Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Back again new and old problems


  • This topic is locked This topic is locked
30 replies to this topic

#1 Kenai

Kenai

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 09 July 2009 - 10:19 AM

Back again with a very weird problem along with some minor problems that I tried to fix last time

First is I get redirects a lot more often now and then a new problem that's been bothering me for the past 3-5 days now. One is that some of my games can't connect to servers even though I have an internet connection and the only way to fix it is restarting my computer. Second thing is that every other site that tells me to login to my account tells me I am putting in my information wrong even though I am 100% sure its correct. I tried clearing everything with ATF for firefox and internet explorer but it keeps saying its removing 20-150 mb's worth of files everyday and Internet explorer isn't even used more than once or twice a day for maybe 5-10 mins each. I am wondering if there is something that is on my computer causing this or maybe some file is damaged?


DDS log


DDS (Ver_09-06-26.01) - NTFSx86
Run by Tommy at 8:17:54.62 on Thu 07/09/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1715 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\java.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tommy\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mg2.mail.yahoo.com/dc/launch?.rand=39gnl8arvsmpe
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [CCUTRAYICON] FactoryMode
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\tommy\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\
FF - prefs.js: browser.search.selectedEngine - swagbucks.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - component: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-27 114768]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2008-12-27 159600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-27 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-6-27 51792]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-1-19 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-1-19 38296]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-5-8 204800]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-27 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2008-12-27 95640]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-12-19 21920]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]

=============== Created Last 30 ================

2009-07-06 17:05 <DIR> --d----- c:\program files\SpeedFan
2009-07-06 17:05 45 a------- c:\windows\system32\initdebug.nfo
2009-07-03 05:16 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-07-02 11:55 41,808 a------- c:\windows\system32\xfcodec.dll
2009-06-27 09:10 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-06-25 07:24 72,704 a------- c:\windows\system32\admparse.dll
2009-06-25 07:24 48,128 a------- c:\windows\system32\mshtmler.dll
2009-06-25 06:59 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-06-12 20:46 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-12 20:46 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-12 20:46 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-12 20:46 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-12 20:46 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-10 17:06 <DIR> --d----- c:\program files\Microsoft XNA
2009-06-10 02:47 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-10 02:47 636,928 a------- c:\windows\system32\localspl.dll
2009-06-10 02:47 784,896 a------- c:\windows\system32\rpcrt4.dll

==================== Find3M ====================

2009-06-06 15:41 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-06 15:41 86,016 a------- c:\windows\inf\infstor.dat
2009-06-06 15:41 51,200 a------- c:\windows\inf\infpub.dat
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-08 22:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-08 22:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-22 00:20 14,311,680 a------- c:\windows\system32\xlive.dll
2009-04-22 00:20 13,642,496 a------- c:\windows\system32\xlivefnt.dll
2008-11-21 17:14 56 a---h--- c:\programdata\ezsidmv.dat
2008-11-21 17:14 56 a---h--- c:\progra~2\ezsidmv.dat
2008-10-28 15:29 22,328 a------- c:\users\tommy\appdata\roaming\PnkBstrK.sys
2008-07-01 19:20 2,788,800 a------- c:\program files\FLV PlayerFCSetup.exe
2008-06-22 02:36 174 a--sh--- c:\program files\desktop.ini
2008-06-22 02:25 665,600 a------- c:\windows\inf\drvindex.dat
2008-02-20 13:33 0 a------- c:\users\tommy\appdata\roaming\wklnhst.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 8:18:37.60 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/14/2008 6:10:35 PM
System Uptime: 7/8/2009 2:20:23 AM (30 hours ago)

Motherboard: ASUSTek Computer INC. | | Leonite2
Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 457 GiB total, 227.444 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.232 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: KODAK 5300 AiO
Device ID: ROOT\IMAGE\0000
Manufacturer: Eastman Kodak
Name: KODAK 5300 AiO #2
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan

==== System Restore Points ===================

RP636: 6/22/2009 5:36:30 AM - Scheduled Checkpoint
RP637: 6/22/2009 2:56:12 PM - Windows Update
RP638: 6/24/2009 8:02:52 AM - Scheduled Checkpoint
RP640: 6/25/2009 7:22:39 AM - Removed MorphVOX Junior
RP641: 6/25/2009 7:23:37 AM - Windows Update
RP642: 6/25/2009 7:23:39 AM - Removed OpenOffice.org 3.1
RP643: 6/25/2009 7:25:12 AM - Windows Update
RP644: 6/25/2009 7:29:24 AM - Removed TortoiseSVN 1.5.3.13783 (32 bit)
RP646: 6/25/2009 7:31:36 AM - Configured VeohTV BETA
RP647: 6/25/2009 10:17:30 PM - Windows Update
RP648: 6/27/2009 10:55:35 AM - Scheduled Checkpoint
RP649: 6/28/2009 6:37:27 AM - Scheduled Checkpoint
RP650: 6/29/2009 7:21:09 AM - Windows Update
RP651: 7/2/2009 8:13:40 PM - Windows Update
RP652: 7/3/2009 10:43:13 PM - Scheduled Checkpoint
RP653: 7/4/2009 1:35:52 AM - Installed Java™ 6 Update 14
RP654: 7/5/2009 12:00:07 AM - Scheduled Checkpoint
RP655: 7/6/2009 12:00:03 AM - Scheduled Checkpoint
RP656: 7/6/2009 4:06:05 PM - Scheduled Checkpoint
RP657: 7/6/2009 11:40:35 PM - Windows Update
RP658: 7/7/2009 8:46:37 PM - Scheduled Checkpoint
RP659: 7/8/2009 12:12:16 PM - Scheduled Checkpoint

