Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirection, pop-ups and other strange behaviour


  • This topic is locked This topic is locked
13 replies to this topic

#1 sn0wman1

sn0wman1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 29 November 2009 - 06:59 AM

Hi people :(

I'm hoping that someone will be able to help me in tracking down the thing, which seems to be causing very strange behaviour with my PC.

IE 8 and Firefox are both prone to redirection when doing a Google search. If I cut n paste the intended link, the shortcut seem to be ok. But, if I click into a result, then I get pop-ups, typically to gambling sites but occassionally scareware.

I've been all over the PC with SAS, Malwarebytes, Windows Defender, AVG and F-Secure Blacklight. Everything appears clean. I'll then get a warning from AVG that malware has been detected. It doesn't give me the name of the software and is prone to blue screeening with irql_not_less_or_equal errors when trying to get more info.

I'm also getting music/speech which sound like they're radio excerpts or commercials. This can happen (and frequently does) when there are no browser windows open.

Some software now refuses to launch. I've run scans both in normal mode and safe mode.

I've run DDS and have attached the results. I've tried running RootRepeal but it gets stuck under the file section. I'm not sure if it's useful but I've attached the RootRepeal log with everything except files.

The spec of this PC is a 2.4 GHz Intel Quad-Core with 3 GB RAM with fully patched Vista Home Premium. I'm using an entirely wireless network and other PCs and devices seem to be fine.

I suspect that there's a rogue service running, but lack the expertise to find this by myself.

I suspect that AVG Internet Security (Version 9) on this machine may be in error. As although I see that all systems are go, I'm unable to get into the firewall configuration.

Thanks in advance for any help which you may be able to give me with this.

DDS.TXT follows:


