Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects


  • Please log in to reply
6 replies to this topic

#1 benhrei

benhrei

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 21 August 2009 - 08:44 PM

Please help me out:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Esther at 23:42:11.82 on Thu 08/20/2009
Internet Explorer: 8.0.6001.18813
MicrosoftĂ Windows Vista˘ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1458 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\lxcicoms.exe
C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\lxdwcoms.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SMINST\BLService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Lexmark 7600 Series\lxdwMsdMon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Esther\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1C495SLK\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [lxdwmon.exe] "c:\program files\lexmark 7600 series\lxdwmon.exe"
mRun: [lxdwamon] "c:\program files\lexmark 7600 series\lxdwamon.exe"
mRun: [Lexmark 7600 Series Fax Server] "c:\program files\lexmark 7600 series\fm3032.exe" /s
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,_RunDLLEntry@16
mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe"
mRun: [EzPrint] "c:\program files\lexmark 7300 series\ezprint.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} - hxxp://pogo.oberon-media.com/online2/pogo/wedding_dash/WeddingDash.1.0.0.47.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-14 24652]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-19 101936]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
S2 gupdate1c9fc04c87b728e;Google Update Service (gupdate1c9fc04c87b728e);c:\program files\google\update\GoogleUpdate.exe [2009-7-3 133104]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdwserv.exe [2008-5-16 98984]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]

=============== Created Last 30 ================

2009-08-18 14:21 <DIR> --d----- c:\program files\CCleaner
2009-08-13 19:19 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-08-13 19:19 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-13 19:19 270,848 a------- c:\windows\system32\schannel.dll
2009-08-13 19:19 218,624 a------- c:\windows\system32\msv1_0.dll
2009-08-13 19:19 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-13 19:19 439,864 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-13 19:19 72,704 a------- c:\windows\system32\secur32.dll
2009-08-13 19:19 9,728 a------- c:\windows\system32\lsass.exe
2009-08-11 16:48 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-11 16:48 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-11 16:48 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-11 16:48 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-11 16:48 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-11 16:48 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-11 16:48 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-11 16:48 71,680 a------- c:\windows\system32\atl.dll
2009-08-11 16:48 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-11 16:48 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-11 16:48 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-11 08:34 <DIR> --d----- c:\windows\system32\eu-ES
2009-08-11 08:34 <DIR> --d----- c:\windows\system32\ca-ES
2009-08-11 08:34 <DIR> --d----- c:\windows\system32\vi-VN
2009-08-11 08:07 <DIR> --d----- c:\windows\system32\EventProviders
2009-08-10 23:03 <DIR> --d----- c:\programdata\PICTUREKA! MUSEUM MAYHEM
2009-08-10 23:03 <DIR> --d----- c:\progra~2\PICTUREKA! MUSEUM MAYHEM
2009-08-10 23:02 <DIR> --d----- c:\users\esther\appdata\roaming\Pogo Games
2009-08-10 22:42 <DIR> --d----- c:\program files\Oberon Media
2009-08-04 17:10 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-08-04 17:10 3,408,896 a------- c:\windows\system32\SLsvc.exe
2009-08-04 17:10 1,081,344 a------- c:\windows\system32\SLCExt.dll
2009-08-04 17:10 2,134,528 a------- c:\windows\system32\FunctionDiscoveryFolder.dll
2009-08-04 17:10 65,536 a------- c:\windows\system32\DevicePairingWizard.exe
2009-08-04 17:10 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-08-04 17:10 1,480,704 a------- c:\windows\system32\mssrch.dll
2009-08-04 17:08 527,848 a------- c:\windows\system32\drivers\ndis.sys
2009-08-04 17:07 247,808 a------- c:\windows\system32\drvstore.dll

==================== Find3M ====================

2009-08-11 09:08 86,016 a------- c:\windows\inf\infstor.dat
2009-08-11 09:08 51,200 a------- c:\windows\inf\infpub.dat
2009-08-11 09:08 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-11 08:34 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-21 16:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 16:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 16:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 15:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-03 12:43 56 a---h--- c:\programdata\ezsidmv.dat
2009-07-03 12:43 56 a---h--- c:\progra~2\ezsidmv.dat
2009-06-15 09:53 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 09:52 23,552 a------- c:\windows\system32\lpk.dll
2009-06-15 09:52 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 09:51 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 07:42 289,792 a------- c:\windows\system32\atmfd.dll
2009-06-02 11:11 85,504 a------- c:\windows\system32\ff_vfw.dll
2009-05-29 16:37 205,824 a------- c:\windows\system32\xvidvfw.dll
2009-05-29 16:31 881,664 a------- c:\windows\system32\xvidcore.dll
2008-01-20 21:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:43:30.40 ===============