==== Installed Programs ======================

µTorrent
ActiveCheck component for HP Active Support Library
Ad-Aware
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.4
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
aiofw
aioprnt
aioscnnr
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
ATT-PRT22
Audacity 1.2.6
Audiosurf
AutoHotkey 1.0.47.06
AutoUpdate
avast! Antivirus
Blueberry Garden Demo
Bonjour
Bulent's Screen Recorder 4
Call of Duty
Call of Duty® - World at War™ Beta
Call of Duty® 2
Call of Duty® 2 Mod Tools
Call of Duty® 2 Patch 1.3
Call of Duty® 4 - Modern Warfare™
Call of Duty® 4 - Modern Warfare™ 1.4 Patch
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
Call of Duty® 4 - Modern Warfare™ 1.5 Patch
CamStudio
CCScore
center
Choice Guard
City 14
Counter-Strike
Counter-Strike: Source
Day of Defeat: Source
Day of Defeat: Source Beta
dBpoweramp Music Converter
DING!
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Manager 2.3.7
DyynoPlayer 0.8.6f.2
EA Download Manager
Enhanced Multimedia Keyboard Solution
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Fallout 3
Fallout 3 - The Garden of Eden Creation Kit
Folding@home-x86
Fraps
Freecorder Toolbar 3.02 Application
Game Cam 2.1
Garry's Mod
GCFScape 1.6.7
GoldWave v5.20
Google SketchUp 7
Google Toolbar for Internet Explorer
Gunbound Revolution
Half-Life
Half-Life 2
Half-Life 2 Awakening 1.1
Half-Life 2 Riot Act 1.0
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Dedicated Server Update Tool
Hardware Diagnostic Tools
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
HPAsset component for HP Active Support Library
ijji
ijji Auto Installer
ijji FireFox Launcher 1.0
Intel® Matrix Storage Manager
Intel® Viiv™ Software
iTunes
Java™ 6 Update 14
Java™ 6 Update 3
kgcbase
Killing Floor
KODAK All-in-One Printer Software
Kodak EasyShare software
ksDIP
Left 4 Dead
LightScribe 1.8.15.1
Linksys EasyLink Advisor
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Home and Student 60 day trial
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft XNA Framework Redistributable 3.0
MINERVA: Metastasis
MobileMe Control Panel
Mozilla Firefox (3.0.11)
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.0
My HP Games
NecroVisioN
netbrdg
NVIDIA Drivers
NVIDIA PhysX v8.07.18
Obsidian Conflict Beta 1.34
OfotoXMI
PC Tools Firewall Plus 5.0
PDF Settings
Peggle Nights
Portal
PreReq
PSSWCORE
PunkBuster Services
Pure Networks Platform
Python 2.5
QuickTime
Real Alternative 1.8.2
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
Security Update for Windows Media Encoder (KB954156)
SFR
SHASTA
skin0001
SKINXSDK
Skype™ Beta 4.0
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
Source SDK
Source SDK Base
Source SDK Base - Orange Box
SpeedFan (remove only)
SPORE™
Spybot - Search & Destroy
staticcr
Steam
StepMania (remove only)
Synergy
System Requirements Lab
Team Fortress 2
Team Fortress 2 Dedicated Server
TeamSpeak 2 RC2
tooltips
Unity Web Player
Ventrilo Client
VideoToolkit01
VLC media player 0.9.8a
VPRINTOL
VTFEdit 1.2.5
WeatherBug Gadget
WebEx Support Manager for Internet Explorer
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
WIRELESS
World of Warcraft
Xfire (remove only)
Yahoo! Search Protection
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

7/7/2009 7:30:54 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 75.16.33.107 for the Network Card with network address 001D60B54DD4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/7/2009 7:29:38 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001D60B54DD4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
7/6/2009 9:40:42 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PC Tools Firewall Plus service to connect.
7/6/2009 9:39:19 AM, Error: EventLog [6008] - The previous system shutdown at 9:37:39 AM on 7/6/2009 was unexpected.
7/4/2009 8:29:57 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
7/3/2009 8:37:35 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001D60B54DD4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/3/2009 5:17:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb i8042prt ssmdrv
7/3/2009 5:17:33 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/3/2009 4:52:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
7/3/2009 4:52:20 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/2/2009 6:34:46 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JASON-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1503B5E1-0606-4960-A098-F98B5435B. The master browser is stopping or an election is being forced.

==== End Of File ===========================

BC AdBot (Login to Remove)

 


m

#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:43 PM

Posted 17 July 2009 - 08:33 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Posted Image
m0le is a proud member of UNITE

#3 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 18 July 2009 - 12:49 PM

DDS (Ver_09-06-26.01) - NTFSx86
Run by Tommy at 10:46:50.83 on Sat 07/18/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1676 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\java.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Tommy\Desktop\Unused Desktop\Computer\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mg2.mail.yahoo.com/dc/launch?.rand=39gnl8arvsmpe
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [CCUTRAYICON] FactoryMode
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [Conime] %windir%\system32\conime.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\tommy\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: {1503B5E1-0606-4960-A098-F98B5435B4C5} = 192.168.0.1,192.168.0.40
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\
FF - prefs.js: browser.search.selectedEngine - swagbucks.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - component: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\tommy\appdata\roaming\mozilla\firefox\profiles\snxcrt6m.default\extensions\npdyyno@dyyno.com\plugins\npDyyno.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-27 114768]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2008-12-27 159600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-27 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-6-27 51792]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKDiscovery.exe [2009-1-19 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\aio\center\KodakSvc.exe [2009-1-19 38296]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2008-12-27 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2008-12-27 95640]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-12-19 21920]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]

=============== Created Last 30 ================

2009-07-16 01:04 <DIR> --d----- c:\program files\TortoiseSVN
2009-07-16 01:04 <DIR> --d----- c:\program files\common files\TortoiseOverlays
2009-07-14 17:04 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 17:04 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 17:04 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 17:04 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-10 10:52 <DIR> -cd-h--- c:\programdata\{35ACA973-70F0-495F-9092-74A130711865}
2009-07-10 10:52 <DIR> -cd-h--- c:\progra~2\{35ACA973-70F0-495F-9092-74A130711865}
2009-07-10 10:47 24,880 a------- c:\windows\system32\drivers\pnarp.sys
2009-07-10 10:47 26,416 a------- c:\windows\system32\drivers\purendis.sys
2009-07-10 10:47 <DIR> --d----- c:\program files\common files\Pure Networks Shared
2009-07-10 10:46 <DIR> --d----- c:\programdata\Pure Networks
2009-07-10 10:46 <DIR> --d----- c:\progra~2\Pure Networks
2009-07-10 10:43 939,368 a----r-- c:\windows\system32\myflash.ocx
2009-07-10 10:43 939,368 a----r-- c:\windows\system32\flash.ocx
2009-07-06 17:05 <DIR> --d----- c:\program files\SpeedFan
2009-07-06 17:05 45 a------- c:\windows\system32\initdebug.nfo
2009-07-03 05:16 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-07-02 11:55 41,808 a------- c:\windows\system32\xfcodec.dll
2009-06-27 09:10 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-06-25 07:24 72,704 a------- c:\windows\system32\admparse.dll
2009-06-25 07:24 48,128 a------- c:\windows\system32\mshtmler.dll
2009-06-25 06:59 <DIR> --dsh--- C:\$RECYCLE.BIN

