Condom song\AppData\Roaming\Mra
2009-06-29 20:41:19 ----A---- C:\Windows\system32\GEARAspi.dll
2009-06-29 20:40:57 ----D---- C:\Program Files\iPod
2009-06-29 20:40:56 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-29 20:40:56 ----D---- C:\Program Files\iTunes
2009-06-29 20:38:32 ----D---- C:\Program Files\QuickTime
2009-06-29 19:40:19 ----D---- C:\Program Files\a-squared Free
2009-06-29 19:10:56 ----D---- C:\Windows\temp
2009-06-29 19:09:46 ----SHD---- C:\$RECYCLE.BIN
2009-06-29 18:52:58 ----D---- C:\Windows\ERDNT
2009-06-28 21:23:54 ----A---- C:\Windows\system32\mshtmler.dll
2009-06-28 21:23:54 ----A---- C:\Windows\system32\mshtmled.dll
2009-06-28 21:23:54 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-28 21:23:54 ----A---- C:\Windows\system32\ieui.dll
2009-06-28 21:23:54 ----A---- C:\Windows\system32\icardie.dll
2009-06-28 21:23:54 ----A---- C:\Windows\system32\admparse.dll
2009-06-28 21:23:49 ----A---- C:\Windows\system32\msls31.dll
2009-06-28 21:23:49 ----A---- C:\Windows\system32\imgutil.dll
2009-06-28 21:23:49 ----A---- C:\Windows\system32\iernonce.dll
2009-06-28 21:23:49 ----A---- C:\Windows\system32\ieakeng.dll
2009-06-28 21:23:49 ----A---- C:\Windows\system32\dxtmsft.dll
2009-06-28 21:23:49 ----A---- C:\Windows\system32\corpol.dll
2009-06-28 21:23:48 ----A---- C:\Windows\system32\occache.dll
2009-06-28 21:23:48 ----A---- C:\Windows\system32\msrating.dll
2009-06-28 21:23:48 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-06-28 21:23:48 ----A---- C:\Windows\system32\licmgr10.dll
2009-06-28 21:23:48 ----A---- C:\Windows\system32\inseng.dll
2009-06-28 21:23:48 ----A---- C:\Windows\system32\iepeers.dll
2009-06-28 21:23:48 ----A---- C:\Windows\system32\ieaksie.dll
2009-06-28 21:23:48 ----A---- C:\Windows\system32\dxtrans.dll
2009-06-28 21:23:47 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-06-28 21:23:47 ----A---- C:\Windows\system32\wextract.exe
2009-06-28 21:23:47 ----A---- C:\Windows\system32\webcheck.dll
2009-06-28 21:23:47 ----A---- C:\Windows\system32\pngfilt.dll
2009-06-28 21:23:47 ----A---- C:\Windows\system32\mstime.dll
2009-06-28 21:23:47 ----A---- C:\Windows\system32\msfeedssync.exe
2009-06-28 21:23:47 ----A---- C:\Windows\system32\msfeeds.dll
2009-06-28 21:23:47 ----A---- C:\Windows\system32\iesetup.dll
2009-06-28 21:23:47 ----A---- C:\Windows\system32\ieakui.dll
2009-06-28 21:23:47 ----A---- C:\Windows\system32\advpack.dll
2009-06-28 21:23:46 ----A---- C:\Windows\system32\vbscript.dll
2009-06-28 21:23:46 ----A---- C:\Windows\system32\url.dll
2009-06-28 21:23:46 ----A---- C:\Windows\system32\jscript.dll
2009-06-28 21:23:46 ----A---- C:\Windows\system32\ieapfltr.dll
2009-06-28 21:23:45 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-28 21:23:44 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-06-28 21:23:44 ----A---- C:\Windows\system32\SetDepNx.exe
2009-06-28 21:23:44 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-06-28 21:23:44 ----A---- C:\Windows\system32\PDMSetup.exe
2009-06-28 21:23:44 ----A---- C:\Windows\system32\mshta.exe
2009-06-28 21:23:44 ----A---- C:\Windows\system32\iexpress.exe
2009-06-28 21:23:44 ----A---- C:\Windows\system32\ieUnatt.exe
2009-06-28 21:23:44 ----A---- C:\Windows\system32\iesysprep.dll
2009-06-28 21:23:43 ----A---- C:\Windows\system32\wininet.dll
2009-06-28 21:23:43 ----A---- C:\Windows\system32\urlmon.dll
2009-06-28 21:23:43 ----A---- C:\Windows\system32\iertutil.dll
2009-06-28 21:23:43 ----A---- C:\Windows\system32\ie4uinit.exe
2009-06-28 21:23:41 ----A---- C:\Windows\system32\mshtml.dll
2009-06-28 21:23:41 ----A---- C:\Windows\system32\ieframe.dll
2009-06-28 21:23:03 ----HD---- C:\Windows\msdownld.tmp
2009-06-28 17:11:19 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-06-28 17:11:19 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-28 17:01:54 ----D---- C:\Program Files\SpywareBlaster
2009-06-27 03:38:27 ----D---- C:\Program Files\ICQ6.5
2009-06-16 23:37:57 ----A---- C:\Windows\system32\XAudio2_1.dll
2009-06-16 23:37:57 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2009-06-16 23:37:56 ----A---- C:\Windows\system32\xactengine2_9.dll
2009-06-16 23:37:56 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2009-06-16 23:37:56 ----A---- C:\Windows\system32\x3daudio1_2.dll
2009-06-16 23:37:55 ----A---- C:\Windows\system32\xinput1_3.dll
2009-06-16 23:37:55 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-06-15 20:15:55 ----N---- C:\Windows\Setup1.exe
2009-06-15 20:15:54 ----A---- C:\Windows\ST6UNST.EXE
2009-06-15 20:15:53 ----A---- C:\Windows\system32\VB6STKIT.DLL
2009-06-12 17:30:34 ----A---- C:\Windows\mafosav.INI
2009-06-02 22:50:06 ----D---- C:\[Programming]
2009-06-02 22:35:43 ----A---- C:\Windows\FlashDecompiler.INI
2009-06-02 22:33:41 ----D---- C:\Program Files\Flash Decompiler Trillix
2009-06-02 22:27:55 ----D---- C:\Users\Condom song\AppData\Roaming\KillProcess
2009-06-02 22:25:33 ----D---- C:\Program Files\Sun
2009-06-02 22:25:15 ----A---- C:\Windows\system32\javaws.exe
2009-06-02 22:25:15 ----A---- C:\Windows\system32\javaw.exe
2009-06-02 22:25:15 ----A---- C:\Windows\system32\java.exe
2009-05-28 00:53:08 ----D---- C:\Users\Condom song\AppData\Roaming\Logitech
2009-05-28 00:51:51 ----D---- C:\ProgramData\LogiShrd
2009-05-28 00:50:16 ----A---- C:\Windows\system32\BtCoreIf.dll
2009-05-28 00:50:06 ----A---- C:\Windows\system32\KemXML.dll
2009-05-28 00:50:06 ----A---- C:\Windows\system32\KemWnd.dll
2009-05-28 00:50:06 ----A---- C:\Windows\system32\KemUtil.dll
2009-05-28 00:50:06 ----A---- C:\Windows\system32\kemutb.dll
2009-05-28 00:49:13 ----D---- C:\ProgramData\Logitech
2009-05-28 00:48:41 ----D---- C:\Program Files\Common Files\Logishrd
2009-05-28 00:48:16 ----D---- C:\Program Files\Logitech
2009-05-27 12:48:27 ----A---- C:\Windows\LiveBilliards.INI
2009-05-26 19:42:51 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-05-26 19:42:51 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-05-26 19:42:47 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-05-26 19:42:47 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-05-26 19:42:47 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2009-05-26 19:42:45 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-05-26 19:42:45 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-05-26 19:42:45 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-05-26 19:42:45 ----A---- C:\Windows\system32\d3dx10.dll
2009-05-26 19:42:45 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-05-26 19:42:44 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-05-26 19:42:44 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-05-24 17:15:42 ----D---- C:\Program Files\VideoLAN
2009-05-10 00:08:06 ----D---- C:\Program Files\Mail.Ru
2009-05-09 19:28:53 ----D---- C:\Program Files\Safari
2009-05-09 19:13:14 ----D---- C:\Program Files\WMR11
2009-05-09 19:03:24 ----D---- C:\Users\Condom song\AppData\Roaming\Orbit
2009-04-26 17:41:36 ----AD---- C:\ProgramData\TEMP
2009-04-24 19:05:38 ----D---- C:\Users\Condom song\AppData\Roaming\com.adobe.ExMan
2009-04-23 09:12:38 ----D---- C:\Dev-Cpp
2009-04-23 09:05:09 ----D---- C:\Users\Condom song\AppData\Roaming\Dev-Cpp
2009-04-20 03:00:49 ----D---- C:\Users\Condom song\AppData\Roaming\VistaStumbler
2009-04-19 22:04:47 ----D---- C:\Program Files\B2BPOKER
2009-04-17 21:18:58 ----D---- C:\Users\Condom song\AppData\Roaming\Opera
2009-04-17 21:18:46 ----D---- C:\Program Files\Opera