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/20 23:52
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x9016C000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x90177000 Size: 40960 File Visible: No Signed: -
Status: -

Name: rootrepeal[1].sys
Image Path: C:\Windows\system32\drivers\rootrepeal[1].sys
Address: 0xB05ED000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Windows\System32\kbiwkmmqpfdqvt.dat
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmocnlxooi.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmppxrpytn.dll
Status: Invisible to the Windows API!

Path: C:\Windows\System32\kbiwkmuunctoav.dat
Status: Invisible to the Windows API!

Path: C:\Windows\Temp\kbiwkmiqnyeopuol.tmp
Status: Invisible to the Windows API!

Path: C:\Windows\ehome\EHEXTH~1.CON
Status: Locked to the Windows API!

Path: C:\Program Files\Windows Media Player\Network Sharing\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\System32\drivers\kbiwkmecvqkvit.sys
Status: Invisible to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.lsass.exe.01ca1d0cabb7f7f0.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\$$DeleteMe.lsass.exe.01ca1d0cabb7f7f0.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18185_none_0b1847174f5614f7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22331_none_0bd3f43c684ec0d7\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18005_none_0d553c2b4c3b84e1\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18000_none_3acd4b177cb513c9\$$DeleteMe.wdigest.dll.01ca1d0cabe06f50.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18005_none_7e9e65df5fac8e64\$$DeleteMe.msv1_0.dll.01ca1d0cabe9f4d0.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_none_8469d28baa199a7e\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_none_9b31bbe79077558b\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.18111_none_75c874a9a137a5f0\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.22230_none_9a1350e27965368d\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.16720_none_c39efe8a3f927437\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.20883_none_acd7152e5934b92a\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.18111_none_c379e3403fe480d8\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.22230_none_acae53dc5989f9eb\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.16720_none_b103fb905f6db0d9\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.20883_none_9a3c1234790ff5cc\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.18111_none_b0dee0465fbfbd7a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.16720_none_1e9c83dead284b26\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.20883_none_07d49a82c6ca9019\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.18111_none_1e776894ad7a57c7\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.22230_none_07abd930c71fd0da\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.0.6002.18005_none_ae1c8b4b8d1614c8\PRESEN~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.22230_none_5efce545badd1f03\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.22230_none_70e2f0a73370099a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.22230_none_70e2f0a73370099a\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.16720_none_62b207ce0c996d96\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.20883_none_4bea1e72263bb289\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.18111_none_628cec840ceb7a37\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.22230_none_4bc15d202690f34a\SETUPA~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\ASPX_F~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\DESELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\HEADER~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\REQUIR~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SECURI~1.JPG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SELECT~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SELECT~3.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\UNSELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\UNSELE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\ASPX_F~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\DESELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\GRADIE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\GRADIE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\HEADER~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\REQUIR~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SECURI~1.JPG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SELECT~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\SELECT~3.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\UNSELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\UNSELE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\ASPX_F~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\DESELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\GRADIE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\GRADIE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\HEADER~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\REQUIR~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SECURI~1.JPG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SELECT~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\SELECT~3.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\UNSELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.18111_none_aec031a01914d723\UNSELE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\ASPX_F~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\DESELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\GRADIE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\HEADER~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\REQUIR~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SECURI~1.JPG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\SELECT~3.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~1.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6001.22230_none_97f4a23c32ba5036\UNSELE~2.GIF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\NAVIGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WEBADM~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e101494a280d4e0b\WED669~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\NAVIGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WEBADM~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ca395fee41af92fe\WED669~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\NAVIGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_locres_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e0dc2e00285f5aac\WEBADM~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webaProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1088 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: kbiwkmppxrpytn.dll]
Process: svchost.exe (PID: 748) Address: 0x10000000 Size: 53248