DDS (Ver_09-11-24.02) - NTFSx86
Run by Paul at 1:52:04.26 on 28/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1274 [GMT 0:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\SAgent4.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Users\Paul\Downloads\AnyTrialControl.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_rice_6.17_windows_intelx86
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_6.07_windows_intelx86
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.06_windows_intelx86
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.06_windows_intelx86
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2c\RpcAgentSrv.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Paul\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [Power2GoExpress]
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [EPSON Stylus SX600FW(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatieke.exe /fu "c:\windows\temp\E_S48D6.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVDtray.exe"
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 1.1.4322; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729)" -"http://news.bbc.co.uk/sport1/hi/football/fa_cup/virtual_replay/6139130.stm?goalid=500440"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [JMB36X IDE Setup] "c:\windows\raidtool\xInsIDE.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [BugSoft AnyTrial] "c:\users\paul\downloads\AnyTrialControl.exe"
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
uPolicies-explorer: LegacyDrive = 39483a3a254fff9748790f017dc0c671abffe9ad4b614164241a897a59558aa1a66d8529e75fd119da80c57e256bd8039b3e07c2bb06785a79775c4241e0195c3a5fa9cec8513d0d540d273adb4fd2f6b274fde3e14e806c56fb8f3e1d2f9c58497b866ed0d00e8b9c3f8afbde02dd68a6c0a643b00db8658130caf7b32a708f8ef34a9bd7077c03ed215e0a114774750606a0f0daff96ad03d2a2914ead3a4405532a14fa8d7684ed2985f11c7c257f67facf53b2052c038b03d94a0cb3670103c1a74a5198240e9077f0abf9c7a4e684aca22750da9de546a95c5ff96cba8dd1fff25669a0ec19033500ecf46899cc911541078494005925271fb336dd813ad1b736939e0a4e5e4924eb0034329aa66961e486d2441f68ac768a6639809af0b5fd8e128cfb49facaa561b5d31f743954b2bbeda87929e1d3617b15fdceaa5de222ea2ef887063af56d008a9139f7cc8d3b4eeef4e10beca12b7de6015f22751afec73fcdf6f1c958197c8d1ece824dab077ea6f373b2e8daf4c625fa53b188dfa032dce81743859d2ab86293e4fb889c9a9e8a0b2b95e57e87a39cfb6e121f3f7aa7715260d58a5f7331fac36a26d06462eaba4426b06e55af204890e7043441b244cea52f14c8b63b6c8c46ed38b8234b0cd1567a6c2d13175a52110bec91b73750f03b080d68074b8b516043d61a49f99f3da5d483729d6990234194062172c85a95ffa381390ec66ac8bee3cdb20a172315f07bf5e9d3f5c25a7a1f55bb1c2b9dda1a639f13efa6cee1b9ed4ea3ea2e4da1417f964af87f63bf3ff27396eaab5dd767af244bf2970bf70c36abe3297c421fa99a4e0809675bc85b03191cf3bab15a642b59aeb2aaa926b4a9e12212d6bd9fa83589cbb98354847cb49a6dd7a01f416af91e67cf80a3c7207836ddba5bb90b41cd9334e4ce0f86e333fe974e57a4b40f0ed2752ada4f9544627c01621f382fc5f45902b112525d0a05c079c009810fb2518b8dac4c227339274dfdb9938a02b3c8c11c6cca7709b8eb445110918729e539589834bcbed85bd122ff2ad404de3ec6ed2a8a94a5d9379ca5cfaee36dcfbaf3ce5d3b34021846a14bcacb7fadf59678f4c57336f844973020cd3bc325c38a841982bdd5a79685b69c2ba9dea6c5f00a5c3241967fbc094a80a2dd7642ca604120b0683e32a25c409acc2fe07048ddb59c061adad2b075f82ec30efcf04b4b06d1edcd82972ba394e8e4bdba5c1aa3add5f866871314d72b83f1f8e258c8b042dd88c3540a1b00f555ebbc7dcaa5809f5e3cff9081f8314b6cf21348d5d74160dd0df77826bd89234730e91672e46fdc54dfdacb3d43923781232fe51e953fc39f0844d640d8fd735220e7b2e1cf022095ffd8b4d682bc0533bd50b905b949414f77f977c3e984ff58deceeb7812b6e6b2286640a1a265391b4a687babd16ce842b70196296ae9183ab2e100504cbfa1fcd5bd1a7aea158fe38ecebaa3ccd5a32e9d4fabef0b2ecf8197022b22d912ddbd6566ac6c26f6b949c3c79414893c1d026dca08bdfd147bad9655d976d6ffd8c254a1da408f0e7aec25bc6592466a6b8d6706d5d53bcdfa39dfb40de8540739363350f09d9c7a80027036e7a43ac09ee8cd85185efa917ed1fbc57c478985395ca36939958c3581f2130cfdc216e020bb492dca4a34e76e287bb0742e624fdc6a905e257213426df8a560d99f2e8e370d89c8e2428b25e628cb4209656b7a9b3a8a867adb2f3dab84bb42d6922688b32c0616bf29ed08332ef8d73617a5da5299e50c2525730f590f6371d5effe2e3547cd777867f4b2f98ec1c2a15285885a42a3aac7c9e6d493325518bbc6b9d028fed08b345d64fe92604eab8cb0deb38e9d7debe8c89031d01fa001a60fb8437cf40f67d6d5e7b4ae4eb5ddbccd82d6f40191e54f9042fcce093646bc19b40034014c8aa9e447babe10ac0c80da5f0796c070c8ba6687a7ee96d66010854c75ae580cce1be61da3c3c0639bbb6ece369cfcd16892b51686b02f7066878810c2f6eefdde4365be6b6bc459aab70182d59095af0cba94c5a3a9e9a1bd90d24dce658000bbc42ae892da602678819c1ae2ac1ae20906e91d97d642f5a726195cec24f39530c8f7f701b747eea76891425885e09caf94b9465bd66332146f86bf3ed4c8f7b64332d31a73cccb22cda6be004c268de5e8ab2bc65671f360eeb43f7aec19366adc49e5da50df91ccd4844cdc2458c7c59c946727ef6e9b881c3d6c989ede55b9e35656be00b944f2f3a34a635e49e33645b19896f0909702b08652362051e1ffab40a14d4feb228aa022402a0f238f846c10fde0aaa0b2d1e3143bc59b6de8da49dc72f3137ae10bda39adca761a245643a10b6c95dc8688af26ae3f409159bc8e9a9d11709413c071a9d0db6a1c976957d04c0c630eace145833ca8cf887f25c4a66cc5eb5a1f856115cf10338700272c1dfa46ecc979853a01a6bc9b0a46ea24ea7632d88ceb07f985271e954d41bf26803291023093553b37a8d4c4cc9e16d55511d5907cd131e485e6a5b2dfd23a2ef915fb8856f7a8cce481af078acd57ac007f3f36e394070e095b4dae11d1c0db073fd01e20877ada01e8931dcffc1d7138ccc95611e8baf03eb88cfcd30d950878fb6be412eba654a0ece707624a18cd4162f6046bb4cd533e3a839b67f8d82b4bd5ec34a5a9027c7197a08356099d46d18f690e308a6f559ad4384813b3fd12ab46745df523ea16bb3e9271f00c1d2ee6e98a1ac1b740d82cc95ae14aff42caf03281c511d2d56b7acd84b9bfb3f15875186d21a13a4fabe071e447582a93ef8862d6a32d6ffb93881fe71661a946414ce4e5b92bb75bc5f4d1efa8b59ab62dd569fc839cf7e54bf51354f073980c37939d151741eb62ca9db4b024fe81b124376d6ac8fb1a91da263bbfdcb9f6734ef9b406732e692596856182f1643dc9ccfb38d6e91bb025204ce18a471af32254af3789c6a7ad4d411fcba3780f79594fda600c4124649b00e46fdb5cba718d6682c2a58dd529154ba9bf607f0dcebb1982eb36773a8a40dbc2166e1ce442789ccc998479695da808168eaa7f7a490af1ad5342809cf64ccdae0c65b4a8591137cd1e5fb74aea6e6ad2b430098627ca6ec9173d0c8d2e0f8f5a0cebdc0b6da84246b336bbae40796f5a24587a86f811ef8909cf1d07b97e116823de5b89fed615b1c40b22c613b2b4c153a2115f99ae9619cb31fc5705eadae13c0bfb6b96228c926049c51b678a3c4485a8bc7cfa31a76a62a58c31e3dafcf3ab9f9a939aa072c03b898c2ff96fc027906bcb43c188a3734adf084515005c63b094b45cfd412fa72bce86e4e488e59566c8e4faef1b654bbabac0ccbf543eb132d663814d27cd6c4f165edec5909e5408175a6e076f9146469b910127075ea368075328ee800cd0c1e582ba576678b4156417521327d53d20d39bcef4069826dc0e2aadd2c771c5040481824324cce0ae969661cc9baaf7d84e4c235ce26e5f012c26baa66160c2af20d0a6a0b32b9cea929781042860bfbedaec74d346f1d1bdc8e5bfcd43b7c97ad11ebc36f98cec750f114ebf2441b1f798cb9dd55ab78943b6ec4e076ef5dca30d052c7978387533c61ba362516f05650d2a468d19bf9e7e949f49d9b20039180fdd08b8433e309eb6b97eb4b59b39c4d3c6fecee539e5984b00eabe7cc0eb34ef28ae373b8226847d88f2c7fb782756076b4f1f25e2b1df70a2d39539c23e37f20281a34a5e79d89ae3cf6680c2c123c9a32620953bacdcb521aa65b758dd82a9e7425d332dfebd96bb7056448bb99094e3168ab97c6d5df5e425a50a213b3ef197934bcf2b8c7d25a9d6914763881b0f1b6d83d2249f4d93c3589d77db04fa79ca9b525f8e2df23eed2cbe88585255eafd3b501953d3fa021f1c6054e7d0603ea847027acb9c0b8a560bd042609e4986c709665525d2a606ffb5e5d240467593e6d871cbfc9e4ee8c810b3c745908b76d34e58d73e2e69cae19d5690206b866e809b43904ed8db1ee1ab01101ff17044428bd1cddc57df8e195fc9084551d8718e2f51060a489da1fc67a78e534a869b73565c6e38887e1c38afd5f649d983a69c430bca7c07352a02c164cad6693a19b9909bb5e359aa8c99c6f4410235ead1372a9576994e85cc67b80b328f6ca773c521c4a5d348a352304996d6d3106e0849c8361d06e622c8f96ac2a662ec617bdae8af38f4e60b5d18074bfc5c12e24c7107a757866ad7f269df5ef2f0f7529d974ac15f6ac6acbe264653909b66b36c54964e5e7a6e2adff6411c04d6f546f5f212dfa1cf1832b0c316efeab95a788cb6f92145b5c1bae6cfb6492d5e2105466b32689166ea87a61a389f96df63f07412a7ce15c223f513acf21d186a99ce59e7a176601684b80fe4ce08e26a7c757468a8c545ef68c7daba5df3e5658e05f987518561d319655675f5ca7953c36eaf93a0422f5da257d9e2cafeca9d342e2dd891275473d75507e137771c73500047d9a2be34e545b9d393db5ef347c3dd13558fcf75cfc6b91c7359911c16c97afce54e5664fb663f565dd578598aeba3d8530534c5ec56258144e8eb0092ddaa2830fba57bad68f8f61db18939b4113ce794f16650e2ab844e1f932e6cb638464ed1ffe7754d7171d861be2ef6449b42f6d47e1f0eb97f4b3f49ae6440a8aa61b734701aaf20700b475ee655a7c367053966ba991549eac0bc3b99620afc97e066a3b39d3c3dd2bdadb73e2d85fd4095e36d64f06761454c9265eb889574b0a53eba62457702ecbe0f72326dbe763c4c63fa97c78fdcf8cc47a1232206670bfb021a3bccb0eb745c8afe981b1063c6b60d48c7e81b6da99369d7a90fbebcc956c2b4f0f4f151de1fd5b5b9b0f22c35e5a469bfbbfb12fb9fc8807146f8bf83da21dda3565b61c33351190c449719d2de3f00c83da77d70239412d6c285187edc41049b29b3e881f9f7953c5d1ab5df24fcae59c9139463b37d1fa96ee55dcea1a749b14035a0ef02b9f0a816fcf287118619fc2b066bccacf590cca17729e9d382626cfa41cb7c2dbb63e59db0f61783c3aa7257ded4bbc143d31004d73f9072feb4b4be3117db9aea4679795cfe6a9a61fc8742b4637648605ec6d778063b700986662e4d7d794e21a35aeeb9b0f615937ad8f4a95dfa6cebdfdbcfec94d1ebdc40a1d645b63c4da2ba1b2dcc1e8c41920182c611a0930732cc9e76749bb1fbec5f2a8c89d41cfe9d9df41b99f25cf418935f782000ce46a4ebe3c04dee2561797a8b50840fe43547b3764bdf9de6b6f3b0315718a931d65fc931f6e0e24bb7aa9d15ad14bed05e99a9e2ebe62586f33061c3b4cb349a73f9a9841effbb1c317f5d18d601be7d50d3ca139913f4174a0a3331bcbb4aa56dbc4dcda545cc61c75987c36b4f3f0c80838ab32fc9fbd3b7b5eb2e63b81072b98b51bcf5d1d95bb6f86bd6f660f5303fbf676a1cc4c54acefa7b5b41eff2353e9660fee2ebe4314fd5d29ea1504bb224cb12a4f9c4cf9ae1c5e264c1b4ab871a9d57901c7e3a8d6cfcba652455696b1b967132670d35a22102354b68a232faa93c938a1db008fd93236dcb6ff8f17af3fc776fbde13c0491eebbdb59f4ce71d76a8415f6095f9b5c2e2eb7ad877431a3c0c0a67202272ee9baf13bb99b93c414e6dda47be9753dd1c58460b375af710c0c49c6e33ec7517822747f9036655f0da4b007c1c4d93384e18d3084954093f9dd5eff9f6a7aa9eeda53dd4d063354e6812c630771a273c89e09b1efc9f006103f3f4af8adbdb54c36d5966ec39947a09b07606c338b2b4347c65864298ef2ff5936929b570fd3b5b5b72e05aa707026d680bc0dfeae88e9eba69fea584d213e0f55cb3f4e0e78eb6f7fe894c8b5c1d8d15bd3d4848ba0950ae41ccf93ddb1d2855886b9da7a01e5c3bb8aaa92399347d652d51cc871c2dc17e628c570dd804796ac8df0680745b1a9f9919daecea5ee5a308d494c90094257c79b2333fedee972cb1990b59c14911f592ba80a45a0daf92535b7cea5fbdd3ef765bd81bda0a24e2927c3ee066392a72f2bae3325bfd3600cff72a709cfeeb2b2bdad1bc3e36e77120fdd93c52264fdc2b645c76704e6877b046ba265d58acb9c609bc65f38ef72a6c5630658a2359bbe4316eb38db80bf582f7d492f4a81792fe5295845bf84cc9af293e2cf29abab870d1a4927000d49d90eb133d7209960e673600c20498facf7dfc182779e056ecb958307032763ea1401ea52214fe6eaf9304ddff3e06721389253966a852177276f40c6780815a20b11f16ece954030bc6f0237f70c80011872375bc38119ca7e79f52ac3bd339553d7c487cebb593f8150d3687f2cfbf8f39f7459b4f4edc61ad3f39bf810aae7036b6e647a7a1c03dadfa48a269dc942ce7122f0d566650733a4e41c7989589ab3fbdeb792fc3fa7cb7e740fba796abc4b3c02951a005cced9c3555ff2544eb56eaa2fa71679e3acabd807c74a6c3c97d136f9474a6fab61aa80204d4cae99149efc206a1a4d1cec79ca22a623830ed8e95953faf61b8ffd03ef62d4cbf48133bf250697fa800a8677687618824916b66c7af095228367d3b741ef32f2c40b33327eb104bc2ef86e020f7cac254f047db8c26278c7d89ba018cd4838b01f3cd8994567c1e39efa6ee9a8cc6bd572fd6a6754d994f1ddff1da70dc21b15c4cf98aaf17b10e61332d132c2a9225c31d37c064988a7eca97ada73ec6a24842a9c0c9ac188741a55d2c4e3157c4427405ac879e8c79327f69776c96f4c381af68d3a0791d35b06b0661aa96b88fa739c0bf02beacc7a66ede11c1948b91cc4868180a306eac68d512cd61cab4a350ee8987beb827b07e8e871f10c185140916fd35e8dc052c8d1a4d10a12123deb4630f1e551687fd8e1bdaefe9760b5bf22677ef50d415d5342f1a7a8eb4405c9126cf01e14a5c460531917a02c01488c290e5bee770704759ab301b85ff9ad781246d325f22fc0a4e2589c506194fa3fbc4dadc68226dd3f39e05b95094f7a32d1539d7e10653682d5ec65f4c586969b6045ed1c8518e8113987405ca4a410bb5c3e389ce75704327ad809c807845056772bb752342093c8ebec9aad90440170a239e1d3b0afdff9b71c100cc01f410a500dd670f4db827029ded1b7f5d519957b2aad5ecb755510ff42fb368314a70cb4a9ade3ad8025c75d999c60dd7c0916017c03782e3d31df6b74014ebaee9d9da8d41ad723f12df3e08ca4b75b0d8cfeca2d21a1f7a1112b93653b8a1e0cb60a0654158513fee9d302dd8888702c0ddffb24a0f1a3cef82b76171dfe6c2273d890e2f45460e7bdad7778cc7969e30894ef11ae815a445dfa19cea6a4c501a32dee8077f9f08686af6a8586f8f10dd98305ee1a4d43a1f61fdde43d5848a538ec34213eadc14d82caf0752f955723b7891a42678b16833f705f0002c0ed1f89fab992ba5c972f7d8313288f9a2a1574241fbb3221c33ab2e3f4876a1d641d393d9bf092fc40a3dd3394fa1af03f92c8c94fd005707e17f688b33e69b7cc41b9fd9b36f2442e833638544f6058df5c36e64d2041047b421517d7b66a46f881bf6870c04c225ceb39503a5b0da7fb0a6998599bf6776b9a9cdc7704f54a070a010e3f121b6a6dff2bf3e2b21e3800d093a495c6d7a6670b140e1095a5c5ba0def6d73119989129ff0c3e7d760685b90371cd3a8abcdd8981fe5754ca2c4e131b96d5e8f5e7f61194867f3c26dd557d3c66ced3b52be56265d77d9d102d8069cef68996068e6a004bf8e81e14be24b76f005ecbaf5c19369384d320247cdeb707519c5ea2ebfa418874b787719c6b4fe107c02027f023557f6787fb8570ce468e5bfee1a9e6ca30ecb06b47ed521f7385ab4178c80d81d8a688a65c4c2a9c6ab36146a4af15a76c9cdf7479dbd26fbfc6cf7349421a1187ce6199c6be9e403282229a141360ae5009c34979bfeb55dabe20e84df898afdf217cea6daf5b0cb43744de1ed3bb355c22fc2aa7c16072a4eece1c82d628ce2d4d445ce0a7baeb627e473a7d5a02ee4143d88808076a12cd7a7b24db683f152a309b64450b4db9e1ef36860e1d8705fe31436df2b23946395ffc49ec4a7ac8281747bb25601ef4610b9589b9f994c416d379b14ee0485a878ce2beb56894405174e11832ca493b5b3fffb548d866268b619ba69d69305a5134cc4e12ae2b343be3ab370efa1c108f12ff8c4db512f83afe390597fbe600952db8278ca693d61041c3e49c0c7e1b6c22dac9c77141c18dc9ca5609ccff4fa7879772dec3a1fb610d965bbbcdb8b05ef55246972fed687b888fe5fb70931d641df9533cc91c6121a2e9eb4f2ac54475d424e67141236e43a0b50c6470e0b8e444fd5bf3eff349df5281335d4d8599d2681c17d86a0e5ce979d9be2f6f285a56d90e4226a7eadd149afc4dfef4a871316c875556fa663321d083512bcadffc8a2236968643758599cb0cbabea3d02aa39abe6b3445ba54658f49d5d5b557bfc0dcda40a8e8fd35f2060041e2f9392458e379c82f7048fac4807c29b23c7d4af496fd50771a75939e85d2739e1c5367d0c9ed55e6bb729c261b3dcf80c0914e3d54ea25b46b77cd01bda6e309bb40c0b29f0ebf51666112db9e3a97bc228fb5fcb95359c6730c7e2e1211f9bb2f505ff86c10de22a2a192e35771f91eeea2c736a51a92bf5d8dd72b321b4188797bff534ff7b23c34fd66a24c4effc172f1e634d8f34b7cbe504149044224b7728edead85f08c415882fa7ac40c7dc52c03705b351af5da8b20041b0beb2f09e4a508f8f4d076f1f436f93ddd3a96dfbafaae94abbd6ac6672d19e2e8692a678c7b9b402462205abbabaa2e32391b32b60ad31d212d62eaa5ad3ff2277300ccc40b808641994810d20b6b6dda779a89ce78174c9f2e9dfdeea9d33d571044aeb60e3e8a4bc7e4d0fe5ff0b4b111c164af9f51ad5d23b11d17f9714edc0054a718a3f10ff7ed34bae94645d62f50a5602bdffcfcbff9a15eb09828b4bea1b49ac324509f5f94644cb23049863e1786d947b5fd8314e33bf9510593f7f5c9c4a206ada95731dfdb1cde8442d77b51944aaf50e83d8f1ca8381386e6e7b591c6e95f8ba667b21f3e1dadb7f47c401a557554dfed197b67b73a3fca9270981347b725aaa5184a682d8061e5dbb45ee8b98b6c3d1b3dc26ac6aec6c084beeb09eabaa296fc30378aad3cb7ebe65efc325d5ee1480119070e99ed42685dc2a37588ae2015e8ce51fd7eca38be2204c054d8b43b9ac45cf1ca81f14179ae2436758d80d434fa08e5d40d3d74673b2143ad50fb37eeb6ef6daa60bf6958770e7a008469d12386c4fd4a5469c9e7e58cb22f9135786f3eeab18d6b92a3ec02e72abe2cae2d925da59b314d94191f6f9cd6a3a00bd7e451955ecf1765bc3f609fd0ccbbc8aae4a55c434605633d00921c0a07c607e31a2a4cb42cd4c98caa7a9053b685f31094d0f50664533fe50ed49d2cebe33377785de77331422194638e96dd08aeb9465fbca9aa679c972dfca25b45adf9a7bd058d60d82492ebe853f91115e7eba21ce8da93feff553dd804599aa7e5977fff4dc7e7a130c84e885bd9a69ffa13ece16c6d24653604d3a89ecc9317566c6bc88490c636d53037c6ac1c93b38797adf65e2af2df7f9441e52a25fd55c3badd3de77ef6e2d6ab67f0be06a5cc8f39106acdd4ea3990a282eed710d6da6259723c9278d87047f9aadf6928ba9e55f966f196dacad1a76ad95e5d3a1dde19c4b0b141101ef9738ba7147c8698cbe468a9b816efad47bd40b12abcbd8d71986d6910e7dac1c84124589dc75231ecfc5f69da7786df2c9affc4c27e89ebe02fdacedb179d6d11c38da457d1b616064002302fef252ad969c36975c0414fd667655b9f4bde417f899d8e5d66e53c9683aaad745c9c663432cca143a67f53a0b6aca62dae1436f27b791544b1b3c14063163a09dfa969a37d646ffec48790920fac2540f01713fa86107959fd4ed6dbec7654e7ba6c097d059d11e470ea318543a6739e8dab01b43ffe3e40a89e82399d53326fc9ad0af85d7d3b76f4c154be981d33fc117f669cda0980c89b3c39701407c90f22200cb2cf34ddf3a24e4da454dce3436c1dd021b66346cccc40961ce5baa89773abe7c53cdce31c7f7e004b9f460322dde1115e5ce3edbeaf462e4ae5191c6fbd40a932ac40c5e955decfb4ebe630712032c2878aecf966e4bb7dbe6538bd6cd52bb063d455905f3462b53036bfe55caeb3d9e2582c2ef6ce017eb76729cf1e5e73775a01d9f5ccc33c8dd933fc2d8253fde6afd5214be6629a1263db8f46af831cb5fe7329abcba3d2c2a446a8c9a7e5826dbcf692a6c8b2f318fb921239e199358a29765e5fd22d8faba39edeb91eb69fd0ab99bd18d73e3db0f4e7115f0364ff52466a29c92352d50b933162c9974ed16d12ceaf2057c7615828cedfd25daa33f78d225c01f9ec128733f48946cddde128bc45b4334592f4dc6d371b63f88311b599c0e76ba6d049c6b2e86098bd1cde0452b6f2eff53336fd44b245345e2e4c22bd8431df04410c7ff332fe47992ec602a4e8f33bbb931e42930cebd4c75fa9a9d9e7499a2cc6b6a49ceca635ec675e3992374e4dbd054d0b5abca962a399afcb698b7378eb5acb92abe3a4a01db435a9319e696ada6ecb9e94463a574f888b21402eb466912cda5ca72b9cd0b541ec3f857f2edcc32a6499388db4122b21a8d63bfc556edb94d97d82aa6c9cfdff8bf66ec98cfaef03632079b57ad366d0671b8c0c7405508cdd2f75a6d77bd2bd1fd4c5af1d465cf71bf70bd28a2ef092b26fc581ef2f3a5ddfa46ad08f61ffebf124751aae746193daacc5c3aa34fc277e1f6eb00
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - hxxp://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {73EE7656-200E-44B0-BB16-1C98C32DEECF} = 208.67.222.222,208.67.220.220
TCP: {A724F681-C879-4F0E-B950-6043A9A13612} = 208.67.222.222,208.67.220.220
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 7 c - A 0 4 D - 4 5 B D 6 8 3 8 5 1 A 9 : 1 3 0 . 6 7 6 . 1 1 2 7 7 4 M S G : a C I Z s H v / H C u 6 r U T G 8 8 n l D P K b U x S 7 y k q p / G N A v o V G k l i 0 t x S W F I 0 0 =