======List of files/folders modified in the last 3 months======

2009-07-01 19:55:55 ----D---- C:\Windows\Prefetch
2009-07-01 19:55:28 ----D---- C:\Users\Condom song\AppData\Roaming\uTorrent
2009-07-01 01:37:15 ----SHD---- C:\System Volume Information
2009-06-30 23:13:01 ----D---- C:\Windows
2009-06-30 22:56:24 ----D---- C:\Program Files\Mozilla Firefox
2009-06-30 21:49:25 ----D---- C:\Users\Condom song\AppData\Roaming\Skype
2009-06-30 21:44:59 ----D---- C:\Users\Condom song\AppData\Roaming\skypePM
2009-06-30 10:43:41 ----RD---- C:\Program Files
2009-06-30 10:35:30 ----SHD---- C:\Windows\Installer
2009-06-30 10:35:30 ----SHD---- C:\Config.Msi
2009-06-30 10:35:02 ----D---- C:\Windows\Tasks
2009-06-30 10:35:02 ----D---- C:\Windows\System32
2009-06-30 10:20:18 ----D---- C:\Windows\system32\Tasks
2009-06-30 01:19:42 ----D---- C:\Windows\inf
2009-06-30 01:19:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-29 23:23:37 ----D---- C:\Windows\system32\catroot2
2009-06-29 20:41:20 ----D---- C:\Windows\system32\catroot
2009-06-29 20:41:19 ----DC---- C:\Windows\system32\DRVSTORE
2009-06-29 20:41:19 ----D---- C:\Windows\system32\drivers
2009-06-29 20:40:57 ----D---- C:\Program Files\Common Files\Apple
2009-06-29 20:40:56 ----HD---- C:\ProgramData
2009-06-29 19:38:34 ----D---- C:\Windows\system32\en-US
2009-06-29 19:09:06 ----A---- C:\Windows\system.ini
2009-06-29 19:08:01 ----D---- C:\Windows\AppPatch
2009-06-29 19:08:00 ----D---- C:\Program Files\Common Files
2009-06-29 18:29:20 ----D---- C:\Windows\winsxs
2009-06-29 18:16:52 ----SHD---- C:\boot
2009-06-29 18:16:52 ----D---- C:\Windows\system32\config
2009-06-29 18:01:48 ----D---- C:\Windows\system32\LogFiles
2009-06-28 21:57:22 ----D---- C:\Windows\rescache
2009-06-28 21:39:40 ----D---- C:\Program Files\Internet Explorer
2009-06-28 21:39:39 ----D---- C:\Windows\system32\migration
2009-06-28 21:39:39 ----D---- C:\Windows\PolicyDefinitions
2009-06-25 19:26:36 ----D---- C:\Users\Condom song\AppData\Roaming\Adobe
2009-06-25 16:54:48 ----D---- C:\Program Files\foobar2000
2009-06-18 13:51:19 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-17 14:11:24 ----RSD---- C:\Windows\assembly
2009-06-17 14:11:24 ----D---- C:\Program Files\Common Files\microsoft shared
2009-06-16 22:05:08 ----D---- C:\Program Files\ICQ6
2009-06-03 16:49:07 ----D---- C:\Program Files\Notepad++Portable
2009-06-03 15:04:08 ----RD---- C:\Users
2009-06-02 22:24:49 ----A---- C:\Windows\system32\deploytk.dll
2009-06-02 22:21:55 ----D---- C:\Program Files\Java
2009-05-27 12:37:30 ----D---- C:\Windows\system
2009-05-27 00:41:03 ----D---- C:\ProgramData\NVIDIA
2009-05-26 19:51:14 ----D---- C:\ProgramData\FLEXnet
2009-05-26 19:42:30 ----D---- C:\Windows\Logs
2009-05-26 19:31:54 ----A---- C:\Windows\win.ini
2009-05-21 17:45:08 ----SD---- C:\Users\Condom song\AppData\Roaming\Microsoft
2009-05-16 11:35:00 ----D---- C:\ProgramData\Microsoft Help
2009-05-09 19:29:51 ----D---- C:\Users\Condom song\AppData\Roaming\Apple Computer
2009-04-25 09:21:25 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys [2008-10-24 54280]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263}; \??\C:\Program Files\HP\QuickPlay\000.fcl [2007-09-30 39408]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-10-24 39944]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2008-10-24 73224]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-10-07 19456]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-10-07 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 80424]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 80936]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 16168]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2008-10-24 31240]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-12 1747936]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-12-18 28816]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-01-17 983936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-10-07 220160]
S3 catchme;catchme; \??\C:\Users\CONDOM~1\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Ovladac funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys []
S3 MSKSSRV;Server proxy služby datových proudu Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudu Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudu Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudu Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 98816]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-05-10 717320]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-10-24 468224]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2006-05-02 135168]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\Windows\system32\regedt32.exe [2006-11-02 9216]
S3 Apache2.2;Apache2.2; c:\xampp\apache\bin\apache.exe [2008-12-10 24636]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-10-24 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-07 655624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-02-19 121360]
S3 mysql;mysql; c:\xampp\mysql\bin\mysqld.exe [2008-11-15 6447744]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760]
S3 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016]
S3 XAMPP;XAMPP Service; C:\xampp\service.exe [2007-12-21 60928]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2009-07-01 19:56:02