Object: Hidden Module [Name: kbiwkmocnlxooi.dll]
Process: Explorer.EXE (PID: 208) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: msgsres.dll]
Process: msnmsgr.exe (PID: 5084) Address: 0x613d0000 Size: 11403264

Object: Hidden Module [Name: msgslang.14.0.8064.0206.dll]
Process: msnmsgr.exe (PID: 5084) Address: 0x64640000 Size: 315392

Object: Hidden Module [Name: msgrvsta.thm]
Process: msnmsgr.exe (PID: 5084) Address: 0x73e00000 Size: 20480

Object: Hidden Module [Name: kbiwkmocnlxooi.dll]
Process: iexplore.exe (PID: 5844) Address: 0x10000000 Size: 28672

Object: Hidden Module [Name: kbiwkmocnlxooi.dll]
Process: iexplore.exe (PID: 1096) Address: 0x10000000 Size: 28672

Hidden Services
-------------------
Service Name: kbiwkmhirbxetc
Image Path: C:\Windows\system32\drivers\kbiwkmecvqkvit.sys

Shadow SSDT
-------------------
#: 397 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "<unknown>" at address 0x85069138

==EOF==



Thanks!

BC AdBot (Login to Remove)

 


#2 benhrei

benhrei
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 24 August 2009 - 11:26 PM

Can anyone help?

#3 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:16 AM

Posted 02 September 2009 - 06:59 PM

hi,

Sorry for delay. Your log is several days old. If you still need help reply to my post.

How Can I Reduce My Risk to Malware?


#4 benhrei

benhrei
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 02 September 2009 - 08:21 PM

Yes, help please.

#5 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:16 AM

Posted 03 September 2009 - 04:02 AM

ok we will start with combofix. There is a short guide to read first which will explain a few things. Read the guide, download combofix to your desktop but before saving it rename it to combo-fix then save it to your desktop. Disable any AV etc as explained in the guide, double click the combofix icon on your desktop and follow the prompts. Post the log in your reply.

Guide to using Combofix

How Can I Reduce My Risk to Malware?


#6 benhrei

benhrei
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 14 September 2009 - 08:32 PM

Sorry for the delay, I think I did it right...

ComboFix 09-09-14.02 - Esther 09/14/2009 19:34.1.2 - NTFSx86
MicrosoftĂ Windows Vista˘ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1773 [GMT -5:00]
Running from: c:\users\Esther\Documents\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2819002435-850761837-2018973860-500
c:\$recycle.bin\S-1-5-21-3118883056-716273396-3620578844-500
c:\windows\Installer\26216.msi
c:\windows\Installer\2621a.msi
c:\windows\Installer\2621e.msi
c:\windows\Installer\26222.msi
c:\windows\Installer\26226.msi
c:\windows\Installer\2622e.msi
c:\windows\Installer\292ae4.msi
c:\windows\system32\drivers\kbiwkmecvqkvit.sys
c:\windows\system32\kbiwkmmqpfdqvt.dat
c:\windows\system32\kbiwkmuunctoav.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmhirbxetc
-------\Service_kbiwkmhirbxetc


((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.