==================== Find3M ====================

2009-07-10 10:48 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-10 10:48 86,016 a------- c:\windows\inf\infstor.dat
2009-07-10 10:48 51,200 a------- c:\windows\inf\infpub.dat
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-08 22:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-08 22:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-04-30 05:37 293,376 a------- c:\windows\system32\psisdecd.dll
2009-04-30 05:37 428,544 a------- c:\windows\system32\EncDec.dll
2009-04-23 05:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 05:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-22 00:20 14,311,680 a------- c:\windows\system32\xlive.dll
2009-04-22 00:20 13,642,496 a------- c:\windows\system32\xlivefnt.dll
2009-04-21 04:55 2,033,152 a------- c:\windows\system32\win32k.sys
2008-11-21 17:14 56 a---h--- c:\programdata\ezsidmv.dat
2008-11-21 17:14 56 a---h--- c:\progra~2\ezsidmv.dat
2008-10-28 15:29 22,328 a------- c:\users\tommy\appdata\roaming\PnkBstrK.sys
2008-07-01 19:20 2,788,800 a------- c:\program files\FLV PlayerFCSetup.exe
2008-06-22 02:36 174 a--sh--- c:\program files\desktop.ini
2008-06-22 02:25 665,600 a------- c:\windows\inf\drvindex.dat
2008-02-20 13:33 0 a------- c:\users\tommy\appdata\roaming\wklnhst.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 10:47:28.77 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/14/2008 6:10:35 PM
System Uptime: 7/15/2009 4:02:22 AM (78 hours ago)

Motherboard: ASUSTek Computer INC. | | Leonite2
Processor: Intel® Core™2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 457 GiB total, 226.008 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.232 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: KODAK 5300 AiO
Device ID: ROOT\IMAGE\0000
Manufacturer: Eastman Kodak
Name: KODAK 5300 AiO #2
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan

==== System Restore Points ===================

RP650: 6/29/2009 7:21:09 AM - Windows Update
RP651: 7/2/2009 8:13:40 PM - Windows Update
RP652: 7/3/2009 10:43:13 PM - Scheduled Checkpoint
RP653: 7/4/2009 1:35:52 AM - Installed Java™ 6 Update 14
RP654: 7/5/2009 12:00:07 AM - Scheduled Checkpoint
RP655: 7/6/2009 12:00:03 AM - Scheduled Checkpoint
RP656: 7/6/2009 4:06:05 PM - Scheduled Checkpoint
RP657: 7/6/2009 11:40:35 PM - Windows Update
RP658: 7/7/2009 8:46:37 PM - Scheduled Checkpoint
RP659: 7/8/2009 12:12:16 PM - Scheduled Checkpoint
RP660: 7/9/2009 12:54:39 PM - Windows Update
RP661: 7/10/2009 1:59:50 AM - Scheduled Checkpoint
RP663: 7/10/2009 10:44:47 AM - Configured Linksys EasyLink Advisor
RP664: 7/10/2009 10:47:19 AM - Device Driver Package Install: Cisco Systems, Inc. Network Protocol
RP665: 7/10/2009 10:47:45 AM - Device Driver Package Install: Cisco Systems, Inc. Network Protocol
RP666: 7/11/2009 12:00:02 AM - Scheduled Checkpoint
RP667: 7/11/2009 4:55:13 PM - Scheduled Checkpoint
RP668: 7/12/2009 7:03:09 AM - Scheduled Checkpoint
RP669: 7/13/2009 3:00:13 AM - Scheduled Checkpoint
RP670: 7/13/2009 9:24:21 PM - Windows Update
RP671: 7/15/2009 2:00:31 AM - Scheduled Checkpoint
RP672: 7/15/2009 3:00:18 AM - Windows Update
RP673: 7/16/2009 1:03:24 AM - Installed TortoiseSVN 1.6.3.16613 (32 bit)
RP674: 7/16/2009 3:00:31 PM - Windows Update
RP675: 7/18/2009 1:35:32 AM - Scheduled Checkpoint