======Uninstall list======

-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Ad-Aware-->C:\ProgramData\{2BAE6915-8510-4B9F-B498-02DA86258AA0}\Ad-AwareAE.exe
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Contribute CS4-->MsiExec.exe /I{A6EC82A0-1414-475D-8AFD-469089F3080D}
Adobe Creative Suite 4 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe --uninstall=1
Adobe Creative Suite 4 Master Collection-->MsiExec.exe /I{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe Encore CS4 Codecs-->MsiExec.exe /I{FB2A5FCC-B81B-48C2-A009-7804694D83E9}
Adobe Encore CS4-->MsiExec.exe /I{5EAD5443-7194-46CC-A055-428E6ABB1BAF}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Dolby-->MsiExec.exe /I{EE353798-E875-42E0-B58D-7E6696182EA8}
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe OnLocation CS4-->MsiExec.exe /I{7406DF60-016D-476B-A2C7-55D997592047}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Premiere Pro CS4 Functional Content-->MsiExec.exe /I{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}
Adobe Premiere Pro CS4 Third Party Content-->MsiExec.exe /I{C938BE91-3BB5-4B84-9EF6-88F0505D0038}
Adobe Premiere Pro CS4-->MsiExec.exe /I{D499F8DE-3F31-4900-9157-61061613704B}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Soundbooth CS4 Codecs-->MsiExec.exe /I{52232EF4-CC12-4C21-ABCF-ADB79618302D}
Adobe Soundbooth CS4-->MsiExec.exe /I{14F70205-1940-4000-88C7-BE799A6B2CAD}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
ESET Smart Security-->MsiExec.exe /I{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}
ESU for Microsoft Vista-->MsiExec.exe /I{67A2873D-18A5-4B47-97CC-EFB8DDF89C28}
Flash Decompiler Trillix-->"C:\Program Files\Flash Decompiler Trillix\unins000.exe"
foobar2000 v0.9.5.6-->"C:\Program Files\foobar2000\uninstall.exe"
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Users\Condom song\Downloads\Programs\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP Integrated Module with Bluetooth wireless technology 6.0.1.5500-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0005 uninst
HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP User Guides 0087-->MsiExec.exe /I{4D49757C-367A-4333-BDB3-68966162B14E}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java DB 10.4.2.1-->MsiExec.exe /X{926C96FB-9D0A-4504-8000-C6D3A4A3118E}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Java™ SE Development Kit 6 Update 14-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160140}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MKVtoolnix 2.5.3-->C:\Program Files\MKVtoolnix\uninst.exe
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /I{400B790C-C090-4429-8124-8FE41B8BCE7D}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up -->"C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
QuickPlay SlingPlayer 0.4.4-->"C:\Program Files\HP\QuickPlay\unins000.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0005 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Safari-->MsiExec.exe /I{AF10D7E4-D29A-45DA-8050-B116097B69B5}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office InfoPath 2007 Help (KB957243)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {766DF26B-5F03-48ED-9307-5326F2790ED0}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XAMPP 1.7.0-->"c:\xampp\uninstall.exe"

======Hosts File======

127.0.0.1 activate.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: ESET Smart Security 3.0
FW: ESET Personal firewall
AS: ESET Smart Security 3.0
AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender

======System event log======

Computer Name: Serj
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 134170
Source Name: Service Control Manager
Time Written: 20090630205659.000000-000
Event Type: Error
User:

Computer Name: Serj
Event Code: 7000
Message: The adfs service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 134171
Source Name: Service Control Manager
Time Written: 20090630205659.000000-000
Event Type: Error
User:

Computer Name: Serj
Event Code: 7009
Message: A timeout was reached (30000 milliseconds) while waiting for the Eset Nod32 Boot service to connect.
Record Number: 134183
Source Name: Service Control Manager
Time Written: 20090630205659.000000-000
Event Type: Error
User:

Computer Name: Serj
Event Code: 7000
Message: The Eset Nod32 Boot service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Record Number: 134184
Source Name: Service Control Manager
Time Written: 20090630205659.000000-000
Event Type: Error
User:

Computer Name: Serj
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Record Number: 134237
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20090701115110.485204-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Serj
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Record Number: 31215
Source Name: Microsoft-Windows-EventSystem
Time Written: 20090630205341.000000-000
Event Type: Error
User:

Computer Name: Serj
Event Code: 6000
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Record Number: 31216
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090630205424.000000-000
Event Type: Warning
User:

Computer Name: Serj
Event Code: 6000
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Record Number: 31220
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090630205425.000000-000
Event Type: Warning
User:

Computer Name: Serj
Event Code: 512
Message: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.
Record Number: 31222
Source Name: Microsoft-Windows-CAPI2
Time Written: 20090630205425.000000-000
Event Type: Error
User:

Computer Name: Serj
Event Code: 3
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Record Number: 31232
Source Name: SecurityCenter
Time Written: 20090630205528.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Serj
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 28052
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090701175555.028204-000
Event Type: Audit Failure
User:

Computer Name: Serj
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 28053
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090701175555.050204-000
Event Type: Audit Failure
User:

Computer Name: Serj
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 28054
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090701175555.074204-000
Event Type: Audit Failure
User:

Computer Name: Serj
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 28055
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090701175555.099204-000
Event Type: Audit Failure
User:

Computer Name: Serj
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 28056
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090701175555.123204-000
Event Type: Audit Failure
User:

======Environment variables======

"CLASSPATH"=.;C:\[Programming]\[Works];C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OnlineServices"=Online Services
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PCBRAND"=Pavilion
"PLATFORM"=MCD
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=1706
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"USERPART"=E:
"windir"=%SystemRoot%
"PATH"=C:\Program Files\QuickTime\QTSystem\
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Attached Files

  • Attached File  info.txt   29.35KB   17 downloads
  • Attached File  log.txt   29.9KB   16 downloads

Edited by farbar, 01 July 2009 - 01:07 PM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:23 AM

Posted 01 July 2009 - 01:12 PM

Download the attached file and save it to your desktop. Right-click it and select "Run as administrator".

#5 Seigetsu

Seigetsu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 01 July 2009 - 01:22 PM

Still empty the result. I tried the commands in the command line as administrator and in safe mode and appears this.

Microsoft Windows [Version 6.0.6001]
Copyright © 2006 Microsoft Corporation. All rights reserved.

C:\>ipconfig /all
'ipconfig' is not recognized as an internal or external command,
operable program or batch file.

C:\>nslookup google.com
'nslookup' is not recognized as an internal or external command,
operable program or batch file.

C:\>ping -n 2 google.com
'ping' is not recognized as an internal or external command,
operable program or batch file.

C:\>

Edited by Seigetsu, 01 July 2009 - 01:42 PM.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:23 AM

Posted 01 July 2009 - 01:57 PM

There is something wrong. The question is if this is done by the malware or something else.

Please try this one then run the test.bat again.


Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
Copy and paste the text in quote box into it.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,3b,00,25,00,\
53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,3b,00,25,\
00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,\
53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,57,00,62,00,65,00,6d,\
00,00,00

  • Save the file to the desktop as regfix.reg
  • Make sure the Save as type field says All files.
  • Locate regfix.reg on the desktop and double-click on it and confirm.
  • A window pops up asking if you are sure to add the file to the registry. Click Yes.
  • You get another window popup saying that regfix.reg successfully added to the registry.
Note: You have to turn off any registry protector software you have in order the changes to be taken place.

#7 Seigetsu

Seigetsu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 01 July 2009 - 02:00 PM

I did the registry change and the result of the bat is still empty, and in cmd gives me the same answer if i use the commands.

Edited by Seigetsu, 01 July 2009 - 02:01 PM.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:23 AM

Posted 01 July 2009 - 02:02 PM

You might need to do this first to empty the TeaTimer cache also.:

You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do. This will only take a few seconds.
  • First disable TeaTimer:
    • Run Spybot-S&D
    • Go to the Mode menu, and make sure Advanced Mode is selected
    • On the left hand side, choose Tools -> Resident
    • Uncheck Resident TeaTimer and OK any prompts
    • Restart your computer.
    Instruction is also here: How to disable TeaTimer during HijackThis Cleanup

    Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

  • Then download ResetTeaTimer.exe to your desktop. (In case you use Firefox, rightclick the link and choose "Save Link As").
    • Doubleclick ResetTeaTimer.exe and let it run.
Note: The Teatimer should be kept disabled until I give you the clean sign.


Apply the reg.fix and reboot your computer to try the test.bat

#9 Seigetsu

Seigetsu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 01 July 2009 - 02:10 PM

Windows IP Configuration

Host Name . . . . . . . . . . . . : Serj
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1F-3B-59-34-B3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::201e:5698:ff49:daa3%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.169(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 01 July 2009 21:09:08
Lease Expires . . . . . . . . . . : 02 July 2009 21:09:08
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{4D5E1A27-28AA-497F-A5DE-FF90EDC7AB4F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2E1594B1-4450-4C91-80EF-ED300B192C49}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{2E1594B1-4450-4C91-80EF-ED300B192C49}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: my.router
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.45.100
74.125.127.100
74.125.67.100



Pinging google.com [74.125.45.100] with 32 bytes of data:

Reply from 74.125.45.100: bytes=32 time=141ms TTL=48

Reply from 74.125.45.100: bytes=32 time=130ms TTL=48



Ping statistics for 74.125.45.100:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 130ms, Maximum = 141ms, Average = 135ms

===========================================================================
Interface List
11 ...00 1f 3b 59 34 b3 ...... Intel® Wireless WiFi Link 4965AGN
1 ........................... Software Loopback Interface 1
17 ...00 00 00 00 00 00 00 e0 isatap.{4D5E1A27-28AA-497F-A5DE-FF90EDC7AB4F}
23 ...00 00 00 00 00 00 00 e0 isatap.{2E1594B1-4450-4C91-80EF-ED300B192C49}
12 ...00 00 00 00 00 00 00 e0 isatap.{2E1594B1-4450-4C91-80EF-ED300B192C49}
14 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.169 40
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.169 296
192.168.1.169 255.255.255.255 On-link 192.168.1.169 296
192.168.1.255 255.255.255.255 On-link 192.168.1.169 296
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.169 296
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.169 296
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 296 fe80::/64 On-link
11 296 fe80::201e:5698:ff49:daa3/128
On-link
1 306 ff00::/8 On-link
11 296 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:23 AM

Posted 01 July 2009 - 02:32 PM

Well done. :thumbup2:

The router's settings are all okay.