================= FIREFOX ===================
FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\wd319ilr.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
============= SERVICES / DRIVERS ===============
R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSvx.sys [2009-11-3 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-3 161800]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2009-11-3 24856]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-17 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-3 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 74480]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/28 15:50:34];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-3 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2009-11-10 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-11-3 5832712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-4-15 47640]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional business xii.sp2c\RpcAgentSrv.exe [2008-8-8 98488]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-17 239648]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-3-18 92008]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-2-18 604488]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSDriver.sys [2009-11-3 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSFilter.sys [2009-11-3 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSShim.sys [2009-11-3 27800]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-11-12 468480]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S2 AnyTrial;BugSoft AnyTrial;c:\windows\anytrial.exe --> c:\windows\AnyTrial.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-7 21504]
S3 FXDrv32;FXDrv32;c:\program files\foxconn\fox liveupdate\FXDrv32.sys [2008-8-8 23872]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-2-28 13224]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-2-28 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-2-28 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-2-28 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-2-28 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-2-28 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-2-28 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-2-28 117672]
S4 NFService;Fastream IQ Web/FTP Server;c:\progra~1\fastre~1\IQWebFTPServerEngine.exe [2008-2-22 3180544]
=============== Created Last 30 ================
2009-11-27 18:16:53 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-27 07:37:12 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 07:35:02 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 07:35:02 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 06:35:31 0 d-sh--w- C:\found.000
2009-11-15 01:55:16 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-15 01:54:58 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-15 01:54:51 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-15 01:54:51 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-14 16:27:46 0 d-----w- c:\users\paul\appdata\roaming\AVG9
2009-11-13 19:06:15 0 d-----w- c:\program files\Machinarium
2009-11-13 18:44:32 0 d-----w- C:\df3a42ce538ada2e07f55cf70b2d8690
2009-11-13 18:20:51 0 d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-11 22:05:44 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 22:05:39 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 19:17:47 20 ----a-w- c:\windows\system32\SYSTEM
2009-11-08 15:05:57 0 d-----w- c:\program files\iPod
2009-11-03 18:47:37 0 d--h--w- C:\$AVG
2009-11-03 18:47:20 25608 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2009-11-03 18:47:19 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-03 18:47:19 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-03 18:46:25 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-11-03 18:46:20 0 d-----w- c:\programdata\avg9
2009-11-03 05:28:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-01 11:06:19 0 d-----w- c:\program files\ESET
2009-10-30 07:38:51 0 d-----w- c:\program files\Windows Portable Devices
2009-10-30 07:38:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-10-30 07:38:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-30 07:36:47 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
==================== Find3M ====================
2009-11-24 13:21:46 71910 ----a-w- c:\programdata\nvModes.dat
2009-11-13 18:48:44 35 ----a-w- c:\users\paul\appdata\roaming\SetValue.bat
2009-11-13 18:48:43 691 ----a-w- c:\users\paul\appdata\roaming\GetValue.vbs
2009-11-13 18:48:42 3700 ----a-w- c:\windows\system32\tmp.reg
2009-11-13 18:28:17 86016 ----a-w- c:\windows\inf\infpub.dat
2009-11-13 18:28:17 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-13 18:28:16 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-03 18:47:26 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-03 18:47:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-30 07:38:38 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-27 11:29:55 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-10-08 21:08:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08:01 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07:59 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-01 18:12:03 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-10-01 18:12:03 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 18:12:03 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-01 09:29:14 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-27 23:12:22 7614056 ----a-w- c:\windows\system32\nvd3dum.dll
2009-09-27 23:12:22 490088 ----a-w- c:\windows\system32\nvuninst.exe
2009-09-27 23:12:22 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 23:12:22 3310184 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-09-27 23:12:22 2169448 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 23:12:22 1997416 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 23:12:22 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 23:12:22 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-27 23:12:22 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 23:12:22 11197032 ----a-w- c:\windows\system32\nvoglv32.dll
2009-09-27 23:12:22 1074280 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 17:47:30 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 17:47:00 92776 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 17:47:00 805480 ----a-w- c:\windows\system32\nvsvc.dll
2009-09-27 17:47:00 4033128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 17:47:00 3553896 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 17:47:00 3172968 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 17:47:00 215656 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-27 17:47:00 195176 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 17:47:00 1309288 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-27 17:47:00 1292904 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 17:46:00 4942440 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 17:46:00 13949544 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-16 02:51:38 16384 ----a-w- c:\windows\system32\msdrve.dll
2009-09-16 02:51:37 10816 ----a-w- c:\windows\vmoptver.dll
2009-09-11 18:49:16 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-09-11 18:49:09 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59:26 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58:28 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-10 10:21:44 8520 ----a-w- c:\windows\system32\ractrlkeyhook.dll
2009-09-10 02:01:02 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-09-10 02:00:54 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-09-10 02:00:36 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-09-07 18:12:06 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-09-07 18:12:06 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2008-04-07 14:13:59 174 --sha-w- c:\program files\desktop.ini
2007-08-18 15:28:57 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2008-01-12 13:46:20 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2007-12-05 08:52:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007120520071206\index.dat
2007-12-06 08:52:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007120620071207\index.dat
2008-01-12 13:46:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008011220080113\index.dat
2007-12-06 08:52:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\internet explorer\userdata\index.dat
2007-03-07 12:54:46 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 1:54:18.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:20 PM

Posted 10 December 2009 - 03:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Shannon

#3 sn0wman1

sn0wman1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 11 December 2009 - 08:30 PM