==== Installed Programs ======================

µTorrent
ActiveCheck component for HP Active Support Library
Ad-Aware
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.5
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
aiofw
aioprnt
aioscnnr
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
ATT-PRT22
Audacity 1.2.6
Audiosurf
AutoHotkey 1.0.47.06
AutoUpdate
avast! Antivirus
Blueberry Garden Demo
Bonjour
Bulent's Screen Recorder 4
Call of Duty
Call of Duty® - World at War™ Beta
Call of Duty® 2
Call of Duty® 2 Mod Tools
Call of Duty® 2 Patch 1.3
Call of Duty® 4 - Modern Warfare™
Call of Duty® 4 - Modern Warfare™ 1.4 Patch
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
Call of Duty® 4 - Modern Warfare™ 1.5 Patch
CamStudio
CCScore
center
Choice Guard
City 14
Counter-Strike
Counter-Strike: Source
Day of Defeat: Source
Day of Defeat: Source Beta
dBpoweramp Music Converter
DING!
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Manager 2.3.7
DyynoPlayer 0.8.6f.2
EA Download Manager
Enhanced Multimedia Keyboard Solution
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Fallout 3
Fallout 3 - The Garden of Eden Creation Kit
Folding@home-x86
Fraps
Freecorder Toolbar 3.02 Application
Game Cam 2.1
Garry's Mod
GCFScape 1.6.7
GoldWave v5.20
Google SketchUp 7
Google Toolbar for Internet Explorer
Gunbound Revolution
Half-Life
Half-Life 2
Half-Life 2 Awakening 1.1
Half-Life 2 Riot Act 1.0
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Dedicated Server Update Tool
Hardware Diagnostic Tools
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
HPAsset component for HP Active Support Library
ijji
ijji Auto Installer
ijji FireFox Launcher 1.0
Intel® Matrix Storage Manager
Intel® Viiv™ Software
iTunes
Java™ 6 Update 14
Java™ 6 Update 3
KB408682
kgcbase
Killing Floor
KODAK All-in-One Printer Software
Kodak EasyShare software
ksDIP
Left 4 Dead
LightScribe 1.8.15.1
Linksys EasyLink Advisor
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Home and Student 60 day trial
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft XNA Framework Redistributable 3.0
MINERVA: Metastasis
MobileMe Control Panel
Mozilla Firefox (3.0.11)
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.0
My HP Games
NecroVisioN
netbrdg
NVIDIA Drivers
NVIDIA PhysX v8.07.18
Obsidian Conflict Beta 1.34
OfotoXMI
PC Tools Firewall Plus 5.0
PDF Settings
Peggle Nights
Portal
PreReq
PSSWCORE
PunkBuster Services
Pure Networks Platform
Python 2.5
QuickTime
Real Alternative 1.8.2
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
Security Update for Windows Media Encoder (KB954156)
SFR
SHASTA
skin0001
SKINXSDK
Skype™ Beta 4.0
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
Source SDK
Source SDK Base
Source SDK Base - Orange Box
SpeedFan (remove only)
SPORE™
Spybot - Search & Destroy
staticcr
Steam
StepMania (remove only)
Synergy
System Requirements Lab
Team Fortress 2
Team Fortress 2 Dedicated Server
TeamSpeak 2 RC2
tooltips
TortoiseSVN 1.6.3.16613 (32 bit)
Unity Web Player
Ventrilo Client
VideoToolkit01
VLC media player 1.0.0
VPRINTOL
VTFEdit 1.2.5
WeatherBug Gadget
WebEx Support Manager for Internet Explorer
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
WIRELESS
World of Warcraft
Xfire (remove only)
Yahoo! Search Protection
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

7/18/2009 10:31:51 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 001D60B54DD4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/15/2009 8:09:48 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PERLA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1503B5E1-0606-4960-A098-F98B5435B. The master browser is stopping or an election is being forced.
7/13/2009 5:03:41 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
7/11/2009 8:32:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb i8042prt ssmdrv
7/11/2009 8:32:07 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/11/2009 4:26:27 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JASON-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1503B5E1-0606-4960-A098-F98B5435B. The master browser is stopping or an election is being forced.

==== End Of File ===========================



No worries about the delay I have since been able to find a way to work this out with steam and the login issues haven't really been bothering me. I would just like a check up now to see if everything is as good as it seems to be right now. :thumbup2:

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:43 PM

Posted 18 July 2009 - 07:14 PM

Hi kenai,

The first logs you posted had traces of malware which no longer appear in the last logs you posted. We will be doing a double-check to make sure.

First though, you haven't got an antivirus.
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are Avast! and Antivir
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Also

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


Now to the scans

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Then

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

Finally

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 20 July 2009 - 05:07 AM

Malwarebytes' Anti-Malware 1.39
Database version: 2464
Windows 6.0.6001 Service Pack 1

7/20/2009 3:06:23 AM
mbam-log-2009-07-20 (03-06-23).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 497169
Time elapsed: 2 hour(s), 32 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


MalwareBytes scan


Will get to the other scans later though, its 3 in the morning D:

#6 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 21 July 2009 - 01:51 PM

Unless Gmer automatically saves a log file I do not have one nor do I know if Gmer caused my computer to crash or if it was something else. I let it scan while I was asleep and woke up to a warning that Microsoft has recovered from a system crash. Do you want me to go ahead and scan with ESET?

Edited by Kenai, 21 July 2009 - 01:52 PM.


#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:43 PM

Posted 21 July 2009 - 01:55 PM

Did you rename Gmer?

If so, we will try another rootkit scanner.

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop:
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all six boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
Then go ahead with ESET. Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 21 July 2009 - 03:22 PM

ROOTREPEAL CRASH REPORT
-------------------------
Exception Code: 0xc0000005
Exception Address: 0x77a981cb
Attempt to read from address: 0x61647232

Got that after I checked in awhile after I started the scan

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:43 PM

Posted 21 July 2009 - 03:30 PM

kenai, please run this program.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop but rename it Combo-Fix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#10 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 21 July 2009 - 04:39 PM

ComboFix 09-07-20.05 - Tommy 07/21/2009 14:09.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1896 [GMT -7:00]
Running from: c:\users\Tommy\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\24e99313.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-21 to 2009-07-21 )))))))))))))))))))))))))))))))
.