We are going to run. Note that ComboFix should be run just once as I want to see the log of the first run.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

#11 Seigetsu

Seigetsu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 01 July 2009 - 02:42 PM

ComboFix 09-07-01.01 - Serj 01/07/2009 21:34.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.2205 [GMT 2:00]
Running from: c:\users\Condom song\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.

2009-07-01 19:39 . 2009-07-01 19:39 -------- d-----w- c:\users\Condom song\AppData\Local\temp
2009-07-01 17:55 . 2009-07-01 17:56 -------- d-----w- C:\rsit
2009-06-29 21:24 . 2009-06-29 21:24 -------- d-----w- c:\users\Condom song\AppData\Roaming\Mra
2009-06-29 18:41 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-29 18:41 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-29 18:40 . 2009-06-29 18:40 -------- d-----w- c:\program files\iPod
2009-06-29 18:40 . 2009-06-29 18:41 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-29 18:40 . 2009-06-29 18:41 -------- d-----w- c:\program files\iTunes
2009-06-29 18:38 . 2009-06-29 18:39 -------- d-----w- c:\program files\QuickTime
2009-06-29 18:29 . 2009-06-29 18:29 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-29 18:25 . 2009-06-29 18:25 -------- d-----w- c:\users\Condom song\AppData\Local\Apple
2009-06-29 18:24 . 2009-06-29 18:24 -------- d-----w- c:\users\Condom song\AppData\Local\Apple Computer
2009-06-29 18:01 . 2009-06-30 12:59 -------- d-----w- c:\users\Condom song\AppData\Local\Adobe
2009-06-29 17:40 . 2009-06-30 08:16 -------- d-----w- c:\program files\a-squared Free
2009-06-28 15:11 . 2009-07-01 19:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-28 15:11 . 2009-06-28 15:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-28 15:01 . 2009-06-30 08:45 -------- d-----w- c:\program files\SpywareBlaster
2009-06-27 01:38 . 2009-06-30 10:05 -------- d-----w- c:\program files\ICQ6.5
2009-06-16 21:37 . 2008-05-30 12:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2009-06-16 21:37 . 2008-05-30 12:17 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2009-06-16 21:37 . 2008-05-30 12:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2009-06-16 21:37 . 2007-07-19 22:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2009-06-16 21:37 . 2007-07-19 22:54 18280 ----a-w- c:\windows\system32\x3daudio1_2.dll
2009-06-16 21:37 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-06-16 21:37 . 2007-03-12 14:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-06-15 18:15 . 2009-06-15 18:15 286720 ------w- c:\windows\Setup1.exe
2009-06-15 18:15 . 2009-06-15 18:15 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-06-15 18:15 . 2009-06-15 18:15 102912 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-06-02 20:50 . 2009-06-03 13:49 -------- d-----w- C:\[Programming]
2009-06-02 20:33 . 2009-06-02 20:33 -------- d-----w- c:\program files\Flash Decompiler Trillix
2009-06-02 20:27 . 2009-06-02 20:27 -------- d-----w- c:\users\Condom song\AppData\Roaming\KillProcess
2009-06-02 20:25 . 2009-06-02 20:25 -------- d-----w- c:\program files\Sun
2009-06-02 20:18 . 2009-06-02 20:18 4096 ----a-w- c:\windows\d3dx.dat
2009-06-02 20:16 . 2009-06-02 20:16 -------- d-----w- c:\users\Condom song\AppData\Local\{32A3A4F2-B792-11D6-A78A-00B0D0150060}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 19:09 . 2008-12-27 09:40 56544 ----a-w- c:\programdata\nvModes.dat
2009-07-01 19:08 . 2008-05-16 00:02 1660 ----a-w- c:\windows\bthservsdp.dat
2009-07-01 19:04 . 2008-10-05 11:20 -------- d-----w- c:\users\Condom song\AppData\Roaming\uTorrent
2009-06-30 19:49 . 2008-10-06 19:00 -------- d-----w- c:\users\Condom song\AppData\Roaming\Skype
2009-06-30 19:44 . 2008-10-06 19:01 -------- d-----w- c:\users\Condom song\AppData\Roaming\skypePM
2009-06-29 21:23 . 2009-04-17 19:18 -------- d-----w- c:\program files\Opera
2009-06-29 18:40 . 2008-10-06 17:51 -------- d-----w- c:\program files\Common Files\Apple
2009-06-25 14:54 . 2008-10-05 15:46 -------- d-----w- c:\program files\foobar2000
2009-06-18 11:51 . 2007-11-28 02:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 20:05 . 2008-10-05 11:26 -------- d-----w- c:\program files\ICQ6
2009-06-03 14:49 . 2008-10-27 10:51 -------- d-----w- c:\program files\Notepad++Portable
2009-06-02 20:24 . 2009-02-15 16:31 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-02 20:21 . 2007-11-28 04:00 -------- d-----w- c:\program files\Java
2009-05-27 22:53 . 2009-05-27 22:53 -------- d-----w- c:\users\Condom song\AppData\Roaming\Logitech
2009-05-27 22:51 . 2009-05-27 22:51 -------- d-----w- c:\programdata\LogiShrd
2009-05-27 22:51 . 2009-05-27 22:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-05-27 22:51 . 2009-05-27 22:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-05-27 22:51 . 2009-05-27 22:51 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-05-27 22:50 . 2009-05-27 22:48 -------- d-----w- c:\program files\Common Files\Logishrd