Hi Shannon,

Please see below (and in the attached) for the Output from DDS. The situation is pretty much the same as when I first posted. The only thing which I also notice is that IE will give the options as though the browser had had a dirty shutdown (go to homepage or resume last session) when the browser is started.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Paul at 1:17:44.94 on 12/12/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.1740 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\SAgent4.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Users\Paul\Downloads\AnyTrialControl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2c\RpcAgentSrv.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Spotify\spotify.exe
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_6.07_windows_intelx86
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.03_windows_intelx86
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_6.07_windows_intelx86
C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.06_windows_intelx86
C:\Users\Paul\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - Google Toolbar Notifier BHO
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [Power2GoExpress]
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [EPSON Stylus SX600FW(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatieke.exe /fu "c:\windows\temp\E_S48D6.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVDtray.exe"
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 1.1.4322; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30729)" -"http://news.bbc.co.uk/sport1/hi/football/fa_cup/virtual_replay/6139130.stm?goalid=500440"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [JMB36X IDE Setup] "c:\windows\raidtool\xInsIDE.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [BugSoft AnyTrial] "c:\users\paul\downloads\AnyTrialControl.exe"
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
StartupFolder: c:\users\paul\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
uPolicies-explorer: LegacyDrive = dfbab64a6a2590a7ccd05e1632c54d20d2eef01b7488e24632d5ac167c11e9ca5ea8a74506a6111d816f4bf0c5b09ef7f495d5dddf3de7d1c96ad6d96e7ed66a44a3b23601496c465dd52348f019973a2a40fdb7e8ad07e9a2cdfb4ef1a65ab37b19129dc564f5e849ea6aaec937636ae23f8f5ee4e6d032e1c6efdd042c8ec824635f31993694ce4fb097b41826fa764777b1917a937f08b7d73aae4bbb06035d8eacf1365b7f0d667f36c2fce0ee46a68072cc1a51bbfcb44cb3a060bd3ea0bae17b3074b24748f80204544fc7982d42b6b849bf13662e7dc7b82de3b3dc4c27445984b347af972dccffa2b675752b999110cf8e49659cffad50d2bd9e44e6f1ebdfcd55bac276a42a9f994e3693af71dcb741057ff166568b1187b8571966764fdb5f0b52caed95590a6f865ac92d9d6bd29896142b5fcb1b5e2f6286d7d963c39b60970e430703e8a267afc5a8beab05868a54251357d4376fd5e88fe62de6c01795fec65522c0854ddede72e91b34917507059f008088900629a33c4bbdbff6550aa31b9c4fc32c54a29986f7e587cd297f7030eabb82ef0f6a531af3d0309b6abeb176f6fb91503ee8bd2ebb64ab80b5eeed5e6e0906119ce57cd51d3b2edde779e8983e1f3533296975c05f262e2f541d08a81693b5b4f720bdcc5d235561c5b4847008da8457ddfe6be6a0a00aba524916c6e0c18533a8813b6a396be66f5ab927704e34f29d57a6373b7991c2f480215f724460432c972ca9a77ff15fb600a5dea911f3b231b2a807159a72611c86e88e2dd2cbd8b5468c7e49320e668cbdac0c547a7ebe083cd80b4c2c1479e1189276c60efc91a42acfea68ac17e7324d79296ed39777bf40e4f0992618e63fd95184c2734f60f3d77ffdd44e14944c6e59141f4046671ca151f798e986711ccbdac85b7cbd7d6718ee1f2441930dfc098983d412f9d53ff32cf5f2dea03b78805bfb6627297fde532d1f3bc18a510b5fcb84d0322c14498ffe1cf38e4d8bcebcc17b6410c2be0821dfb95c95717515dd7bf3031fd5c04b748acaf7547e72b24e54e2ccfd8ea18537f66487873d28d0b4dee37d2285562564565edd0c2cb87b6d980139a6d6d651dbff3acac67f38916fcac9cb374bf76a1b9d43fe37fe45ce89019228f882e2f595df73902065a8d9ce09f684495900b7f9b201d5ea82b26b948ef0cd56ccebfab6384168619e22d627590332516197b93685fb6009f43073f502cf7c6c29f866bc4e8ce2e3469c0aa4992144da86ed6a0d47e128439561a5186f05651118916d2efb5f28a9be22bc8c7715c9f6c6c0435a64c7cc202a6e2b48265cfa51ee9f9e5934f17c859b3a6aa3c955640ebe1781d2648e2511678677a646521607abc90770f78ef23e22948f98c2e25b5569c4948f1a342352c3a1e62e05a1d8c151ef9bb5fb9fbdf19bfa3a11b389431493703e557afd0ebdfe819436ae5f7663f5621f8e415407e265cc34da3c4700f9907a1ebc3ae7d8cc8aaf9a79e9a7ecb464bcad5c7b8c3df22b643f88d07b23a27113303aaaa11908e92ed200ddfda11b2c6e785a652282083560fc40ddb846b0e3e63a9c08f8bc267bb392cc4c34763223d36a22324c4cd16821aaf764e83ad7b2b9cf3f4cbf87f7baeae29808add44e81b2b22cbbcc52c3d42c6ef2fad94aff315a97e750b596f34d9e818cbbe82650913fd5652d197c0e99ea117c0c9730e6b42e06dcb2d46dd8e966fe5816eee572a5e93302be81031255a808d0efa10c34b3c39de3c37a0354cd8e7431dca88b007512f702dfbe705bc28af074f3c21f9e8fe60ff847ae2992fa4c68d289f1c417e792f29d6fa3ec4aa07bc608c53276b8b5a1a6ec0b0d58307088284004c3d1780023f38b9a17147829a8e4ba8a51c5bfc2128a9ce5c07fff369faa658f32518d0452bc2cc37e3ce23e726c6d8dfbb71c0d09a21b874e062c7e2c665b3f3b8078ec699c763cde4d6f702701e78994d655b8deafdf160d8766959906c236d0524f7d7728a822b42bb20a2b7cdd75688aa6797d2c60afeced352cc7a668b3155395dc28781fda480dc10f98940bd49bd1c0b24831a726bbb1dda12bfc6fd31cd32829d6b2a89515b1b68d02a8d756629620820e4448b7a32501b37a81898ddbd27c3e6d6eec5ff167b33430b008b9ea3281511db1fc389dcd100172019e1b1e56daf521d7f412c344f8600d0bf3c6197358fc8b1ba29f60a33a85e7a99a4d0cf7b33bdcfa8c4346762d641f79bb38698de4c8d5327da4868c6a34bf1858bf49e12424f777c07ea772f0cc6873634e8664e9ed5e02e0d77099ef6ab60ff753342447f7d1f8101165ce189d130fb2f5d992ed3b651a0cf62b213600b4d46f9f395ec7f27069d18fa695e2576a0efd4cf8597a029586269d23fca4c8f5d66da6eb7e160cde7dd1ed3e913716f900451b9f2da491c4692d7da60bac0d10c3e4867f2bd47e829f394b674f54bb1392ed05327d980091b5e53793c781c06d1b2441f6a2692185a87fa8d35107c1af806cfff4f873dfb9c1134dc7ce866950dca08add9d60838916c4266d46e2075b083582cf3a3500221f2a750102412d1e1de0c925b837f984f29517bc018c08ad2673967f7e40eb83a572a3b929addb973fa48b05b53b16ac28ed2070776ca03b778836fde952bef1a981252127157b2c1b394a47756e278293e6864cb72ed23ab810bebe04f8b8d5d0951559b4e4824a761ba6c5964d998f8e9c48f258a91ac83150d4d59d93b95aabd3f6e67a463e70fca5b2a3fa25037958a9da0b9b3678a7a8a79924cea29f7207caec757b369014d44622248d7be5f50b6923657a1d448f9a27252a52a10db0476ee2bfaec09dbf5eddfbc52a2275b76d4873b1e6e6bda8c737324e081ebc3501678336385061147848965d23f6be91c87dff86f8e9ff870b565f36ccee4c9775c87b151bbc336cd7870f5db41fffa6cb449131ac586f8c007028996dab3387bac2300034e172a450b6bbb791c74616ac080b70eaad3eb2cf3d19c3f9e8db724a1abd11ac4a5014f3c62ad30bbdc2d2f77d3d73230a9f74e3bfe4ba1c384c4d416ef6a38224b02140830edfc301b9ac2f870a52b4d2d81a06198e930df18090dd6e7f70e88caaa272cd8867462354afdaa80f982e8a0bfd380226622dfcee2bac2c92dcff4748e69e73edc0f4fceb3a6648600f920d7db9d4c12b890f53f5f6aa182235d808210b1d2a2be00d4d231457f9c19603a5efb2f82a732ae6c178cf89918865b48491dfc2277fce0d3ba19189b6a279550bba2a90ab25456eccd5448b6964a47f8a4c4ab2c55a20710560ff428a2ad17531b4f7fcf69ae87cb7d01ba43a9327be72a0298495fea36734f3f233e7db7b111efdfb1c9edf71a57e0ad31e7e0dff369ac5f446dfdb42ec7e8dbff51fb27c8177f8f8611d7193c4994e4513bee98f193a09b2676c6220f7755c300f92161568a9faa9119021b1e68df70a8dc30fd72b17c8c94155d29d23cf44e7ab47e90f2e10db99af6f54a95347c0c615f617debb7a698a09d8ba9434be11b69967cca5afbf364e3bc85c60c33c1c0a44737eb706278847d672b7cc4e3c0a05526335e2e181bee2521b61e1de1cb2315f8204ed57588a8a34e4bcafd321fc47426f7ad4ca8a55062db9028c2c47f22a4c376f0cda34c75a2dc7ad0c2bcddc00af0e27fd4968b3cbca657b7504512d442d5acb7d8296a489dd4883538a5f26f2573ff288eac4e46a5884cb81f255b5ef620fa7f6f89391163e0d8076d2751685755c37e15fe50678d51210edfee741c63df3f631a215dae1b8a30427de8b7883df81ed60d14fd4ff3e6c95b282cf1c4a740594d24982727eb435b6de525e6d5746a47bd4206297b904439718080eee28ddc373f3b2e6634e551bf8aa0e9cf35e7903068dfb9642381a12829fac4762bf48c0521afaa6eab63be27d682082f152d15eceab3dfb94be0caf5236d50674989265dd1151ed36722ba285797acd0152479e245d021603ec327624dbe2fb0fec80ee138ae15e4f719f08de59648645ca65c30d322cb2b0349b40ba442e86287180441481118b944346b9df21b1aab1f5932df11d9fb591d20151b6b59fdf1aab9f7caeebfc293e83556e26ea06e950da29e46d93103f7381836d936358bf6cac43e57e2af0b1e1e54f1f374a2f93df890f616b3b31925548efe5ed08521596a8e15a32d0b732db82d961d445c637bf844fff111031a822c1adc07447ecce29c6d42c0781e769349422993de525f05d589390fd42bc9e77207a9b1f8a58f28462facdf351b92d3d748d3aba5230d78e12807a2bea253b17db752af09c94e6a8add3e06c268b8c2cd7e38a62e103afa3515512b6a5f1b5a68c586715ee66e8d32c824fafa918a98e8949e3bab9e1e97c2f8910ec733db1085e01170421d09ce18ad60e4183de587adb0e5ee9d44ad22888af1643c39bb86488133d4f9e92c3f7374e36e7c8bcc7e018569ac4979cbfb2f2596473e42749154f3573d58b482542fe000ca0ed5dba8b918155dc6eb891d1e0b5db67f71ed70b84f14c0d72744bdfc65d29bf02576d9f9f0de5a87013a52eca7b4ce4e9a3894c8f50de72ee01a4dac87d50b7d5aff45d65b308f946316b80e8eaa5e5bf906f8fe9db750a11d95afd9385fd5ce19ce7fbde25ac74b2286e136d72554847b267d888614c983da3a5752f6e9eb816edc78809271fb139dc72a3dfafe6be738ad0cd1f3fccd0736b0cfe5aa0f00a4dc3d7a6c6b23545f82ae626bde8c3958ed00f72543cca82a31432b7fc6572a27a6929755afd0f16ba55dc72a1ef661440c509f678c74b979b88c04d77382cdd91d2e849ae9687e998bab8bd1e5d6e025dbc3f033ea80a324037dd77b078bb16c8d5f0c8faa97960d7658e8870a4ef4bb46c1c7a42b0c74f7c198a51dd05d6778cd02b9031538fe207ab3912323c8d4354f54d825bd50d629caee7e326297199500aec0a95b5be57a295f1221faced1fa00780b61ff5b5608abb87b85dfbe974c23d0a99fccfd6ef05cfc0b37686bf8da8f796c119b859a911012d6385034fc73b7b589c2f86bf0b35b79f53e167babfa44cbed5374dbec8d13d95275224e762524c317c5b6b6376f83081166a26f7e79ddb2e815a425c0abe57a0fdeb014e2afd3c87fe40770e05a03b56ad610ee04d1097c366b9038c285aa6493898e6e1b0b155a79967b21d2e73e9a15eed9e61c7f4fe1e36f5583f86298c74b95fbf9947fb54ddb63f18236bc9bda8c05d8ae757e550baadb6a0c1f2153b0718facae32913d01ddf0cdc526e0e039aa5868d6735fc27efb05032f95077f551a98d91208c2f010b5d48586572df4aa3bd34ee10ab0cc2c14b49f0ccb3bdd0b59f40ad295c00ccefe519aa1b4b6686855a961f797982bfb0d2bd787fb36dae4f345adad54d1b457c62fc7b8b66a4a9c991b8f2a1329a3f25a38cd7537c182f9707af0392f490a51a4eeb9582ae47531baf2171faa1d6ecfc82c2bc0829aaaa94c557626b8684c9ad9afb91175bfa0af884c7db3bb430f4314d34bd971ff03087ac7176a0e86bbf593d2e7194d2d586760dc12f775646beb51fa3c28e2138746de8f352e4910c09fcd3f298c93c84b341bd85654d694afa217ab61cc9e695683c054e333357efcf2a5a75ceb755dcd148109dfbc5e774a6711c6655117103ea51f7e91a6321891de91c2eaa15633a220f8eb30b976affc1eb4fec68ebaef3257beabe8e2969e75f0fea95036efb19dfe1ce60099e22019303306213d7f0a7ee818186d778cc5792fb646bfe02b19f52744e31a79aafd2b7d407fce48b69857b662d753bc19514115bb048264e7f1e1b4557a793e98605def39c39c5656a9d6f233c455cf24fccc8ece5bb28833badbec3bab16ad771efc3cfc38f66a05dd68e6d6b92e6050cb99bac034db41eaf82a6d13d23237b1c3234d4b1ce879d4d5a0ae15cdcb8c47bdea3b3d81c2d94fe9347ffcd35767a85d1967f89cfc1cf6320730a0775eb7d5cafd43bf897246f2bd045f040097216ff7764cc76832fe7fac066b6681f86dbb066925995defaedae4cc1a295b123dfa0f0f8e5452436df776a137e388bc3777a80eb2635365877b88ef1063ca8ea85bf613b5e101a519a26bb0302b5f8c78403d326d8f8636d6275d3a65be7adc62c1c59281a55e03a289cb2f67639583895761eb2ffefcaa48585cf865207cb491f9b5ee0a7603dff5b518223566c46d2931472245eb5d28208a66caedf530f035d9b2efea077effe1add80488ae4aa4e2b28a8312b7039c0845e8ef4533487dc64e9f434bcfba89465e1933d6ffae6aa35c47867e14e692633f005107d39eb59f3296e1721a03b54bd173c629f8ebd6e0ec5ce583dafe8c21524d36835d6c6af3886d080db367878568d24a096e12eb01f6198f0234c363435b463bfa382f36205bb68e4160269a6c35d6f87823cc206e5b7a4a66f17cc97a6981692696d780584053870828d5c0fc2b662b9cdb83208e7c19651bae4a457573e47a31464fd4df8549d5c3d6bdf3af97c1e64fd205d66fe4e8907f22cfdc1bd244b740d393a5a839c0b3e137a01e9ad191fde1d2334473041152e18ec2af011802cef4593952c88ed84d845ba57fa5373c04136df7d44bbe5e9c42ef2cf31ce9b7c707e8418dcbd80368bd8f9a9d25e92990bd50cd795ab666e1d6f497a1c41a23ea188917051e282d7ac61991891f454cdde05236cd83000fcf7a85ae498f33370ee4674354493e03c92c347634e40fcff84b788c6291ca0edacee558dcfbc8b4bb5e8ac383cab9df68c59f21cf0e75edce5aa6de371617581b776c90ac7c181317cbb0e9762ffa003f8f0f5c98fa98c01331965388c590865023dc81f242a490d4b27409d7a367af989e42036831f39cf4c4870538789185ab6696dbda39d1d07ff2107264a884266f290cf61a1bffaf5af6e9954249ca8993be760ec0d4fca0407e2d3e99a989eff347c1e40700ce3c989e3349815955f94f0db4dcd76f05906f53a6270612d1fb94a6cb3450c3282bb46f142c48d3955950f61da56995f4df22bb950f924e4d1b478900d7af9ddf97ed6cce1eb61f34f3315762ea3d7322f3b7c3b6cbe8c894b0545eea698e34b297f1f04fb56f6b1a0a0ab171e5d0f565edf0063d6d9c530b965b9274c7e388cbf892fa0d686ac0b2ef445db2cf1acca33a284bf1ad57398dde5792792de807a9fe234602bcc1428d212c9ac9df0b78e31c3d3c246b2b44d5b94ec4ca80e983755fc369d67e913b7d605c4d5275263a7e6b8887310d1b6c3d69d3abb9e7756a94b479fdebefaa4bc9c2fd011523392a35730ba0cb1a126c9bb099f8d25e5fedb3cdf93d36c44c74c03b8ff243729c4d4c26b012148aea04ded85098a0beadb4d5594839fbe79b1c38f920819b7de1a4262a99385cd0eb47258bb04c5dcf4428c40da9d8d47ee27e2acd188e6714def5574994eae43d9c7dc31e56116aae54b0004c397942315d2906acc489e2efb8e914332c49b645318c0d4a18b8a461af8fffa0752d02ad12dd3a41680b3b8fca9e654c6b1e06ea5d287a2d036e61dd60225b93393b9692207d8d8b39800304d1da4d8d255e88795e00f048ee56ddd6286715c8870e3b7aab169874eca507bb506894e030af2f6a1acd71fe009b9d7dfd14e8baee6c832b3265ac84d84f9feb85e6030310a56975ab29533c0df63a13c5a60a09974bccc924d28e3831e09821f1dce2f65a2809cd0879a2acfd41cad749cdb6f70221b773f405f0ba00a807348aefd00d79e924d0bf20cc534075b65e86de9c3f7002ae650a15474da07571255e03193da6d6f68f0af61af0bd7c04952fe9432a5165512df21510f58a04de6ae4f6f3ac60f5c2b0d249d2b04a0470dfb1fdb5f1cb56bfaac25fed78e54362509fd3098bccaa5ac032dd26e29b878e3d0e8b4081831bc880b40162475830958f6eb523c55f117a817d7219b513045debaa223e404eb13f56d225d8b913fa8fd82deb65a1a404e98909379ee4a73f07ef2ddb0d637cc52a3fa47da60fbd1cb1a6bf06991548fc130c495e9422dbd89620ca19a33c9176e52dec1f1893ce02e46ea69154bf05b7ba6734f62e421517b82cfeee9a4618e4809eb04ee3f1564957013c415684cf7277699eee685c792af503711022490c9d9e7b1673859e950069a6b3f1becfc309abbef7e81da53487e106b1804d35ec79f53309b85bbf1b36db335a5a429c3655d51926948e7eaf10a67c3052e1d7f7824889570cf119abe0742c3583cd7a60a5c174068f7653c07a11272ed9975af45a73eb4574b0781b8132cd3be4dddeb37de71915b72fd59fed626250aa133eb2d1a66f8b8cf568df547a1d4e94e1fdd80b4b3134b51203bc73f6f4be2469080bb9843abaabf39cb80d377e110f0fc00eee7a3a476344b441031342bb388ac83a8eeecb3910f3deba9c45efc4d8c2a6ec6bc3a76cc1beb3943bb3bef6b9fb93f653997db2675a6a712f8821ecdaa0af24e7214f335405e325e51c766b6aebf8f4df7fcd9ad5e6ec26af6767ffb2e539cc898dce484f07580bd593c62b2fbe983e5646883adf0554ed51b2a06492fe14d7006b7fc0f6430186a895b01ab0757ed88d216952196612e274d1d9b4310cce1b62d56db3c7b0a2f37eae080095e01e6c2be899bfb478bf6012795559e3747f6f7b568fee1357185a230076f20445fed54d95047fb04adda8fabd15c75eb7b6878b6dc3676c1efa9599d09904923b1252016b1da1f046d56df6d74ba8a2755284a01b48602a79dd97f3dc617cb6370fdb133c109ca6dc33207cf8f38f543b57d4057de1676edb0220e34f25aa9d7f1ea9774227f9d4f08a2f6485844970a5c9ab786952b8f9fa4265f276afab10b6f21e1ca803cb3dd2c9c652a3012c12846e35496be6d1a58814b5378ff771e6c68b149971f2568116b4824ab7003d62e5f1354e4e9af0b5af96c4f63a25fee6056810bbf5a572ac276d28782f173ac33bcb442eca9eea4281b70d1c228fa6a94173ea50f63625faa77b40235b69aac6abec78ec6eeb59196254f4055cdede2351986e6fc8a218511b88da2d74f52f53958e76886ba26c18000fc82af5c650dfcf4ec980c7a3d7e10870e6978145603954187840b2d15297b0c32e15f7adc49350e1adadf3383614a33ffb04e95d294d5a9d607406107a6066245659e5b5681a0962bb627cc64b2793e15caea01f6cbedfd9acad6cdca9985ababc1ef09fcd1f596baa593abf0e85ae6cfd820140149f6553bed5a7a12d2aeb20f2ce96605558d61a212d83445183fd90fcf18963d559724b5c6fb11debb0963b5b210ba7e1eeb314877f9ef8a73fb4a9926821b375cf6b8b42fdd2258d95a7f05c6f4ca19ed99c99261e33f75239963703b7992be0735414bd2bb3519a8b9f6e2696181ff1d693d88875730bdfde8fb73a4763de3f4e5181a32c6e79d1af6e05740c7de47f75463757212dd2a29a828607e015578a19faa2bb132e9c32469d58b6808f384ca3a8e599829fd9582cd2814460149b78ddcf05c0f3ed14a0efea9a278a25328a04079f2d241f540d99013047544a1a20a7f45f496961391e5725f4f0836d0060321b697c6b69e2d5f1b23c36dc007e7d84082bdbf8cd946b24633e2226ba81415359cea861e404b4d8deba46de3015ba089993a53c13ab7f2dc43cc65ad8a03da3f44d0c6c3252426ccc73f0bbf50c655844f15bf82e8d61ccb31d3df93db08e1e715fd5f9bad534285799ca4e8f56fb68f332dbc08ecde5e4ce7d8ef59bba6e0b07671c95a9022fd291ec76240483880d5fdfad736e563760a98ffc9da0d33b3d05520dcbe89ca4d61017a3ae7c6601eb04a7d0d5257c046df467008cd6a71c9a8c7eaeadf936eef6874945acba24ab773a7827f0762293ef75259f15511cfb2e71f9f977ae126d779ea412ebe78bc83a7420ec86d714323b1ec394b58d80f34995fdbee54b19bcaa6a7496ec0ba72050de2095420e6848db79b334e46b8c61998e61006b8160ab412171b85d668970b9d4b85bd4f1aa5ef44deb101a91ee4d626f5b987bd67f559f6f5e7ed396fefb77b0a3db11cb2d9db5110a2eeb83e31392c25efe2c8c5f07972bd68360eb17882f1ee48b99951562f9b640e71dccb9acd04dffb143098599ee7b0978f50052b59a23f2d82dbb4ada7b5884ac2d61900a8479a42f2d527fd496ca117ab7a1bff2f7bb0b7e01fe10e604e87c47f690cf00cd3db9febb015be68ec863acb7fd7652df0059c8a1811261629fa60d5eee8176655aa361f2a62a15f257f602027ec00ccfbc1873652f6d5c67842f4a373dad158b5369aa606cd776fd61f75d2d2f9c298b5f520cf614094b42ea05ed782b52e79a17e9539c720baef74e34ed9087ec2f58f94b7adde7eb6b9df4b214229cf056943d43682358bab94ebe278f4bbea3c52de03a73319f239a29d344c232c9154e97ef36649e379f76d29c8e64dc0a1bddb1cb9347e5bc5f7c228d4aa4edfe12916f2a914d28bba8bae73cdf73643325589c67858467fbb7e437d22676d89a2420d58669c4a047575efbd8f996fbc572d2679b789e21e8145a23b52979ebbbcdc8717a4740fc9e8d3ac0445d599a279521e5ea4f31243f444a39e64810a43ce76d61fbb72da6c082efc49ea5f29bddcdeecf9dc063fddd65da0be61776867a918595dac997667aa8d174ed6a33ce252ce223d5aa4144cbf04848a98fc5a0f34ea8cca53e1efda0b954e4c4432dbb710ec931c7442471b65e731168b72d88845573398ed1611ed5db2b8c5b265cd414f92740325fbb7fb32342c7e4857d29910fa3da44e5ef31a67e915a720d74283a82cb8ffc4d9edbc5dbb8f3ce54ab0b43579054ed976944d1c3023ab1d16f0012522a2a83717801ee907e1ab7317e3440600
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {73EE7656-200E-44B0-BB16-1C98C32DEECF} = 208.67.222.222,208.67.220.220
TCP: {A724F681-C879-4F0E-B950-6043A9A13612} = 208.67.222.222,208.67.220.220
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 7 c - A 0 4 D - 4 5 B D 6 8 3 8 5 1 A 9 : 1 3 0 . 6 7 6 . 1 1 2 7 7 4 M S G : a C I Z s H v / H C u 6 r U T G 8 8 n l D P K b U x S 7 y k q p / G N A v o V G k l i 0 t x S W F I 0 0 =