2009-09-15 00:40 . 2009-09-15 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-15 00:17 . 2009-09-15 00:17 -------- d-----w- c:\programdata\RegCure
2009-09-15 00:17 . 2009-09-15 00:17 -------- d-----w- c:\program files\RegCure
2009-09-09 15:54 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 15:54 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 15:54 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 15:54 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 15:54 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 15:54 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 15:54 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 15:54 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 15:54 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 15:54 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 15:54 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-09 15:53 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 15:53 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 15:53 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 15:53 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 15:53 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-09 15:53 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-02 21:11 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 21:11 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-26 14:55 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-21 05:54 . 2009-08-24 16:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-21 05:54 . 2009-08-21 05:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-18 19:21 . 2009-08-18 19:21 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 00:41 . 2009-07-03 17:36 -------- d-----w- c:\users\Esther\AppData\Roaming\Skype
2009-09-15 00:08 . 2009-05-18 15:38 -------- d-----w- c:\users\Esther\AppData\Roaming\EndNote
2009-09-15 00:07 . 2009-04-16 23:02 -------- d-----w- c:\programdata\Lx_cats
2009-09-15 00:02 . 2009-07-03 17:43 -------- d-----w- c:\users\Esther\AppData\Roaming\skypePM
2009-09-11 16:54 . 2009-07-13 20:23 -------- d-----w- c:\program files\Lx_cats
2009-09-10 18:21 . 2008-10-23 10:52 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 16:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 16:03 . 2008-10-23 10:38 -------- d-----w- c:\programdata\Microsoft Help
2009-09-10 01:13 . 2009-04-17 15:07 -------- d-----w- c:\users\Esther\AppData\Roaming\7600 Series
2009-09-05 01:02 . 2008-10-23 10:53 -------- d-----w- c:\program files\Java
2009-08-31 04:35 . 2009-05-19 19:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-28 19:06 . 2009-08-28 19:06 -------- d-----w- c:\program files\TBS
2009-08-11 13:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-11 13:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-11 13:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-11 13:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-11 13:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-11 13:36 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-11 04:03 . 2009-08-11 04:03 -------- d-----w- c:\programdata\PICTUREKA! MUSEUM MAYHEM
2009-08-11 04:02 . 2009-08-11 04:02 -------- d-----w- c:\users\Esther\AppData\Roaming\Pogo Games
2009-08-11 03:42 . 2009-08-11 03:42 -------- d-----w- c:\program files\Oberon Media
2009-07-31 14:54 . 2009-03-16 22:21 6648 ----a-w- c:\users\Esther\AppData\Local\d3d9caps.dat
2009-07-25 10:23 . 2009-03-15 03:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 21:58 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 21:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 21:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 21:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-11 21:48 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-11 21:48 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-11 21:48 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-11 21:48 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-11 21:48 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-03 17:43 . 2009-07-03 17:43 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-06-18 23:56 . 2009-03-15 03:36 106944 ----a-w- c:\users\Esther\AppData\Local\GDIPFONTCACHEV1.DAT
2008-10-23 10:05 . 2008-10-23 09:55 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-15 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"lxdwmon.exe"="c:\program files\Lexmark 7600 Series\lxdwmon.exe" [2008-09-10 676520]
"lxdwamon"="c:\program files\Lexmark 7600 Series\lxdwamon.exe" [2008-09-10 16040]
"Lexmark 7600 Series Fax Server"="c:\program files\Lexmark 7600 Series\fm3032.exe" [2008-09-10 311976]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-12-18 115560]
"LXCICATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll" [2006-11-21 106496]
"lxcimon.exe"="c:\program files\Lexmark 7300 Series\lxcimon.exe" [2007-05-11 205744]
"EzPrint"="c:\program files\Lexmark 7300 Series\ezprint.exe" [2007-05-11 103344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-17 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:thumbup2::01,9d,3d,2c,8d,1a,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6488101D-70EA-4629-8042-C5282E5D84F6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{83766235-776A-44E7-A9D3-8B63EA8C4A18}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3053D97C-241E-4AC5-9170-CB3FF8399023}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{495C679E-8D46-4F55-BBCB-52389B30CDDA}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{F19B639B-0B62-47B4-B407-D6EECBA2C7DC}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{7B8CADF9-D198-4978-83A3-FE50A2436998}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{1DC48742-C92E-4242-AE8F-47003DA94931}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C9DAA7FB-BC3F-4391-8C97-75BCFC072B4A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2D0A2E3E-6D75-4653-B7D6-A22EE22AB243}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{30865E18-43CA-4AAA-BCBC-AE361CAFA891}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{10E853D8-A373-4E61-B6F9-08F0FA853D7A}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{D265E8FE-570C-447D-8554-FD9C5D501F4B}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{168FCBD3-F1CB-4D98-9F5F-8C4B7F58EAC4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{10C484DE-6509-413F-BADE-16ED9FB964D2}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{952DC89B-C25D-4213-8D5E-C0FD0D9988BD}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C6BA76A8-02EA-48E6-8982-E7E92A5DAA3D}"= UDP:c:\windows\System32\lxdwcoms.exe:Lexmark Communications System
"{1396D006-1706-44E3-BCD3-B0C27CC95D2F}"= TCP:c:\windows\System32\lxdwcoms.exe:Lexmark Communications System
"{88877F1E-E9D0-419F-8118-B3DCD22C32EA}"= UDP:c:\program files\Lexmark 7600 Series\lxdwamon.exe:Lexmark Device Monitor
"{6D3C150B-3D04-4399-B032-2849D93B088B}"= TCP:c:\program files\Lexmark 7600 Series\lxdwamon.exe:Lexmark Device Monitor
"{113F8013-45B5-4311-BC9D-8AC131100F70}"= UDP:c:\program files\Lexmark 7600 Series\frun.exe:Lexmark Productivity Studio
"{D036791F-928B-4F2B-8BF6-B4375A95A93A}"= TCP:c:\program files\Lexmark 7600 Series\frun.exe:Lexmark Productivity Studio
"{4049B188-88C4-4E31-AD60-36383447494E}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{149DDB48-CD54-42C0-9C2C-FE3250ED30C6}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{8AC33363-600F-4066-8D73-0A165D444F49}"= UDP:c:\program files\Lexmark 7600 Series\lxdwfax.exe:Fax software
"{884737FB-6028-43DA-9B23-564EF4FA3494}"= TCP:c:\program files\Lexmark 7600 Series\lxdwfax.exe:Fax software
"TCP Query User{2121614B-2606-49E3-AC63-AFF72B19589D}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{4740A170-292D-4AAC-847A-78B9E1E34B3A}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{745C588E-4B95-435B-814C-57F98AB73AC1}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{488973F9-8B51-4AE4-94BF-47B427FD0C4B}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{D1B81781-ACBD-480C-ACEA-51E33BC5E781}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{DC78AAB5-7134-4893-BC8A-CE660F9B0CC2}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{845A010A-4E10-4875-B1ED-009C71BCE8B6}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{70E812AB-D5D7-4F5D-AECD-DDE89687C9A8}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"TCP Query User{3F857071-4333-4CFE-A5E3-0704432C9800}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{78A70072-1FEC-4FD7-AEEF-8E7357B6BB60}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{92A34E1D-C8AC-4A5F-9E80-A34C9B97F7FD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C2B51B4F-BD85-49D3-A558-036C331EF5B7}"= UDP:c:\windows\System32\lxcicoms.exe:Lexmark Communications System
"{3EBFBA20-976F-4593-8078-4859DC2F9019}"= TCP:c:\windows\System32\lxcicoms.exe:Lexmark Communications System
"{1C8F262D-6AAC-4AE5-BAA5-75DD2A841DCE}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxcipswx.exe:Printer Status Window
"{CCF0EF48-0518-4690-B076-DC0BC14D8D8E}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxcipswx.exe:Printer Status Window