2009-07-21 21:17 . 2009-07-21 21:32 -------- d-----w- c:\users\Tommy\AppData\Local\temp
2009-07-16 08:04 . 2009-07-16 08:04 -------- d-----w- c:\program files\TortoiseSVN
2009-07-16 08:04 . 2009-07-16 08:04 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-07-16 06:01 . 2009-07-16 06:02 -------- d-----w- c:\users\Tommy\AppData\Roaming\vlc
2009-07-15 00:04 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 00:04 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 00:04 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 00:04 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-10 22:10 . 2009-07-10 22:10 -------- d-----w- c:\users\Tommy\AppData\Local\Apple
2009-07-10 17:52 . 2009-07-10 17:52 -------- dc-h--w- c:\programdata\{35ACA973-70F0-495F-9092-74A130711865}
2009-07-10 17:52 . 2009-05-21 21:29 2833072 -c--a-w- c:\programdata\{35ACA973-70F0-495F-9092-74A130711865}\setup.exe
2009-07-10 17:47 . 2008-12-13 01:05 24880 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-07-10 17:47 . 2008-12-13 01:05 26416 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-07-10 17:47 . 2009-07-10 17:47 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-07-10 17:46 . 2009-07-10 17:47 -------- d-----w- c:\programdata\Pure Networks
2009-07-10 06:32 . 2009-07-10 06:32 -------- d-----w- c:\users\Tommy\AppData\Local\Adobe
2009-07-09 20:22 . 2009-07-09 20:22 -------- d-----w- c:\users\Tommy\AppData\Local\Apple Computer
2009-07-08 00:56 . 2009-07-08 00:56 -------- d-----w- c:\users\Tommy\AppData\Local\Eastman_Kodak_Company
2009-07-07 00:05 . 2009-07-07 00:05 -------- d-----w- c:\program files\SpeedFan
2009-07-02 18:55 . 2009-07-02 18:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-27 16:10 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-27 16:10 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-27 16:10 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-27 16:10 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-27 16:10 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-27 16:10 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-27 16:10 . 2009-02-05 20:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-06-27 16:10 . 2009-06-27 16:10 -------- d-----w- c:\program files\Alwil Software
2009-06-27 07:20 . 2009-06-27 07:20 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-25 14:26 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-25 14:26 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 14:24 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-06-25 14:24 . 2009-03-08 11:31 48128 ----a-w- c:\windows\system32\mshtmler.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 21:23 . 2009-07-03 12:16 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-07-21 20:38 . 2008-02-23 21:42 -------- d-----w- c:\program files\Steam
2009-07-21 09:54 . 2008-02-19 22:38 -------- d-----w- c:\users\Tommy\AppData\Roaming\Xfire
2009-07-15 21:22 . 2008-02-19 22:38 -------- d-----w- c:\programdata\Xfire
2009-07-15 10:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-13 20:36 . 2008-12-26 21:04 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2008-12-26 21:04 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 19:53 . 2008-02-23 21:42 -------- d-----w- c:\program files\Common Files\Steam
2009-07-10 19:49 . 2008-02-19 21:52 112424 ----a-w- c:\users\Tommy\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-10 17:49 . 2009-06-06 22:40 -------- d-----w- c:\program files\Linksys
2009-07-10 17:46 . 2007-11-13 16:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 16:32 . 2008-03-18 20:37 2032 ----a-w- c:\users\Tommy\AppData\Local\d3d9caps.dat
2009-07-10 01:54 . 2008-03-23 03:38 495448 ----a-w- c:\programdata\yahoo!\SearchProtection\fudogsetupUS.exe
2009-07-07 01:30 . 2008-02-19 22:38 -------- d-----w- c:\program files\Xfire
2009-07-04 08:37 . 2007-11-13 16:29 -------- d-----w- c:\program files\Java
2009-07-03 12:16 . 2008-12-27 23:23 -------- d-----w- c:\program files\PC Tools Firewall Plus
2009-07-01 04:44 . 2008-05-29 07:05 -------- d-----w- c:\users\Tommy\AppData\Roaming\uTorrent
2009-06-25 14:29 . 2009-06-08 20:05 -------- d-----w- c:\program files\OpenOffice.org 3
2009-06-25 14:21 . 2009-05-17 04:44 -------- d-----w- c:\program files\Gomez
2009-06-14 23:02 . 2009-06-14 23:02 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbF995.tmp.exe
2009-06-11 00:06 . 2009-06-11 00:06 -------- d-----w- c:\program files\Microsoft XNA
2009-06-10 10:06 . 2007-11-13 16:30 -------- d-----w- c:\program files\Microsoft Works
2009-06-08 23:44 . 2009-06-08 23:19 245999472 ----a-w- c:\programdata\Linksys\Linksys Updater\update\35A205B7-27AF-4DE7-98DC-156614EFC2DE\lela-3.11.9139.94.exe
2009-06-08 20:09 . 2009-06-08 20:09 1 ----a-w- c:\users\Tommy\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-08 20:08 . 2009-06-08 20:08 -------- d-----w- c:\users\Tommy\AppData\Roaming\OpenOffice.org
2009-06-06 23:27 . 2009-06-06 23:25 -------- d-----w- c:\program files\ATT-PRT22-WISE
2009-06-06 23:27 . 2009-06-06 23:27 -------- d-----w- c:\program files\att-prt22
2009-06-06 23:27 . 2009-06-06 23:26 -------- d-----w- c:\program files\Common Files\Motive
2009-06-06 23:26 . 2009-06-06 23:26 -------- d-----w- c:\programdata\Motive
2009-06-06 22:45 . 2009-06-06 22:43 -------- d-----w- c:\programdata\Linksys
2009-06-06 22:44 . 2009-06-06 22:44 -------- d-----w- c:\programdata\webex
2009-06-06 22:41 . 2009-06-06 22:41 -------- d-----w- c:\program files\Common Files\Java
2009-05-21 18:33 . 2008-12-05 02:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-16 01:03 . 2009-05-16 01:03 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-04 22:27 . 2009-04-11 23:40 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-30 12:37 . 2009-06-13 03:46 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-13 03:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-23 12:43 . 2009-06-10 09:47 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 09:47 636928 ----a-w- c:\windows\system32\localspl.dll
2008-07-02 02:20 . 2008-07-02 02:19 2788800 ----a-w- c:\program files\FLV PlayerFCSetup.exe
2009-06-12 04:59 . 2008-12-28 09:53 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-11-13 15:56 . 2007-11-13 15:51 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-06 01:01 85712 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\program files\steam\steam.exe" [2009-07-10 1217784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-15 178968]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 92704]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-04-13 2652056]
"Conime"="c:\windows\system32\conime.exe" [2008-01-19 69120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2009-05-20 221184]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