2009-05-27 22:49 . 2009-05-27 22:49 -------- d-----w- c:\programdata\Logitech
2009-05-27 22:48 . 2009-05-27 22:48 -------- d-----w- c:\program files\Logitech
2009-05-26 22:41 . 2008-05-16 00:27 -------- d-----w- c:\programdata\NVIDIA
2009-05-26 17:51 . 2009-02-06 16:49 -------- d-----w- c:\programdata\FLEXnet
2009-05-24 15:15 . 2009-05-24 15:15 -------- d-----w- c:\program files\VideoLAN
2009-05-16 09:35 . 2008-10-07 19:38 -------- d-----w- c:\programdata\Microsoft Help
2009-05-09 22:08 . 2009-05-09 22:08 -------- d-----w- c:\program files\Mail.Ru
2009-05-09 17:29 . 2008-10-06 17:54 -------- d-----w- c:\users\Condom song\AppData\Roaming\Apple Computer
2009-05-09 17:29 . 2009-05-09 17:28 -------- d-----w- c:\program files\Safari
2009-05-09 17:28 . 2009-05-09 17:03 -------- d-----w- c:\users\Condom song\AppData\Roaming\Orbit
2009-05-09 17:21 . 2009-05-09 17:13 -------- d-----w- c:\program files\WMR11
2009-05-06 12:23 . 2009-05-28 08:39 372736 ----a-w- c:\users\Condom song\AppData\Roaming\Mozilla\Firefox\Profiles\q6yjnhiw.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 1451264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
"RtHDVCpl"=RtHDVCpl.exe
"MAgent"=c:\program files\Mail.Ru\Agent\MAgent.exe -LM
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiSpyWareDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4047481444-1457897285-824502694-1000]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5139885B-F2ED-47BE-B98B-529FEFA65EEB}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{BD46FB37-8E85-4E4B-B7DA-7432B5BC76B8}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{942DD15C-35F7-4126-A94E-61A316D6C78F}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{AB617F83-FC93-41A0-B08A-AA28561A14F1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{C56BF27E-E31F-4C18-B153-6223A34B5343}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{7DC5FF7E-0A31-459D-A1D7-D84987841200}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{8C7480B7-AD70-4461-95C2-EE1A1C638161}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{6EAB08AB-EE1D-45EB-AA75-94CEF155BAC2}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{3D49576F-7945-42A0-90BE-7CE460A25456}"= UDP:5353:Adobe CSI CS4
"{B10A1883-F784-493B-89A3-A001AE2BEC22}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{931C915C-BB94-4A74-B15D-9064FBC5E802}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{9015CDAF-C06F-42E5-BACB-969031B4B1FD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{27EC97A6-86E8-4471-8C54-D279C4A14B20}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BBFEAB2D-86AD-404C-BE26-41068E33E3B5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [16/05/2008 02:19 39408]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [24/10/2008 21:51 468224]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [28/06/2009 17:11 1153368]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [28/01/2009 20:52 3668480]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe [02/11/2006 10:32 9216]
S3 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [10/12/2008 01:10 24636]
S3 XAMPP;XAMPP Service;c:\xampp\service.exe [21/12/2007 04:01 60928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1246278035&rver=5.5.4177.0&wp=mbi&wreply=http:%2f%2fmail.live.com%2fmail%2finboxlight.aspx%3ffolderid%3d00000000-0000-0000-0000-000000000001%26inboxsortascending%3dfalse%26inboxsortby%3ddate%26n%3d1563220431&lc=2057&id=64855&mkt=en-gb
mStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1246278035&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fmail%2FInboxLight.aspx%3FFolderID%3D00000000-0000-0000-0000-000000000001%26InboxSortAscending%3DFalse%26InboxSortBy%3DDate%26n%3D1563220431&lc=2057&id=64855&mkt=en-GB
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Condom song\AppData\Roaming\Mozilla\Firefox\Profiles\q6yjnhiw.default\
FF - prefs.js: browser.search.selectedEngine - IMDb
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: c:\users\Condom song\AppData\Roaming\Mozilla\Firefox\Profiles\q6yjnhiw.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 2
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 21:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (3) (LocalSystem)
@Allowed: (3) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\"
"DataDir"="ESET\\ESET Smart Security\\"
"EditionName"="TemDono FiX 1.2 (31 days remaining forever up to 2050)"
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"ProductBase"=dword:00000001
"ProductCode"="{4CEBE5E6-D1FD-4BDF-8C9C-29A9A3CC2B7C}"
"ProductName"="ESET Smart Security"
"ProductType"="ess"
"ProductVersion"="3.0.684.0"
"UniqueId"="000A674A4956600A"
"ScannerBuild"=dword:00000ed0
"ScannerVersionId"=dword:00000de1
"ScannerVersion"=""
"FixId"=dword:00000002
"PackageTag"=dword:04ff9687