================= FIREFOX ===================

FF - ProfilePath - c:\users\paul\appdata\roaming\mozilla\firefox\profiles\wd319ilr.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSvx.sys [2009-11-3 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-11-3 161800]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2009-11-3 24856]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-17 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-17 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-3 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 74480]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/28 15:50:34];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-3 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2009-11-10 2303680]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-11-3 5832712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-4-15 47640]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional business xii.sp2c\RpcAgentSrv.exe [2008-8-8 98488]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-8-17 239648]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-3-18 92008]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSDriver.sys [2009-11-3 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSFilter.sys [2009-11-3 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSShim.sys [2009-11-3 27800]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-11-12 468480]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S2 AnyTrial;BugSoft AnyTrial;c:\windows\anytrial.exe --> c:\windows\AnyTrial.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-7 21504]
S3 FXDrv32;FXDrv32;c:\program files\foxconn\fox liveupdate\FXDrv32.sys [2008-8-8 23872]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-2-28 13224]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-2-28 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-2-28 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-2-28 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-2-28 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-2-28 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-2-28 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-2-28 117672]
S4 NFService;Fastream IQ Web/FTP Server;c:\progra~1\fastre~1\IQWebFTPServerEngine.exe [2008-2-22 3180544]

=============== Created Last 30 ================

2009-12-05 02:11:45 314567140 ----a-w- c:\windows\MEMORY.DMP
2009-11-27 18:16:53 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-27 07:37:12 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 07:35:02 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 07:35:02 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 06:35:31 0 d-sh--w- C:\found.000
2009-11-15 01:55:16 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-15 01:54:58 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-15 01:54:51 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-15 01:54:51 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-14 16:27:46 0 d-----w- c:\users\paul\appdata\roaming\AVG9
2009-11-13 19:06:15 0 d-----w- c:\program files\Machinarium
2009-11-13 18:44:32 0 d-----w- C:\df3a42ce538ada2e07f55cf70b2d8690
2009-11-13 18:20:51 0 d-----w- c:\program files\Microsoft Office Outlook Connector

==================== Find3M ====================

2009-12-03 16:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-24 13:21:46 71910 ----a-w- c:\programdata\nvModes.dat
2009-11-13 18:48:44 35 ----a-w- c:\users\paul\appdata\roaming\SetValue.bat
2009-11-13 18:48:43 691 ----a-w- c:\users\paul\appdata\roaming\GetValue.vbs
2009-11-13 18:48:42 3700 ----a-w- c:\windows\system32\tmp.reg
2009-11-13 18:28:17 86016 ----a-w- c:\windows\inf\infpub.dat
2009-11-13 18:28:17 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-13 18:28:16 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-10 09:31:38 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-03 18:47:26 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-03 18:47:20 25608 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2009-11-03 18:47:20 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-03 18:47:19 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-03 18:46:25 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 07:38:38 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-30 07:38:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-10-30 07:38:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-27 11:29:55 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-10-26 21:21:40 16384 ----a-w- c:\windows\system32\msdrve.dll
2009-10-26 21:21:40 10816 ----a-w- c:\windows\vmoptver.dll
2009-10-08 21:08:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08:01 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07:59 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-01 18:12:03 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-10-01 18:12:03 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 18:12:03 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-27 23:12:22 7614056 ----a-w- c:\windows\system32\nvd3dum.dll
2009-09-27 23:12:22 490088 ----a-w- c:\windows\system32\nvuninst.exe
2009-09-27 23:12:22 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 23:12:22 3310184 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-09-27 23:12:22 2169448 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 23:12:22 1997416 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 23:12:22 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 23:12:22 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-27 23:12:22 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 23:12:22 11197032 ----a-w- c:\windows\system32\nvoglv32.dll
2009-09-27 23:12:22 1074280 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 17:47:30 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 17:47:00 92776 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 17:47:00 805480 ----a-w- c:\windows\system32\nvsvc.dll
2009-09-27 17:47:00 4033128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 17:47:00 3553896 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 17:47:00 3172968 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 17:47:00 215656 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-27 17:47:00 195176 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 17:47:00 1309288 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-27 17:47:00 1292904 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 17:46:00 4942440 ----a-w- c:\windows\system32\nvdisps.dll
2009-09-27 17:46:00 13949544 ----a-w- c:\windows\system32\nvcpl.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2008-04-07 14:13:59 174 --sha-w- c:\program files\desktop.ini
2007-08-18 15:28:57 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2008-01-12 13:46:20 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2007-12-05 08:52:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007120520071206\index.dat
2007-12-06 08:52:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012007120620071207\index.dat
2008-01-12 13:46:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008011220080113\index.dat
2007-12-06 08:52:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\internet explorer\userdata\index.dat
2007-03-07 12:54:46 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 1:19:12.64 ===============

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:20 AM

Posted 13 December 2009 - 11:20 AM

Hello, sn0wman1
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 sn0wman1

sn0wman1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 13 December 2009 - 06:43 PM

Hi Tom,

Thanks for taking the time to try and sort this for me.

GMER is causing me problems. Whether I start it under 'normal start-up' or 'safemode' the program will announce that it has stopped responding and needs to be closed. If I then try to run it a second time, the PC will BSOD with a stop error.

The event viewer gives the following: Faulting application em4ryu29.exe, version 1.0.15.15252, time stamp 0x4b07cc3d, faulting module em4ryu29.exe, version 1.0.15.15252, time stamp 0x4b07cc3d, exception code 0xc0000005, fault offset 0x0000c4b1, process id 0x780, application start time 0x01ca7c4678445ed5.

(em4ryu29.exe is the random name for GMER's executable)

I couldn't see anywhere to disable AVG in safemode and all services seemed to be stopped, in case that was the root of the issue.

Regards,

Paul.

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:20 AM

Posted 14 December 2009 - 02:03 PM

Hi,

Please try this one:


RootRepeal - Rootkit Detector


Download RootRepeal.zip and unzip it to your Desktop.