c:\users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-7-2 3190096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WeGame.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WeGame.lnk
backup=c:\windows\pss\WeGame.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Tommy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DING!.lnk]
path=c:\users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnk.Startup
backupExtension=.Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7A3B5625-78D9-4922-ABF2-30F21E46EBDC}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{F63876C7-30A6-4E61-9BB2-B53E7362BAC7}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{D9699CBD-B153-4691-AC9A-406F65088F8A}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{E09CE15B-5F01-47D5-8BE7-FBCBB365D870}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{BCAECF92-ADD0-41AA-99BE-8F5770E8070B}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{6C8D929A-4B68-49EA-81A0-7170286E1F1B}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{40A0175B-A9DC-403A-AE5D-E2EDDECFA1AC}"= TCP:9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{D1D8A6F1-B4A8-4038-AA50-A94B45ACF46B}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{C62A9A0D-93EF-4694-9B6B-653C888A0C1D}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E11CD62B-1268-49A0-8EB6-3C269172D1D2}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{91C21F08-BD4D-4C25-97DB-AC69D95B488E}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{60C45900-ECA0-4BF4-AF7C-E2DE5A4BA0EA}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E57CF611-7A89-4510-B9C2-57B390CBA7EC}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{96BDE7AA-D7FC-45C7-B444-F6E393B08743}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9C611B3C-D177-4996-849B-A288C618A156}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D0404057-C537-468E-908D-46A749EE1209}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{E4AE6C63-0957-4C9B-8EB8-2727AE40DEE8}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{25BEE528-BF7C-44D4-83A8-96347A367CB3}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{8F45B792-EA8E-4952-BA08-597AD42F305E}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{2ACCC09E-D5C4-4D49-ADEA-7A8A27102D07}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{17ED07BA-29AC-4A63-95DB-F5B46621ABB3}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2A36A2F5-A714-46E9-B2FA-AC1C65D7166E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{D6F9D53A-53E1-473C-AA2B-7D79A47DDAE5}c:\\program files\\steam\\steamapps\\iccold\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\garrysmod\hl2.exe:hl2
"UDP Query User{B6234706-940D-41F9-BD25-4ADDEE963760}c:\\program files\\steam\\steamapps\\iccold\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\garrysmod\hl2.exe:hl2
"TCP Query User{E24DCCBC-6242-4EB4-966D-7FA028A3DC9B}c:\\program files\\steam\\steamapps\\iccold\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\source sdk base\hl2.exe:hl2
"UDP Query User{2A1E15D6-A140-4259-8344-C0C7F08FD5E8}c:\\program files\\steam\\steamapps\\iccold\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\source sdk base\hl2.exe:hl2
"TCP Query User{5BCBD66A-5D43-4456-9088-0FCED86EA211}c:\\program files\\steam\\steamapps\\iccold\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\counter-strike source\hl2.exe:hl2
"UDP Query User{E2B859A0-32EE-4FE0-BC3F-A3E339D62A6A}c:\\program files\\steam\\steamapps\\iccold\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\counter-strike source\hl2.exe:hl2
"TCP Query User{640409D9-7CC0-42DB-9AB3-D1CD7D1933E8}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{9FC8B161-1DA4-447C-BB1E-E4C0592115AC}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{A3C5B5FB-6D3F-4809-BA01-C6029FBE2DF1}c:\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{22026C8B-0F8B-4E43-BA50-E18DB7493BE4}c:\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{27CB701F-2605-47BA-972C-49D099C20140}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{CAEC1498-4346-43E2-A1EF-B05E23DF7167}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{9076F437-F0DE-4946-9CDF-3A6616883606}c:\\program files\\steam\\steamapps\\iccold\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\team fortress 2\hl2.exe:hl2
"UDP Query User{876F7226-24A9-4A3E-B66B-00350FC54D34}c:\\program files\\steam\\steamapps\\iccold\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\team fortress 2\hl2.exe:hl2
"TCP Query User{9C2470A6-1FDC-4C2D-8DE0-C966EB39A680}c:\\program files\\steam\\steamapps\\iccold\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\iccold\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{8C79832E-F49F-4425-A580-0C2F9DBE1449}c:\\program files\\steam\\steamapps\\iccold\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\iccold\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{A5EBC3FA-4751-480C-B2F1-6FE92160A9D1}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{3F9BD9C8-D710-4043-82B8-AA5F2DDCC04E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{140D6934-6889-492B-B652-9156EB89EB6E}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{05653963-3AA7-4DDF-B044-F5F244B2F3DE}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"TCP Query User{033AAD8D-D271-46AC-99C0-F2F1D732048A}c:\\program files\\steam\\steamapps\\iccold\\synergy\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\synergy\hl2.exe:hl2
"UDP Query User{DF9ECA62-9D18-4153-B07E-1BB90AA69E44}c:\\program files\\steam\\steamapps\\iccold\\synergy\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\synergy\hl2.exe:hl2
"TCP Query User{0D205042-D627-4D6F-AA31-D692C13F1143}c:\\program files\\steam\\steamapps\\iccold\\synergy dedicated server\\srcds.exe"= UDP:c:\program files\steam\steamapps\iccold\synergy dedicated server\srcds.exe:srcds
"UDP Query User{AA150651-726A-4327-816F-0770A1982FC7}c:\\program files\\steam\\steamapps\\iccold\\synergy dedicated server\\srcds.exe"= TCP:c:\program files\steam\steamapps\iccold\synergy dedicated server\srcds.exe:srcds
"TCP Query User{686E686D-A377-46C7-9AF8-633CB3DDB868}c:\\program files\\steam\\steamapps\\iccold\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\zombie panic! source\hl2.exe:hl2