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-01 21:41
ComboFix-quarantined-files.txt 2009-07-01 19:41

Pre-Run: 2,981,126,144 bytes free
Post-Run: 2,940,268,544 bytes free

244 --- E O F --- 2009-03-06 12:14

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:23 AM

Posted 01 July 2009 - 03:39 PM

It seems Combofix is run three times. :thumbup2:
I need to see the ComboFix.txt from the first run. Please copy/paste the combofix.txt from the the first run located at C:\Qoobox\combofix3.txt.

#13 Seigetsu

Seigetsu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 01 July 2009 - 03:47 PM

I don't have. The guy was checking my pc couple of days ago left nothing. Maybe with some program to recover deleted files..

#14 Seigetsu

Seigetsu
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 01 July 2009 - 04:01 PM

I'm trying to find an older version. Seems I got one that it's the same I made today.

I have this one that looks similar but has more things in the end:

ComboFix 09-07-01.01 - Serj 01/07/2009 21:34:52.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.2205 [GMT 2:00]
Running from: C:\Users\Condom song\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.

2009-07-01 19:39:37 . 2009-07-01 19:39:39 0 d-----w- C:\Users\Condom song\AppData\Local\temp
2009-07-01 17:55:41 . 2009-07-01 17:56:02 0 d-----w- C:\rsit
2009-06-29 21:24:12 . 2009-06-29 21:24:12 0 d-----w- C:\Users\Condom song\AppData\Roaming\Mra
2009-06-29 18:41:19 . 2009-03-19 14:32:48 23400 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
2009-06-29 18:41:19 . 2008-04-17 10:12:54 107368 ----a-w- C:\Windows\system32\GEARAspi.dll
2009-06-29 18:40:57 . 2009-06-29 18:40:57 0 d-----w- C:\Program Files\iPod
2009-06-29 18:40:56 . 2009-06-29 18:41:17 0 d-----w- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-29 18:40:56 . 2009-06-29 18:41:17 0 d-----w- C:\Program Files\iTunes
2009-06-29 18:38:32 . 2009-06-29 18:39:09 0 d-----w- C:\Program Files\QuickTime
2009-06-29 18:29:33 . 2009-06-29 18:29:33 75048 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-29 18:25:27 . 2009-06-29 18:25:27 0 d-----w- C:\Users\Condom song\AppData\Local\Apple
2009-06-29 18:24:59 . 2009-06-29 18:24:59 0 d-----w- C:\Users\Condom song\AppData\Local\Apple Computer
2009-06-29 18:01:10 . 2009-06-30 12:59:09 0 d-----w- C:\Users\Condom song\AppData\Local\Adobe
2009-06-29 17:40:19 . 2009-06-30 08:16:09 0 d-----w- C:\Program Files\a-squared Free
2009-06-28 15:11:19 . 2009-07-01 19:02:37 0 d-----w- C:\ProgramData\Spybot - Search & Destroy
2009-06-28 15:11:19 . 2009-06-28 15:22:34 0 d-----w- C:\Program Files\Spybot - Search & Destroy
2009-06-28 15:01:54 . 2009-06-30 08:45:26 0 d-----w- C:\Program Files\SpywareBlaster
2009-06-27 01:38:27 . 2009-06-30 10:05:11 0 d-----w- C:\Program Files\ICQ6.5
2009-06-16 21:37:57 . 2008-05-30 12:19:18 507400 ----a-w- C:\Windows\system32\XAudio2_1.dll
2009-06-16 21:37:57 . 2008-05-30 12:17:30 65032 ----a-w- C:\Windows\system32\XAPOFX1_0.dll
2009-06-16 21:37:56 . 2008-05-30 12:17:00 25608 ----a-w- C:\Windows\system32\X3DAudio1_4.dll
2009-06-16 21:37:56 . 2007-07-19 22:57:12 267112 ----a-w- C:\Windows\system32\xactengine2_9.dll
2009-06-16 21:37:56 . 2007-07-19 22:54:28 18280 ----a-w- C:\Windows\system32\x3daudio1_2.dll
2009-06-16 21:37:55 . 2007-04-04 16:53:42 81768 ----a-w- C:\Windows\system32\xinput1_3.dll
2009-06-16 21:37:55 . 2007-03-12 14:42:30 3495784 ----a-w- C:\Windows\system32\d3dx9_33.dll
2009-06-15 18:15:55 . 2009-06-15 18:15:55 286720 ------w- C:\Windows\Setup1.exe
2009-06-15 18:15:54 . 2009-06-15 18:15:54 73216 ----a-w- C:\Windows\ST6UNST.EXE
2009-06-15 18:15:53 . 2009-06-15 18:15:54 102912 ----a-w- C:\Windows\system32\VB6STKIT.DLL
2009-06-02 20:50:06 . 2009-06-03 13:49:26 0 d-----w- C:\[Programming]
2009-06-02 20:33:41 . 2009-06-02 20:33:53 0 d-----w- C:\Program Files\Flash Decompiler Trillix
2009-06-02 20:27:55 . 2009-06-02 20:27:55 0 d-----w- C:\Users\Condom song\AppData\Roaming\KillProcess
2009-06-02 20:25:33 . 2009-06-02 20:25:33 0 d-----w- C:\Program Files\Sun
2009-06-02 20:18:19 . 2009-06-02 20:18:19 4096 ----a-w- C:\Windows\d3dx.dat
2009-06-02 20:16:05 . 2009-06-02 20:16:05 0 d-----w- C:\Users\Condom song\AppData\Local\{32A3A4F2-B792-11D6-A78A-00B0D0150060}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 19:09:33 . 2008-12-27 09:40:52 56544 ----a-w- C:\ProgramData\nvModes.dat
2009-07-01 19:08:13 . 2008-05-16 00:02:04 1660 ----a-w- C:\Windows\bthservsdp.dat
2009-07-01 19:04:38 . 2008-10-05 11:20:23 0 d-----w- C:\Users\Condom song\AppData\Roaming\uTorrent
2009-06-30 19:49:25 . 2008-10-06 19:00:03 0 d-----w- C:\Users\Condom song\AppData\Roaming\Skype
2009-06-30 19:44:59 . 2008-10-06 19:01:01 0 d-----w- C:\Users\Condom song\AppData\Roaming\skypePM
2009-06-29 21:23:47 . 2009-04-17 19:18:46 0 d-----w- C:\Program Files\Opera
2009-06-29 18:40:57 . 2008-10-06 17:51:52 0 d-----w- C:\Program Files\Common Files\Apple
2009-06-25 14:54:48 . 2008-10-05 15:46:26 0 d-----w- C:\Program Files\foobar2000
2009-06-18 11:51:19 . 2007-11-28 02:09:00 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-06-16 20:05:08 . 2008-10-05 11:26:13 0 d-----w- C:\Program Files\ICQ6
2009-06-03 14:49:07 . 2008-10-27 10:51:30 0 d-----w- C:\Program Files\Notepad++Portable
2009-06-02 20:24:49 . 2009-02-15 16:31:53 410984 ----a-w- C:\Windows\system32\deploytk.dll
2009-06-02 20:21:55 . 2007-11-28 04:00:50 0 d-----w- C:\Program Files\Java
2009-05-27 22:53:08 . 2009-05-27 22:53:08 0 d-----w- C:\Users\Condom song\AppData\Roaming\Logitech
2009-05-27 22:51:51 . 2009-05-27 22:51:51 0 d-----w- C:\ProgramData\LogiShrd
2009-05-27 22:51:29 . 2009-05-27 22:51:29 0 ---ha-w- C:\Windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-05-27 22:51:28 . 2009-05-27 22:51:28 0 ---ha-w- C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-05-27 22:51:21 . 2009-05-27 22:51:21 0 ---ha-w- C:\Windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-05-27 22:50:34 . 2009-05-27 22:48:41 0 d-----w- C:\Program Files\Common Files\Logishrd