  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Clickthe Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program

Edited by schrauber, 14 December 2009 - 02:04 PM.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 sn0wman1

sn0wman1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 16 December 2009 - 07:12 AM

I've tried running rootrepeal and it seems to get hung-up on the "files" section (both in normal and safemode). I left it running for over 12 hours (in safemode) but nothing seemed to be happening and there was no sign of disk activity. When I closed the program, there was an error regarding unable to write 0x000000.
If I don't select files then a report can be produced. Is there any useful purpose in supplying this?

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:20 AM

Posted 16 December 2009 - 12:38 PM

Hi,



Please go here and have a look how you can disable your security software.

Please download ComboFix from here
.
* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 sn0wman1

sn0wman1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 17 December 2009 - 01:47 PM

Combofix is currently running on my problem Vista PC. After it had completed about stage_5 my display changed so that I'm getting a sold background which is changing every couple of seconds to white, red, green, blue, black and then back to white and the cycle continues.

I can see from the disk activity light that something is happening.

It's been like this for 20 mins. Is this normal combofix behaviour??

I'm currently seeing no text whatsoever.

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:20 AM

Posted 17 December 2009 - 02:45 PM

Combofix can take some time, but the thing with the colors is not normal. Is the tool still running?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 sn0wman1

sn0wman1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 17 December 2009 - 05:08 PM

There's not much in the way of disk activity now. I'm still getting the same flashing through of background colours.

#12 sn0wman1

sn0wman1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 17 December 2009 - 05:26 PM

I decided that it was time to forcibly reboot and the screen flashing continued even after the PC was powered off. I seem to have rebooted in a normal(ish) way. The only thing which is currently a bit iritating is the built-in 4-in-1 card reader is connecting and disconnecting every few seconds. I took a look at the root of the C drive and have a combifix.txt which I'll paste below. Many thanks for your help so far with this Tom :(

ComboFix 09-12-16.02 - Paul 17/12/2009 18:04:48.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.2308 [GMT 0:00]
Running from: c:\users\Paul\Desktop\KittyFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-198244247-3521470940-2816255112-500
c:\$recycle.bin\S-1-5-21-2139252429-1018222934-1169608220-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\users\Paul\AppData\Roaming\inst.exe
c:\windows\rascntrl.dll
c:\windows\system32\msdrve.dll
c:\windows\system32\svcprmpt.dll
c:\windows\system32\tmp.reg
c:\windows\vmoptver.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-17 to 2009-12-17 )))))))))))))))))))))))))))))))
.

2009-12-17 18:16 . 2009-12-17 18:20 -------- d-----w- c:\users\Paul\AppData\Local\temp
2009-12-17 18:16 . 2009-12-17 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-17 18:16 . 2009-12-17 18:16 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
2009-12-10 14:09 . 2009-12-04 12:06 305944 ----a-w- c:\programdata\avg9\update\backup\avgaspmx.dll
2009-12-10 14:06 . 2009-11-20 09:58 844056 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2009-12-10 14:06 . 2009-11-20 09:58 1658136 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2009-11-29 01:18 . 2009-11-29 01:18 680 ----a-w- c:\users\Paul\AppData\Local\d3d9caps.dat
2009-11-27 07:37 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 07:35 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 07:35 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-24 06:35 . 2009-11-24 06:35 -------- d-----w- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 18:00 . 2007-08-20 17:19 -------- d-----w- c:\programdata\NVIDIA
2009-12-17 17:57 . 2007-08-19 17:57 -------- d-----w- c:\users\Paul\AppData\Roaming\uTorrent
2009-12-17 17:57 . 2008-12-14 01:35 -------- d-----w- c:\programdata\BOINC
2009-12-14 20:08 . 2009-04-13 09:48 117760 ----a-w- c:\users\Paul\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-12 02:09 . 2009-09-28 13:45 -------- d-----w- c:\program files\loader
2009-12-11 10:25 . 2009-09-23 16:07 -------- d-----w- c:\program files\AutoPogo1
2009-12-09 19:32 . 2009-01-18 12:50 -------- d-----w- c:\users\Paul\AppData\Roaming\Spotify
2009-12-09 00:53 . 2009-04-18 12:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-08 23:05 . 2009-10-10 20:03 4844296 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-06 18:28 . 2007-08-18 14:54 -------- d-----w- c:\program files\DigiGuide TV Guide
2009-12-03 16:14 . 2009-04-18 12:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-04-18 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 03:08 . 2007-08-19 17:57 -------- d-----w- c:\program files\uTorrent
2009-11-28 10:47 . 2009-01-09 23:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-27 22:59 . 2009-09-22 15:19 -------- d-----w- c:\program files\Hog Heaven Buddy Pogo
2009-11-27 21:48 . 2007-08-18 15:02 -------- d-----w- c:\program files\Google
2009-11-24 13:21 . 2009-09-16 00:17 71910 ----a-w- c:\programdata\nvModes.dat
2009-11-24 02:09 . 2008-04-15 18:07 -------- d-----w- c:\program files\LogMeIn
2009-11-21 20:05 . 2007-08-18 21:50 -------- d-----w- c:\program files\Won
2009-11-20 09:59 . 2009-11-13 08:45 3963160 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-11-15 13:49 . 2008-02-26 18:27 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-14 16:27 . 2009-11-14 16:27 -------- d-----w- c:\users\Paul\AppData\Roaming\AVG9
2009-11-13 19:06 . 2009-11-13 19:06 -------- d-----w- c:\program files\Machinarium
2009-11-13 18:48 . 2009-04-13 10:12 35 ----a-w- c:\users\Paul\AppData\Roaming\SetValue.bat
2009-11-13 18:48 . 2009-04-13 10:12 35 ----a-w- c:\users\Paul\AppData\Roaming\SetValue.bat
2009-11-13 18:48 . 2009-04-13 10:12 691 ----a-w- c:\users\Paul\AppData\Roaming\GetValue.vbs
2009-11-13 18:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-11-13 18:33 . 2007-09-02 08:29 -------- d-----w- c:\programdata\Microsoft Help
2009-11-13 18:20 . 2009-11-13 18:20 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-11-13 18:20 . 2008-03-14 19:02 -------- d-----w- c:\program files\Windows Live
2009-11-13 18:16 . 2009-04-14 17:47 -------- d-----w- c:\program files\Microsoft
2009-11-10 09:31 . 2009-11-03 18:47 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-08 15:06 . 2007-11-09 07:32 -------- d-----w- c:\program files\iTunes
2009-11-08 15:05 . 2009-11-08 15:05 -------- d-----w- c:\program files\iPod
2009-11-08 15:05 . 2007-09-07 09:08 -------- d-----w- c:\program files\Common Files\Apple
2009-11-08 15:02 . 2009-11-08 15:02 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-03 18:52 . 2009-11-03 18:46 -------- d-----w- c:\programdata\avg9
2009-11-03 18:47 . 2008-09-17 20:58 -------- d-----w- c:\programdata\avg8
2009-11-03 18:47 . 2008-09-17 20:58 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-03 18:47 . 2008-09-17 20:58 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-03 18:47 . 2009-11-03 18:47 25608 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2009-11-03 18:47 . 2009-02-01 09:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-03 18:47 . 2009-11-03 18:47 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-03 18:46 . 2009-11-03 18:46 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-11-03 18:46 . 2008-09-17 20:58 -------- d-----w- c:\program files\AVG
2009-11-02 20:42 . 2009-10-03 01:02 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 11:06 . 2009-11-01 11:06 -------- d-----w- c:\program files\ESET
2009-10-31 22:12 . 2009-09-28 14:06 -------- d-----w- c:\users\Paul\AppData\Roaming\AweSEM
2009-10-30 07:38 . 2009-10-30 07:38 -------- d-----w- c:\program files\Windows Portable Devices
2009-10-30 07:38 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-30 07:38 . 2009-10-30 07:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-10-30 07:38 . 2009-10-30 07:38 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-27 17:35 . 2009-02-25 10:11 -------- d-----w- c:\program files\Replay Music 3
2009-10-27 11:29 . 2009-02-25 10:13 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-10-27 11:12 . 2009-10-27 11:12 -------- d-----w- c:\program files\Trend Micro
2009-10-08 21:08 . 2009-10-30 07:36 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-10-30 07:36 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-10-30 07:36 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-01 18:12 . 2008-04-15 18:08 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-01 18:12 . 2008-04-15 18:08 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 18:12 . 2008-04-15 18:08 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-10-01 01:02 . 2009-10-30 07:36 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-10-30 07:36 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-10-30 07:36 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-10-30 07:36 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-10-30 07:36 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-10-30 07:36 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-10-30 07:36 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-10-30 07:36 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-10-30 07:36 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-10-30 07:36 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-10-30 07:36 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-10-30 07:36 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-10-30 07:36 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-10-30 07:36 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-10-30 07:36 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-10-30 07:36 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-27 23:12 . 2009-09-27 23:12 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2009-09-27 23:12 . 2009-09-27 23:12 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 23:12 . 2009-09-27 23:12 3310184 ----a-w- c:\windows\system32\nvwgf2um.dll
2009-09-27 23:12 . 2009-09-27 23:12 2169448 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 23:12 . 2009-09-27 23:12 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 23:12 . 2009-09-27 23:12 170600 ----a-w- c:\windows\system32\nvcod167.dll
2009-09-27 23:12 . 2009-09-27 23:12 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 23:12 . 2009-09-27 23:12 11197032 ----a-w- c:\windows\system32\nvoglv32.dll
2009-09-27 23:12 . 2008-10-07 12:33 1997416 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 23:12 . 2007-09-12 05:28 490088 ----a-w- c:\windows\system32\nvuninst.exe
2009-09-27 23:12 . 2007-04-26 15:17 7614056 ----a-w- c:\windows\system32\nvd3dum.dll
2009-09-27 23:12 . 2007-04-26 15:17 1074280 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 17:47 . 2009-09-27 17:47 2173544 ----a-w- c:\windows\system32\nvcplui.exe
2009-09-27 17:47 . 2009-09-27 17:47 92776 ----a-w- c:\windows\system32\nvmctray.dll
2009-09-27 17:47 . 2009-09-27 17:47 805480 ----a-w- c:\windows\system32\nvsvc.dll
2009-09-27 17:47 . 2009-09-27 17:47 4033128 ----a-w- c:\windows\system32\nvvitvs.dll
2009-09-27 17:47 . 2009-09-27 17:47 3553896 ----a-w- c:\windows\system32\nvgames.dll
2009-09-27 17:47 . 2009-09-27 17:47 3172968 ----a-w- c:\windows\system32\nvwss.dll
2009-09-27 17:47 . 2009-09-27 17:47 215656 ----a-w- c:\windows\system32\nvvsvc.exe
2009-09-27 17:47 . 2009-09-27 17:47 195176 ----a-w- c:\windows\system32\nvmccss.dll
2009-09-27 17:47 . 2009-09-27 17:47 1309288 ----a-w- c:\windows\system32\nvsvs.dll
2009-09-27 17:47 . 2009-09-27 17:47 1292904 ----a-w- c:\windows\system32\nvmobls.dll
2009-09-27 17:46 . 2009-09-27 17:46 4942440 ----a-w- c:\windows\system32\nvdisps.dll
2009-05-09 00:03 . 2008-05-04 07:45 84 --sha-w- c:\windows\S4C9547BA.tmp
2007-03-07 12:54 . 2007-03-07 12:54 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-09 289584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-28 2001648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-07-21 2157504]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-25 4608]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150600.exe" [2009-06-05 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"BugSoft AnyTrial"="c:\users\Paul\Downloads\AnyTrialControl.exe" [2008-05-31 170302]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-06-10 4182784]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-10 2033432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]