R2 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe -service --> c:\windows\system32\lxdwcoms.exe -service [?]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [10/23/2008 5:56 AM 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [8/21/2009 12:54 AM 1153368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/14/2009 11:34 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 9:20 PM 102448]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [6/29/2008 9:52 AM 112128]
S2 gupdate1c9fc04c87b728e;Google Update Service (gupdate1c9fc04c87b728e);c:\program files\Google\Update\GoogleUpdate.exe [7/3/2009 12:36 PM 133104]
S2 lxdwCATSCustConnectService;lxdwCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdwserv.exe [5/16/2008 10:32 AM 98984]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [11/18/2008 6:17 PM 23888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [10/23/2008 4:55 AM 193840]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 17:36]

2009-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-03 17:36]

2009-09-15 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-09-15 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-09-15 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-09-15 c:\windows\Tasks\User_Feed_Synchronization-{AC12651E-E75C-4542-800F-E66D38DAF41D}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]

2009-09-15 c:\windows\Tasks\User_Feed_Synchronization-{F3D632C0-E5A6-4DF5-96CA-7B10E8CB924D}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Aim6 - (no file)
SafeBoot-Symantec Antvirus
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUNINST.EXE -fc:\program files\Adobe\Photoshop 7.0\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-14 19:43
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCICATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\System32\lxcicoms.exe
c:\windows\System32\lxdwcoms.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-09-15 19:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-15 00:47

Pre-Run: 243,179,573,248 bytes free
Post-Run: 242,751,016,960 bytes free

279 --- E O F --- 2009-09-14 16:19

#7 shelf life

shelf life

  • Malware Response Team
  • 2,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:06:16 AM

Posted 19 September 2009 - 10:00 AM

hi,

Sorry for delay, i stop looking for a response after so many days with out a reply.

we will get one more download that you can keep and use as a anti-malware solution:
Please download Malwarebytes to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Post the log in your reply.

NOTE: The free version must be updated manually.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users