2009-05-27 22:49:13 . 2009-05-27 22:49:13 0 d-----w- C:\ProgramData\Logitech
2009-05-27 22:48:16 . 2009-05-27 22:48:16 0 d-----w- C:\Program Files\Logitech
2009-05-26 22:41:03 . 2008-05-16 00:27:34 0 d-----w- C:\ProgramData\NVIDIA
2009-05-26 17:51:14 . 2009-02-06 16:49:10 0 d-----w- C:\ProgramData\FLEXnet
2009-05-24 15:15:42 . 2009-05-24 15:15:42 0 d-----w- C:\Program Files\VideoLAN
2009-05-16 09:35:00 . 2008-10-07 19:38:39 0 d-----w- C:\ProgramData\Microsoft Help
2009-05-09 22:08:06 . 2009-05-09 22:08:06 0 d-----w- C:\Program Files\Mail.Ru
2009-05-09 17:29:51 . 2008-10-06 17:54:43 0 d-----w- C:\Users\Condom song\AppData\Roaming\Apple Computer
2009-05-09 17:29:30 . 2009-05-09 17:28:53 0 d-----w- C:\Program Files\Safari
2009-05-09 17:28:06 . 2009-05-09 17:03:24 0 d-----w- C:\Users\Condom song\AppData\Roaming\Orbit
2009-05-09 17:21:23 . 2009-05-09 17:13:14 0 d-----w- C:\Program Files\WMR11
2009-05-06 12:23:40 . 2009-05-28 08:39:08 372736 ----a-w- C:\Users\Condom song\AppData\Roaming\Mozilla\Firefox\Profiles\q6yjnhiw.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 08:29:10 102400]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 16:54:40 178712]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 11:54:20 554320]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-12-04 01:42:00 13556256]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 01:05:00 1045800]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-10-24 19:50:00 1451264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"ICQ"="C:\Program Files\ICQ6.5\ICQ.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe"
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
"RtHDVCpl"=RtHDVCpl.exe
"MAgent"=C:\Program Files\Mail.Ru\Agent\MAgent.exe -LM
"Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiSpyWareDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4047481444-1457897285-824502694-1000]
"EnableNotificationsRef"=dword:00000004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5139885B-F2ED-47BE-B98B-529FEFA65EEB}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{BD46FB37-8E85-4E4B-B7DA-7432B5BC76B8}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{942DD15C-35F7-4126-A94E-61A316D6C78F}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{AB617F83-FC93-41A0-B08A-AA28561A14F1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{C56BF27E-E31F-4C18-B153-6223A34B5343}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{7DC5FF7E-0A31-459D-A1D7-D84987841200}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{8C7480B7-AD70-4461-95C2-EE1A1C638161}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{6EAB08AB-EE1D-45EB-AA75-94CEF155BAC2}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:µTorrent
"{3D49576F-7945-42A0-90BE-7CE460A25456}"= UDP:5353:Adobe CSI CS4
"{B10A1883-F784-493B-89A3-A001AE2BEC22}"= UDP:C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{931C915C-BB94-4A74-B15D-9064FBC5E802}"= TCP:C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{9015CDAF-C06F-42E5-BACB-969031B4B1FD}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{27EC97A6-86E8-4471-8C54-D279C4A14B20}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BBFEAB2D-86AD-404C-BE26-41068E33E3B5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\QuickPlay\000.fcl [16/05/2008 02:19:34 39408]
R2 ekrn;Eset Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [24/10/2008 21:51:16 468224]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [28/06/2009 17:11:23 1153368]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\System32\drivers\NETw5v32.sys [28/01/2009 20:52:45 3668480]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\System32\regedt32.exe [02/11/2006 10:32:21 9216]
S3 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [10/12/2008 01:10:14 24636]
S3 XAMPP;XAMPP Service;C:\xampp\service.exe [21/12/2007 04:01:02 60928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1246278035&rver=5.5.4177.0&wp=mbi&wreply=http:%2f%2fmail.live.com%2fmail%2finboxlight.aspx%3ffolderid%3d00000000-0000-0000-0000-000000000001%26inboxsortascending%3dfalse%26inboxsortby%3ddate%26n%3d1563220431&lc=2057&id=64855&mkt=en-gb
mStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1246278035&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fmail%2FInboxLight.aspx%3FFolderID%3D00000000-0000-0000-0000-000000000001%26InboxSortAscending%3DFalse%26InboxSortBy%3DDate%26n%3D1563220431&lc=2057&id=64855&mkt=en-GB
IE: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - C:\Users\Condom song\AppData\Roaming\Mozilla\Firefox\Profiles\q6yjnhiw.default\
FF - prefs.js: browser.search.selectedEngine - IMDb
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
FF - plugin: C:\Users\Condom song\AppData\Roaming\Mozilla\Firefox\Profiles\q6yjnhiw.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 2
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

Edited by Seigetsu, 01 July 2009 - 04:07 PM.


#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:08:23 AM

Posted 01 July 2009 - 04:15 PM

Aha could he has removed something he shouldn't as we had a serious registry corruption which prevented Windows from performing the basic DOS commands? :thumbup2:

Anyway I don't see any malware. Let's try this:

Please go to start => run => copy and paste the following lines one by one in the run box and press Enter after each line:

cmd /c Net stop wuauserv&Ren c:\windows\softwaredistribution softwaredistribution.old1&Net start wuauserv
cmd /c dir /a "c:\windows\softwaredistribution.old1" >log.txt&log.txt&del log.txt

A text file opens, please copy and paste the content of it to your reply.

Edited by farbar, 01 July 2009 - 04:22 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users