c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-10-4 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LegacyDrive"= 168dd71e448e70c158a47afbddba84356b9c7fa72964676f8f3425e1712bb51f399184e973551cb690ba0203e34ddfebf01adff8e61f57396a01aa9496fe6d5e4223c92982bf21dd6f17f50adb2b5b077d1fd9bc128771c4c83149fd1b81c1958eb9aa6f8777b2c95f7f231bbabbce42148041dd9d1341f8476c74e71d3a5d75d6268d3faa5c185a6448473cb99d8cd9d89cbb0c42937639dcd2a4e93042c7b8555f1236fe3a38d81d1351e91fafd97f14f0faad0fa80efad0af5f12a03432bc7d50050c77e114da5a9522728d45758d3a852381af798cb405e92856ff98835034d285777145ecf7065911434b4e227ba095be9d9db45a168c1fb2841d1419c05bc40d1cdfb30ee94461b03dda2af0f29f6bc4f26be6f5b26a6831fdcfa85cf3c7732851ac06e5f37cbb9a9689e954e37205beeda9510df26b36268f1ad5830c237b8a4cac4632721b96b0f6d9bf52f85500abd54bb9f0f946d8a2f463956dcf595f50a0b616ff5c6b7a86ed8be42e845033a4315f0a58b04d39248661782e4ddf9c5b0f4df682354ceb1085a6365f45a0ddf23af96dac0dc2873ff3709be68d30f4570d7af5f39be9a241f74a619a5ff20226b355fe06d7d5fcd359d89a48541d693b945039d2fadc98f32200ed95fc4425c9b5586f99827e92b5de9ce7e40449be04efeaf64c851accd50f50f159edbbdf3a88716cc687c9a0b94605c4038435bbcc5b5795b676c362627ec74435d58ec85c8746770d7e81a7c210f5dc977f2edfbcca682555fd0bbd454627cf22b11c838a379a1eb6f7cd6e51c3d1698ade6c116804fc9a5dabaecf1f89f1b2b3562b63cad3aa43510bdd5844d9c4f3c3aaa59167840100d6ae47c6c39534c6b61eab68f533399dfb71d11607285ab4c46a6a412862525d9de75abb5f514d8d258c393c036a705d8f3ed2e043a64f8b22a8a7a79e0174fabab96bf56cfbdf2d4524860f531ac580d047df95a4d366bf3056a5e841bbebf4be9e7402dbb13aef905f0f1c4aafe972e06a7da3c8800fb28ba888b57647c9d993933fa8d7f8b7879dba748353dd7f4d74423f82b6124930845f79e396ae09422c60df42e350071aae3ca07c4194a5851973154ebcd451be4203c5a21451cafff40ccba63eafa70a6d55574fe074d1a3dec72cd1d98c0413eff02028b6c852a739819f933e5aa02f9acbd02814e85a2780a557cff15f45f5f34033b936057969e304a6a3306dbaba32d0965bf3dfb071c5750b45d6d867ea043bb4d8f288cdd75b5c631fa65237bdbb848d38164fdd751957cbd8a7f8cb59aceeea5cc584c72c63b649a05a1c753a7071f09e07a2bf49fc25527fce8cc185035a5511c7154affd79dd3459dbb5f299cfd1bb10fc2b85ccd916e0f70af4152b6f083bc27cd9aacf9b7f9033a30ab976e09070daf999cc17eb204b3640635d3288f577c462ed33e9d92ade0685b13a56f7f36cf7eed58621771262a64d849ff6f543848952150be38692672b5661c1296c6326808531fdd238fd3a0daf82d114e8fce3af0934b6ba3e748cbc20a98ed6549a5a4e03413198d4ea01acc084fb547f1c5067b27f34d7311f543d7503aaf26f2e63440e9746d27bca03b067d845e73fb0143a4f138601db91e3937ba6d9489def84f898f11bf4379429aac923d15345816499a5ab0db04fa75dc4f714beea414c3a94cd5933dc50c46581578324a5e80ab66b3bf76ac2ac080a63206d09027cb50bbbb241a5733196731a01dbe436a057320213527721bb692a65f8980e6c13b1a484fba6745ec67136c3b6c6e57bf50b7df40c89b8c70d1f94fcefbe874cb08fbd22bb5c345afd8965ef1abd48f588f68d64e8b1622acf2a27ce3bc314562f4b57ac118be373fc3937a6e89822a2d237458d7ccc4c4baea52a3cbf1d39f97856b207dde7dca1b71c14606cd9846bec39dc3e1c97d899ea008a9f66d3588fffdc551736e459984c1018a838d8396ebf3b60ba1d34be77a405cedfe3250f86c7bfe90fdfd15bb6d19bb15b86a742321b446e579171aaa9e896628428209cceef9764f4690158a958e0ce68b6d0768e8f1e9b953d414fe6ffe5f05e24ac629ac8d5f77b7d4900eafee80cc132bcb278d627a587f3932bfdea0ab83439f64793f529647ef3166c9d1955eb3d6781e78b97d4f6b8ebf30d9249e8e562672c8c6be2e44842e20e5780b998c8fe4fcdf68241449503aab4171f758d04637984d52c3206b12767276309fafdaf9a7ace511f447ce660cfcf562feb36c65fddcb7724fbef2d028650c6ef54cba8786440e1482adfa14772ba9d31402586c9ac2678d8d29b07aaf4517552ed9629c1d024bf3211ad4246ddddb64f0caeed7cccc60570b1a9d718d5cbab1450f5120a52a8b950a57027e052e6bba2e5c201eb6e565f09e53ea2dbeacf31e0ca1b62c1b0804f5e28d2ca0bfa41d6dbbc1ca9010ccd33fe8cf610a68f2516bedaa969e962dd8b2022961e05bb53a1d938891ebeaed695e74c0e646d97749c0c8ddc8764c97fceeeaf29469e9e04b0cf13c173dd856a450b8ab006345f498865d63631fe1295d8dc43b370c61564dd91240d896fe5165ef3233857ef3e6c7ec53d107e35a035138ff68647912f1c5a3eaa727326306e994850bdfde608e55be3ad251b0ed5b19758afff5c14240363487d9778c6e972319586a3771d1bc4a64b801ca33a09088fc77b1777965f7a0b0eaf7d0ba507d5a09dcb078c4a79925cba3ae09f9d23d4aa6b60ea5710843bd3cac84b377e559f6a2c6d75d0de97f73e362631166f68a337c8996046bd6a43be16374aa37b3ca14f6bd1440ab9b9d4c4b978a20429a0851f0115e59f5ed4b5018a7f510df8122985c0eaaae49f42cc857f1012dc41c6e582c6e1e9da180cf0efd964ba077dd9a8a75f176eea1a2ffbb3ff8b0d2be7492688dfb99afab2fabcaa892b74d6c9dd3836908a7071c702d7dedabb47f57592bda48bb9cfbcbc8f7a4e47e11e3bb77ec45fdbc394780dd1b0d26422e5703bcc8b0c25f7fe84494ebc58b6aacf6d72dc2af480e3aae1c6111f6192dac6d1e1f0fd37b9c21486060ba0f9565fd916c06e8a5f564290e7009344508cb9279bef37cd5a39fa8014a6563eb7d39e0c72f91d054b2c632622abe6d9142c89cca5b1dc729558f939db18e9cb608e3d1ba5625c00c46e8fefdb132c9e4612eec711a25e33edba940a761144ddced31f3344738dac50300d231037072c23d36febabebc8ee4ef586d6f18c3c0fcfb22cd68f6a14f292211600b7760cc002fadc1c81e50cc12431a04e49dde853c3f3021f7a76c51f34cfa727176d12ebd523a381046d73cb582e3156bd8bb410bcd9e936af0b128816a469ccbd7955d7eef546b019fd95bf4c0c9d3f4cbc8b8e073cdf48d887877bb1ba57b48e3410da4df5cc9853d80e5dc7b427007cc16dc48bd68bb7618e8c6f2082523dd7f5de888d593db2cb1e37bdc2d13f445b7356a306230c57ab5e3e7a6b59211c5c368d2f6121821295fc5a928dc1f64d76dd06bba16160db9b4b11e20ecff91ea6266493f2bf22d3b843f7bf1c49a5eb08f63c2844db56700da4934d13b7f98cf1922406accb9a9df9a04e800e07ce4285786b71696ed57fcd88f75d20057a5f0da6bc0dca4a68661cd4888e1fcec45eb54bb9410f6e042f3c83bfba0755a6e1fb5a5ac48cfd8d1d89b5cb7e7c54dfc07cf3095c158ae0cbe755947a445a4713a823338cd555639d26fd0b8cc55dc9571fb727b0895c65b15aa1119386a95845341db8cebac40afd14cafb50138b09dca98a2d72f70aa44b48db97b1a7fb64f7cff853609cef49524159784154c17d1fe5bcd4810ff9032fe70cb1cb241d2da3f8776ca183dd65d7fe779d440769a489e6cc3ed8e409d972304077e4a45653eb7333bf2221f01faa1a88f19299d47681c6744a218b9ba417c0a92962848541883cb4afdc387e207698755a10a96862a553f2d9152f93422e89b619fa2163693b26216e337b9a8a6bb0480360092fd87d7fc106db822b678e8e3bebb4b751ab37dd366dd16051c1b7ea1075a0292fa722818c14d4010584c3c765be6c228be927eecbee8bdb51703382278292d4834aeb5b13a1551a44779c6a75a2b2b9c43689d4007527f01cf14277b463f36dfaaa979d5d0630d1267ebc72d80a3d2ae4e829a682b0ae90adc7a50f01644c93f41c19a307b247dace0acfd1a091e2374d27352a161ce70ff64b1463eec996f2a7594e5db6fbd65ac4698f3e53449b466a557a38d91b0865a08ed20d10fd8a9a0aa2b7b023a9b0ee30915264524484be269637a13e0201af04e0131b908d9d874068fecd8381f076a1defe1afe6910ecde0e68060ab37b9727af9274bc5d3a6e6efb047a12512503889a984f49024a420a84735bd1f3e84764031e8d6bf1847b956d1db01b16f368a88d5845f0a84112e82b20af9359cda880f891dca3b6d7ec23bf490d47343f8dae3aecb6b571e5b5dddb650887cb6facd239fe557e097ae21521016b961a555432c44b0c043924e91178b4836ae69ff5c9cc8b2172e07506ce8f18acf12329d2d794e92af0c8d2f07b3c34ac29df818543c604dac918d840ba9e4e015684ef428852fe0eed69cbd2ecec83ce843c089a0755976fa4d66d587e22e25df411d72f06eb97695a6d8046affe710a6dfb270858c106d8ac4d31fc36d1eae080f2806de2a3cd39bcd04a9cb640882d3d2726ed4c01486d334ac221665664cd1cda2740181f86499be7977dcc438060ae709243ee3898b9770955fd59616c1f0c74339cca49ba956b68f8caafd318084924601f88b9d78641fa074a20a293782339774778d2057903b68c6aaf753e6e4b418e2548298e8f8b3ed73f03c45d0ea5df1dbdd85b9be0afa7073aedf92d3750fb885329fed79e1319a7fe526f21395108d7af766530ecb7c9cd5ccb2955932ebe6b47b4192eb6bf61e7d52aef53b8ddc0b594f7bc1c6a1fe08b9a889ca8c276185ce9544a139948f30850f40ef0d64c0371eb76c8295899568fd45cbcef7155b5adffa1629ac1c54c5185e39510136370710bcd4e59801aea2c1a1bce7e59cd6bc3a617840b22cc39e1f92c43c9b5abbf935278f110a92d3f4949cf6033e5cc8a170df2bf24e126ce2a3e2d36a18a1780eaaac59ab5b4baa6f27d86c29392441c35f167f0cbc9583bbbca847b14ddc377f4de641283e8a2c2841bc2ad6b54204b0447027854ff0031956d2bb192444144053051f70121d190126cc8f592fc0c5bd2d8a5966425324d8b9cb616f4863113b92bc9d0df05fbed271ae9a201f1a2f0f8597f54a6e4dbf66f3ee91e372a7139acf4559aa414b6c424712d125a80eba0a4f547e435859479e6bfd0a8949c8bd79a473c48c34aaac6c07101b771984071e24a2278bb98da78790ec209a1c33c7746324e48b0dcc958706bb7376da9a07693337787a159592d7437cc5ba6015719b54b460a3f1f59465d60a44c994532148102fdd5f2813ee3d9ad990bf215a099fe03e30e8041330aea69d8afbee6d590c7eb5a4dabe0e5b2b43534c53192613833de2aa9b9c0e90f0ca3c1b4df63010371e4571767f0d96d050387f18afb76968dc209faaa555935d21602d95a1a26344e42d0ab98a6eec66cb0f1ae6691b83d73ee364c664ec2245fd1bdc7b6be48c8f07c7fe29abc77984741ea1c4c62f9c8b90bc74c7d159bccd5b2177acd6a735bb092f7f75551f758782b0b626bee980a6e3ce1849f9d56d55fc99f86995dfd2e610d0857997be78ac1c19e916e8d97f10fec1811af4e5467b026aed28598d4de7b6e62fb436eebb646cc03188b11cda94bbb13d41719c952ffe2c83cf25e80180d4d397f8fbeed1e69eb7fff0d52991e054053c6a546826abd171cac5b574f8d4f9921d230d8ec5a07adb5e8ec5fa3f7a9702e8701c808c6ea982cc19a1efc6af991a4e3dba967b12674b667320c92e90a7dd40b76162c2d5c8fe5abbe95c3d597ba991ed4cc8bb190ef7159e08ae41670bcabcc9a8eab609a01a211f9caf08b91e712283b800a7a67b70628eb33707f1d149c80da9812331de43fe7e9a5ff5ef8239f39597e927ff2a431b59bfdd82c6d4cc6c289323ec515369c219624b37ae028d492cb146086eae4d4023b8ef582419e37a04e37ff4e97a2bdf9b5217fedbfa29e8f65a396a9a388127e7014f81c9bfc7fdbd8686236193ab0be1acd7667b23e03d6079182a142bd3c717ce2367c55ee6047bd40379fbf6f0f1127378a0772fbbb1f7dc767fcfca84075a00a59dec8b7fdffd16e2e88abb50c5b819f3bd2dbaa7936cf647f9a1631f552936a40f5bbdf798768b75acd7d589d4701cc52e750c327058a5e42bf898d14d15f4e2ea08014b3cb16c18e8b0a50982d886a054e035785b5c4bd893ec3688d374b4dbe4bd0c802e7078ea291edac2e364e63dd2b6d7fc225b60314eb9e604eed3ec35cf10cf02493eb34bcdd6bdf4be82828b82dcc02bd8794ca06c264ccba871a648ce6cb84f44ad4ad82ee399c10342e295b6d84f058841bc09de5a6188536157cb5e0757312ec6c525d974ee4eb6198e0507fe960cdc062c7d3341f20064bf8b41bda25ba269778f2c96c75eccd6e88ebcc619393feece95d191e949621ec66a17f2adc80071c6001248564d70a32b5ae8a03b54c1048842b42d47993848400b02c478a1cd070e09575f6331ac3b7d14a69baed4b5c5700adc3a945afce89c4a55a16554aa4acc0839645b03999afc94c1d09466c49de96fcd519e19b33765a0ce1770bb0aff287e3943227faec34f38076c73ac4a02d84d341c431ecd702715405019c3ea758436b1fc9e1f97ae9a308e9c841fc88e6afad2e6440feacf2f96c2470984c51d3346fa4895b52a7ce34745ff1f8202b960b7c68bd1ecc7e2fc1a718c499908cac1d890a61851ea87ebbc3f024683a1f36977f0cdccc1fb2eb5601be8b71840d61aa8a0c0748c59a5de4d63e63e000aef630fa219523c76cfdae201f06f7e6175346f08545afab5a4a991a2015c55ff3232d9a009c229f38b0f0b34515c84e42e429e7712ff95694c2f1140e35a034d4bb3884fd988c69b1f77f4611cd32731b14969be54c40ce1088d3de18db7dcf1d4ba8bfab55e069be4dbb26e223e788eb00ed3560930286bd00857fc08e18f48838f66b7619d52293029fe70baac59f6a1c9c5a8eefd1ffc0d8de68419bca0c35a40793f0df72ed763d72957cb23ed4a74e5b50f0e985830d12570eec111bb2130f4c13f842db8ba3bd4a48f2bf0c21bf10fea27313f42a56bbf81eebd7b6ffc50d185b08d50a5b977c009b73f6279a01278c263360863cc55de89a819d03e29f845dd8c52f8c9f8b9fa5eaa8ff6284fd7b953b145f26396973625e528ae47e60bc395e29db505ff3f26f2bcc4a971649611da87598684aacbd9cf3eef1568cf6a57c87e2ddffeb15466af094eb25b943f69e145a22346a133c2b2ba0c06bb610e5ce69882f76b460022fa392e90d53a221086d874d641c0ae95fbe6838524c905be7bf817e526d5260b029914d2389875d211c6fe3b0b7b3abb2b737fa2961921445b05e59e94c3b93dadd6a25c03fcf54cb1b4ca19a6dffeae6bfb6298aa84331e66a615e9f568bd675eccf8bf755fef0a480fa9c0ba3dd1706e13bab5e718a065ed01310b32ca4b98350608556774f81c8cd2adc865f67dea8c1a83bd9f78e75da016955f339ce4f6b48b040c4b78699f93e2a3c8ca61f989828cb9c59a1bcc906d498da9497cdb4523286d0f89f1666cd7102a03aef76f7da238978933a33d24ffae0e17351adac14dd4ea16f71a95bfe851de0e655c6f80e2b1565dd6707ef22a7a9940b0e0be07f09a57232b7d3a1b9a6716f8f7bd11533e17afb2b539f6152a45d0cb7c30b08a5c7378bf55039a230a827e8fc0b724111c3c0b3fd82d7651cbacca1b58830e378c8d3e00679d7183d3c10be07cc833f2e1018832ab460fd83e3970448fce639d350a65b8c209af3b5346680266171ac1ec7763eb9f08edd396589f1117641528ace15b4e6579a4a50acc2103acf6b652da5a0535ffc37cf68afa92bf4c994d0e211a0863d233733b3a66db42a8d3acc58552346637bea91344936e39bbbc9234d0a6990ac699805a1248fb8fbda79501590afc8a5e5939982c4b89747327293a717c7997ad0853d2e8d99b0951b217bdf8b08191852ddb4f2ae5032cd657874dac6eba8ab3610871cfd8868ef050cde989c009d1437d4dd8f35b29a11fca157fd4ccef92f884996066f5573211d35f718df482bbd1010f363b71f525d4b827b9d5bb45296b887804b8449dc61a64a7aaaf203ec01925ac3f7e8bfa1cd30656dc5b60b8a66a27c69cfe6fa2f46b310aef2159f73c3f31191c10ab28b439a51e6a906ba392327ec94acf94f9a249df2d017e9260c361a2432750c93269a1d1662b7f0f6c19f42dd6cd462d30f087ab35a36863431d4ed1f20d95a8e190627fdf48614e4ea3971502b617a9452f264e1e8b9e87d289902dacde2dbffa2ae7f9582bd3a8313052bc82d1f09fe1de8cc5be95b984ea186527551db83e1ce83f37c3764a33f7befc9312378f20d00b256a1516bcbe07b0d9e4637734ffcc4fb2b462a8938e97ffeda13ea8596ee5caec0765ab6973b72eb4540a998ac7129c708ca28fe9677dfcecc6695d95a386271bacde950702a23d6b92ff434487dbb70a0a101e01e09d8dbce248bbdfad875a289aa1a8b1f011416f592b37ff930264a26888ff85e0f76e47b5705bb507e20ad8512eea319c896a43f3210d521603c1ed6b723c6ca4513ec9a54f8672670d7c3d3c299bcc106dd160ee4629eec578a7756d11738ee59b3a45df96d2277e251d9c5e082f78d5cab3cc783c8a02e121b629b02b778dd027b38bfb749ba3b381b98ccf45d73313081df556eabb8e702d7af8843daa8e90ed5b714204d02b0ef830927df97fefc831cd60a54bad7b6132e9342f1b7401bfc5a03b13ff91c88f6bf2f74f83e6abbcd942bc62eda3f99afc76d734d152731844df5fdba6f6a1bb4e636783eceaf6af1a87e4d134fa87336a83adbe13eb8d1a44c3fe17a2f0e74c7468f7fdfc36964208c41b66c4593f8ed2e1d19b9dedac51eae8fae7b8aff64bc229000a2f296fadaeae174f45b9c709f25d16ad931660b7035b0b8086770fb56794b508df199e25393608e834bc4dcda933aca86d264c9679c27e33489f430d81de0e59d674accbe52cc51f4efc75f273f97b2b29f377ba30fb45dc66c8d29a3b592e9365dce3fcd5cf86e5e9658bbee32b5d199aebaeb16fd00cac83ccb61d2737adcd95b90e3bdd699ee12136a7b9058603a000621e763a3a424076f11df3d3ba6283434f349c8fe544389c5f3970ecc2549267e954755c799709c3188332c5da24d77dfc163501d5a67a9c09348f5e00db35d79754531f15188e1960c51bbdf970c3d1040527839795d88c6b89f0ab17a86512d7d4e8b98bf40df80331ad557965889a5fd02f2b5b0d22979145356d20a33851ef08d64fa9ffbe6e06f301894d9fbb5a16c7f6d85526cbc3d094a7ca7d80d89c1ba79be7bc801e7219ac0e8a5e7b08a438b25143308cc61d37fe1679823f2edb9888f5e3a9183a73217cea107d0d878b5dbad5e0db08d75e1c56f90824668f3cef197e92bdec7a3907adfef05b8d0a03b7f1b6bd9382d13fd79925ba400dfce20648e29fbca1ad0577e5bb8632377b66711b2f7025cdf0e8d0d7f2c0e9e2090e82cd6cbe28fcb9840bf33a155e23679701039aac565e636cb890fd4573cb4e96fdf8a43e449f77a7a00afc0306a8f8d67eafd2b5d705ed4d996134a63badf7a996aff5e19ae9ba7e40be2b9fbfd55fd103c3b0d25be4129b7289a49e805985f24dc1f1e9db26ce6c464b6da595aab0ff5e0e84c48c4ac17b5f2a5174b4aa95a1876604a7b652163508ab60956d2e008188873b376a0c65cfa1ab01cd71212af3616d3158f98588becb47df21dab0b28c8c54563030f50998b767dce1d65c4de022e2bfc0242d27edaf97073171e5a01dc9cc63abd8b3aa21dbbba539b8fd977ed61242f932d99f0db074d3a0ae945f7bdff797f4572e55cae2d5a4ee509adc65ceb9fadf24ab8557b0676b93720046576e77ddd852d4ee7359752b9f6fa582219670a17e88b6bab69e7f832ff08e81f0be39870f0f78796d973b56a0de0176319fa610086e7ce0fe249e9ec58f6281d09232ccfc25716a59a94cdd2fdae5d540ffb1014d631e25dc097a6d379c1000b8a594d94400c1d216914002be33cc4969f194296279e0d8d9cdf893e33c4134c391aa07ef688a46da368c3a530a94da8678710fc75631fcbd7fd9e1b8d1583f4578be3dff6faa4aa8430104781be658b4f5e6eb833272b9fd5593fc8608d9505a5f94146861471364c55a6418f90f8efb9768b7f004fd2661c0e36413a390a5bd9b017cf9eb474bea3742fe23dbadf9c4815a4ee6f3bf343a2db2b4ecb771a6ce32e5dcb230289d17494455096a3e8a4271531295f781848d6d49ec516bdeb3c3ca44941e08de0c25e2c152c7dd6db4ac4ff1d96bc5b94afea1a8307208665fe3fbfc94a8c39efbcb93c7f5bc698b1746352976c13de1228ac005f0b0d9517df0a77f6fe4ab17fe777185bdb39c736d703f3a43b17cc616111030ac100d8ed413d117f8ac3887f21c11c52017cfc4bbc681a7641205280020783ac618f0ed962b6e938dd40e21d65e81d7c3a6bd241c22f3c4b622c22b48ca56aa267b91c3c040ccaf62666ecd3f6ccaafef94eacf5a388b7dd861681c9696bc8e3cf202edcd79ff7cceac02ddaa5b6b8455bb6a6b30b809072d8d6d7b3391580cc454f3d6ddeacbbd1d87cf19a62a4c46e65061aefa6c44a4790961b748c8e2340d05c8ece6b73b385a981e3a8f87e765be2aae3fe5d78300