"UDP Query User{74696934-97F5-4266-98DD-37D4989A8B8E}c:\\program files\\steam\\steamapps\\iccold\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\zombie panic! source\hl2.exe:hl2
"TCP Query User{1E77DDCB-7BD2-4A89-BC13-257B04E829B7}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{EBA4F0EC-14EA-4C18-985C-2D44B76944F7}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{0A71FF55-03CF-46A4-9A6D-710B10FC1C50}c:\\program files\\steam\\steamapps\\iccold\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{8B166DAA-6E01-4AA6-83E8-BE5C7BF39D19}c:\\program files\\steam\\steamapps\\iccold\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{5E30D45D-0B87-49FF-95DE-91B777818DF6}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= UDP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty®: World at War Multiplayer
"UDP Query User{EE904E4D-5429-4E97-8527-FC2F7A3C1AE7}c:\\program files\\activision\\call of duty - world at war beta\\codwawbeta.exe"= TCP:c:\program files\activision\call of duty - world at war beta\codwawbeta.exe:Call of Duty®: World at War Multiplayer
"TCP Query User{E4B3E022-2E56-4EB0-BC9F-9FBD080FA72B}c:\\program files\\steam\\steamapps\\iccold\\source sdk base 2007\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\source sdk base 2007\hl2.exe:hl2
"UDP Query User{294A6764-A87A-45C9-9053-D796BC866023}c:\\program files\\steam\\steamapps\\iccold\\source sdk base 2007\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\source sdk base 2007\hl2.exe:hl2
"TCP Query User{72A31B58-197A-467A-9EDB-8A2071131B11}c:\\users\\tommy\\appdata\\local\\dyyno receiver\\dppm.exe"= UDP:c:\users\tommy\appdata\local\dyyno receiver\dppm.exe:dppm.exe
"UDP Query User{8121212B-AF04-4C26-B66B-CAAA8CAA4946}c:\\users\\tommy\\appdata\\local\\dyyno receiver\\dppm.exe"= TCP:c:\users\tommy\appdata\local\dyyno receiver\dppm.exe:dppm.exe
"{879FA604-87C5-4C4C-811A-41DB0591D523}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{84142A54-8234-4601-A506-2D718E7247D1}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6A3D0481-1EC9-4CA1-BF91-7CDFDEA828D3}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{36975C79-D7E0-4BEE-9CE9-A71280CF0A93}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{32A81190-16B4-4575-821B-028B4E533D40}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{A92F556C-3E08-400C-B2F5-950A858A408F}c:\\users\\tommy\\appdata\\locallow\\dyyno receiver\\dppm.exe"= UDP:c:\users\tommy\appdata\locallow\dyyno receiver\dppm.exe:dppm.exe
"UDP Query User{7EEFE5A5-9EC3-4DBB-BF4B-8B8294F63D70}c:\\users\\tommy\\appdata\\locallow\\dyyno receiver\\dppm.exe"= TCP:c:\users\tommy\appdata\locallow\dyyno receiver\dppm.exe:dppm.exe
"TCP Query User{44313C78-AE42-4C15-880F-E68CA21013CC}c:\\program files\\steam\\steamapps\\iccold\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\iccold\half-life\hl.exe:Half-Life Launcher
"UDP Query User{FF58F9DD-968E-4195-9B95-50DD887A2109}c:\\program files\\steam\\steamapps\\iccold\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\iccold\half-life\hl.exe:Half-Life Launcher
"TCP Query User{15BE9C07-FFF8-474D-9B88-643D769F3BBF}c:\\program files\\call of duty\\codmp.exe"= UDP:c:\program files\call of duty\codmp.exe:CoDMP
"UDP Query User{185DEFC6-E268-418B-8A15-607073F893DA}c:\\program files\\call of duty\\codmp.exe"= TCP:c:\program files\call of duty\codmp.exe:CoDMP
"TCP Query User{DBA4933D-D4E4-4F62-86DF-C07C5FD17634}c:\\program files\\steam\\steamapps\\iccold\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\team fortress 2\hl2.exe:hl2
"UDP Query User{800DD68B-22A1-4AEA-BCBA-6F91CB3EB339}c:\\program files\\steam\\steamapps\\iccold\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\team fortress 2\hl2.exe:hl2
"TCP Query User{06E50A0A-795B-468F-9EA9-03E5179DCA8A}c:\\program files\\steam\\steamapps\\iccold\\synergy\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\synergy\hl2.exe:hl2
"UDP Query User{B36087EE-6D6E-492F-BCC2-A5A2EFA63741}c:\\program files\\steam\\steamapps\\iccold\\synergy\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\synergy\hl2.exe:hl2
"TCP Query User{6E96FEE7-9D31-4D63-AE0C-9DA3324C6C31}c:\\users\\tommy\\appdata\\locallow\\dyyno receiver\\dppm.exe"= UDP:c:\users\tommy\appdata\locallow\dyyno receiver\dppm.exe:dppm.exe
"UDP Query User{E582F4E5-BA8B-41DB-A2E9-147CE1451A67}c:\\users\\tommy\\appdata\\locallow\\dyyno receiver\\dppm.exe"= TCP:c:\users\tommy\appdata\locallow\dyyno receiver\dppm.exe:dppm.exe
"TCP Query User{735AF730-01FD-40B5-8F23-8F0B3EB1365C}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9D62AA00-2B7A-41C7-B058-170028043D0E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{72A3FBDF-29DB-4F80-BD31-66253CED0377}c:\\program files\\steam\\steamapps\\iccold\\source sdk base 2007\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\source sdk base 2007\hl2.exe:hl2
"UDP Query User{5B91F2F7-E0C2-468D-A554-67491B79D5ED}c:\\program files\\steam\\steamapps\\iccold\\source sdk base 2007\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\source sdk base 2007\hl2.exe:hl2
"TCP Query User{B2AFEC76-08B8-43FA-9837-AE42F48EE7A3}c:\\program files\\steam\\steamapps\\iccold\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\iccold\garrysmod\hl2.exe:hl2
"UDP Query User{62912BDE-4526-4823-9437-470DB37140A6}c:\\program files\\steam\\steamapps\\iccold\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\iccold\garrysmod\hl2.exe:hl2
"TCP Query User{301BC52E-AE83-40FE-BA5F-450C313C01E3}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{1D6D180D-2DA3-418A-9423-CDCF4ACD7C93}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{7B2E91E7-A58D-4DC4-9037-83DB7B6ADC53}c:\\program files\\call of duty\\codmp.exe"= UDP:c:\program files\call of duty\codmp.exe:CoDMP
"UDP Query User{8D96753C-AFC9-4014-83F0-3ADA885402D3}c:\\program files\\call of duty\\codmp.exe"= TCP:c:\program files\call of duty\codmp.exe:CoDMP
"{18989265-632D-4C15-827E-449A8A123A03}"= UDP:80:ps3 port1
"{ECCB3A24-C2BB-4CFF-94C2-306002452092}"= UDP:443:ps3 port 2
"{1819A44B-7506-46FC-907D-762AC6957527}"= UDP:5223:ps3 port 3
"{099F491E-762C-433F-A971-BB709C108978}"= TCP:3478:ps3 port 4
"{6883277B-9FA3-4A83-9746-1355C73419F6}"= TCP:3479:ps3 port 5
"{3D04B168-E2D6-42CB-A7DB-ACFDF7BA53E0}"= TCP:3658:ps3 port 6