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-02 19:11 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray]
2009-06-10 10:05 58112 ----a-w- c:\program files\BOINC\boinctray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-07-02 16:16 393216 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:b6,21,36,1b,c6,ec,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4216623315-2518368210-286442524-1000]
"EnableNotificationsRef"=dword:00000001

R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\drivers\AVGIDSvx.sys [03/11/2009 18:47 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [03/11/2009 18:47 161800]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [03/11/2009 18:46 24856]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [17/09/2008 20:58 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [03/11/2009 18:47 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [22/12/2008 11:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 11:05 74480]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/28 15:50];c:\program files\CyberLink\PowerDVD9\000.fcl [28/02/2009 18:40 87536]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [03/11/2009 18:47 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [10/11/2009 09:30 2303680]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [03/11/2009 18:47 5832712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [03/08/2007 14:09 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [15/04/2008 18:08 47640]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business XII.SP2c\RpcAgentSrv.exe [08/08/2008 06:40 98488]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [17/08/2009 00:32 239648]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [18/03/2009 00:03 92008]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [03/11/2009 18:47 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [03/11/2009 18:47 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [03/11/2009 18:47 27800]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\System32\drivers\netr73.sys [12/11/2007 10:03 468480]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [02/09/2007 08:11 716272]
S2 AnyTrial;BugSoft AnyTrial;c:\windows\AnyTrial.exe --> c:\windows\AnyTrial.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [07/04/2008 12:25 21504]
S3 FXDrv32;FXDrv32;c:\program files\FOXCONN\FOX LiveUpdate\FXDrv32.sys [08/08/2008 13:44 23872]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [28/02/2009 14:11 13224]
S3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [17/06/2009 12:20 12648]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\System32\drivers\s0017bus.sys [28/02/2009 13:24 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\System32\drivers\s0017mdfl.sys [28/02/2009 13:24 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\System32\drivers\s0017mdm.sys [28/02/2009 13:24 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0017mgmt.sys [28/02/2009 13:24 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\System32\drivers\s0017nd5.sys [28/02/2009 13:24 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\System32\drivers\s0017obex.sys [28/02/2009 13:24 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\System32\drivers\s0017unic.sys [28/02/2009 13:24 117672]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 11:06 7408]
S4 NFService;Fastream IQ Web/FTP Server;c:\progra~1\FASTRE~1\IQWebFTPServerEngine.exe [22/02/2008 10:29 3180544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {73EE7656-200E-44B0-BB16-1C98C32DEECF} = 208.67.222.222,208.67.220.220
TCP: {A724F681-C879-4F0E-B950-6043A9A13612} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\wd319ilr.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Power2GoExpress - (no file)
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-17 18:20
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x864E6E31]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a9a4d24
\Driver\ACPI -> acpi.sys @ 0x82c9ed68
\Driver\atapi -> atapi.sys @ 0x82db09b0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-12-17 18:24:51
ComboFix-quarantined-files.txt 2009-12-17 18:24

Pre-Run: 147,416,809,472 bytes free
Post-Run: 147,848,073,216 bytes free

- - End Of File - - C718CB55D215835644FF9C2CA3495DDD

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:20 AM

Posted 18 December 2009 - 01:37 PM

Hi,

How is your system running right now?



Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Utorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."




  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:20 AM

Posted 23 December 2009 - 11:10 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users