"{A8A45341-E65F-4869-B555-34D1C347DDD9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DE239778-01C2-4752-B947-77E90B9260CD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{225EE5CA-AD71-4B49-8980-46D7D5D28B8C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2B4ACA0E-3557-4014-8669-AE492726674F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{97F3AFAA-29C8-4DBB-B719-7AA10F80BC72}"= UDP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{B92CEBA2-D5CA-4AF4-B076-2CF9F230A10A}"= TCP:c:\program files\Steam\steamapps\common\peggle nights\PeggleNights.exe:Peggle Nights
"{7D01B4BD-E1C5-474D-8BB3-E8D76F2726F1}"= UDP:9322:EKDiscovery
"{79427473-3E59-4AF8-8E18-19F6F213C451}"= UDP:9323:EKDiscovery
"{D7CF35F3-3D18-411D-BA28-4F3681C1FCBA}"= UDP:9322:EKDiscovery
"{15764F90-286C-4A8F-A7AB-3BF426DE956D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{EA915513-363D-4160-B168-87BBE16D1251}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{6C3A05E7-B1A8-4C73-860C-80AAE7B011BD}"= UDP:c:\program files\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe:Blueberry Garden Demo
"{E05F6327-2E0B-457D-A4F8-76EEE398E95A}"= TCP:c:\program files\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe:Blueberry Garden Demo
"{85DD4CC2-82DA-4833-825E-A2D9B1A9F255}"= TCP:67:DHCP Discovery Service
"{C1D2FE7A-15C6-4112-9699-BA1E0AFF7284}"= UDP:9323:EKDiscovery
"{98A6D63E-454B-4732-A492-322FC80E017B}"= TCP:67:DHCP Discovery Service
"{2E3B801D-1AC9-4945-B57E-2DC3C8B18FAC}"= UDP:c:\program files\Steam\steamapps\common\necrovision\Bin\NecroVisioN.exe:NecroVisioN
"{C3C266D9-E5A8-4142-A61C-3F8AF0B5B2B3}"= TCP:c:\program files\Steam\steamapps\common\necrovision\Bin\NecroVisioN.exe:NecroVisioN
"{72A43CEC-789E-4C0F-8695-41A602AB8EF9}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{B22C5390-4F61-4E0A-877E-0B3532393379}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{A33B5EA6-1674-4770-AF0D-54AD1EA085FC}"= UDP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor
"{7D71E2D7-BE5B-4678-8B46-229A5ED5E4D3}"= TCP:c:\program files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:Killing Floor
"{603F660E-D48B-4C35-8046-CFC33E7DC848}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{54CF5577-8192-4207-A4DD-0C5748C0AE08}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\left4dead.exe:Left 4 Dead
"{46C73590-1384-466C-8C57-52A8631B6B52}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service
"{7FAF02F8-3CA2-4695-A65F-16F401713F73}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/27/2009 9:10 AM 114768]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [12/27/2008 4:24 PM 159600]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/27/2009 9:10 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/27/2009 9:10 AM 51792]
R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [9/3/2006 11:32 AM 208896]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [1/19/2009 5:01 PM 279960]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [1/19/2009 5:02 PM 38296]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 12:43 PM 204800]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\System32\drivers\PCTAppEvent.sys [12/27/2008 4:24 PM 73840]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [12/27/2008 4:23 PM 95640]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [12/19/2007 1:09 AM 21920]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [5/10/2006 10:13 AM 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-21 c:\windows\Tasks\User_Feed_Synchronization-{B213D993-DC23-4111-ACBE-1D2D4BE08E56}.job
- c:\windows\system32\msfeedssync.exe [2009-06-25 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mg2.mail.yahoo.com/dc/launch?.rand=39gnl8arvsmpe
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {1503B5E1-0606-4960-A098-F98B5435B4C5} = 192.168.0.1,192.168.0.40
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
FF - ProfilePath - c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\snxcrt6m.default\
FF - prefs.js: browser.search.selectedEngine - swagbucks.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\snxcrt6m.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\snxcrt6m.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\snxcrt6m.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-21 14:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-543014975-2786251972-929394339-1001\Software\SecuROM\License information*]
"datasecu"=hex:13,d3,cb,18,f9,40,45,5d,c7,3b,d9,f4,2c,74,df,c0,4c,26,4b,16,4a,
1e,be,66,c3,94,24,32,3a,a3,5e,fa,6a,16,14,ba,9e,55,96,67,ad,ea,db,8f,37,f4,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(11056)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\libaprutil_tsvn.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\java.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-07-21 14:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-21 21:37
ComboFix2.txt 2009-06-25 14:10

Pre-Run: 243,266,498,560 bytes free
Post-Run: 244,003,663,872 bytes free

423 --- E O F --- 2009-07-20 19:48

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:43 PM

Posted 24 July 2009 - 11:50 AM

Hi kenai,

Sorry to keep you, I was just checking something out on your log.

It seems fine so let's run an online scanner.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#12 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 24 July 2009 - 01:50 PM

Problem with the download or the website. Either its extremely busy or they don't keep good maintenance of their servers because i was downloading between 1.1-5.5 kbs and it just stopped downloading randomly

Same problem on Internet Explorer it loads extremely slow

Edited by Kenai, 24 July 2009 - 01:51 PM.


#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:43 PM

Posted 24 July 2009 - 02:13 PM

Okay, let's try BitDefender.

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#14 Kenai

Kenai
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Local time:01:43 PM

Posted 26 July 2009 - 03:09 PM

BitDefender said it didn't find anything but there was no button to click to export the scan results

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:43 PM

Posted 26 July 2009 - 03:47 PM

Hi kenai,

It doesn't look like a malware issue to me.

It might be worth running a system scan.


Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'.

Type sfc /scannow and press enter

Please post back with the results.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users