Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Hijacked - Ads and Malware... HELP!!


  • This topic is locked This topic is locked
32 replies to this topic

#1 rob335

rob335

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:43 PM

Posted 02 January 2010 - 01:45 PM

Hi, I need some help - I got this "Google search redirect and ads window pop up" problem too. I didn't want to use anyone else's fixes, as it might screw up my computer even more. I've got the HijackThis log, and can i have an expert to help me clear the malware... please.

Here's the log, can someone please analyse it:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:48, on 02/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Norton 360\AddOns\Norton AddOn Pack\Engine\3.7.0.23\ccProxy.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Iconix\IconixService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Rob\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Users\Rob\Downloads\HijackThis.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_41.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; OfficeLiveConnector.1.3; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLivePatch.1.3)" -"http://www.soundjunction.org/exploringmovingaway.aspa?NodeID=100"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RealUpgradeHelper] "C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0" (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_41.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_41.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_41.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_41.dll
O13 - Gopher Prefix:
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} (FixItClient Class) - https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - https://www.coolroom.com/ActiveX/ax.dll
O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} (AbImporter Class) - http://tiga.socialgo.com/application/exter...topImporter.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Norton 360\AddOns\Norton AddOn Pack\Engine\3.7.0.23\ccProxy.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9d4d15cffcc03) (gupdate1c9d4d15cffcc03) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\Iconix\IconixService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 17731 bytes

Oh... and I've got the windows 7 upgrade disk, would the problem go if I install it?

Edited by rob335, 02 January 2010 - 01:47 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:43 PM

Posted 10 January 2010 - 09:08 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  • Click on the My Controls link at the top of the page to enter your control panel.
  • Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  • Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  • Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.
Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 rob335

rob335
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:43 PM

Posted 11 January 2010 - 04:09 PM

I'll do that as soon as I get on my computer tomorrow, and I'll post the log.

No worries about the delay - I know that there are loads of people asking for help in this forum.

#4 rob335

rob335
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:43 PM

Posted 12 January 2010 - 05:13 PM

I'll do that as soon as I get on my computer tomorrow, and I'll post the log.

No worries about the delay - I know that there are loads of people asking for help in this forum.


ok, maybe I will get on my computer tomorrow... I'll try to post the DDS log as soon as possible (hopefully tomorrow evening)

#5 rob335

rob335
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:43 PM

Posted 17 January 2010 - 07:17 AM

OK, here's the DDS Log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Rob at 12:06:49.27 on 17/01/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1982.281 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Norton 360\AddOns\Norton AddOn Pack\Engine\3.7.0.23\ccProxy.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Iconix\IconixService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\mcupdate.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Users\Rob\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Rob\Desktop\dds.pif
C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.2.11\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - c:\program files\iconix\ieaddon\IconixBHO_41.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - c:\program files\ebay\ebay toolbar2\eBayTB.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File
EB: BatteryBar: {10149daf-506b-4488-8376-df24f0185196} - mscoree.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; OfficeLiveConnector.1.3; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLivePatch.1.3)" -"http://www.soundjunction.org/exploringmovingaway.aspa?NodeID=100"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
uPolicies-explorer: NoSearchFilesInStartMenu = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLUA = 2 (0x2)
IE: &Subscribe with ArchosLink
IE: E&xport to Microsoft Excel
IE: eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Save YouTube Video - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\common files\dvdvideosoft\dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - c:\program files\iconix\ieaddon\IconixBHO_41.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - c:\program files\iconix\ieaddon\IconixBHO_41.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - hxxps://www.coolroom.com/ActiveX/ax.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - hxxp://tiga.socialgo.com/application/external/dist/OzDesktopImporter.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\rob\appdata\roaming\mozilla\firefox\profiles\lfu48u3r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|http://forums.x10hosting.com
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\rob\appdata\roaming\mozilla\firefox\profiles\lfu48u3r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\rob\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-01-06 18:45:31 305449126 ----a-w- c:\windows\MEMORY.DMP
2010-01-06 11:56:08 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-03 15:25:25 1908 ----a-w- c:\windows\diagwrn.xml
2010-01-03 15:25:25 1908 ----a-w- c:\windows\diagerr.xml
2010-01-01 14:06:29 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-01-01 11:29:38 0 d-----w- c:\program files\CCleaner
2010-01-01 11:08:41 103720 ----a-w- c:\users\rob\GoToAssistDownloadHelper.exe
2009-12-31 13:51:50 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-31 13:51:48 883 ----a-w- c:\windows\RegSDImport.xml
2009-12-31 13:51:48 880 ----a-w- c:\windows\RegISSImport.xml
2009-12-31 13:51:47 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-31 13:51:47 131 ----a-w- c:\windows\IDB.zip
2009-12-31 13:51:47 1152444 ----a-w- c:\windows\UDB.zip
2009-12-31 13:51:46 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-31 13:51:46 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-31 13:45:32 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-12-31 13:45:32 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-31 13:45:32 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-31 13:43:45 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-31 13:43:45 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-31 13:43:45 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-31 13:43:44 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-31 13:41:45 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-12-31 13:41:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-31 13:40:31 0 d-----w- c:\program files\common files\PC Tools
2009-12-31 13:40:23 0 d-----w- c:\users\rob\appdata\roaming\PC Tools
2009-12-31 13:40:23 0 d-----w- c:\programdata\PC Tools
2009-12-31 13:40:23 0 d-----w- c:\program files\Spyware Doctor
2009-12-30 18:25:18 0 d-----w- c:\programdata\WD_SmartWareCommon
2009-12-30 18:21:52 0 d-----w- c:\users\rob\appdata\roaming\Western Digital
2009-12-30 18:21:13 0 d-----w- c:\programdata\Western Digital
2009-12-30 18:17:21 0 d-----w- c:\program files\Western Digital
2009-12-30 13:11:55 0 d-----w- c:\users\rob\appdata\roaming\Malwarebytes
2009-12-30 13:11:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:11:39 0 d-----w- c:\programdata\Malwarebytes
2009-12-30 13:11:37 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 13:11:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-27 09:44:59 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-19 13:54:01 0 d-----w- c:\program files\MSECache
2009-12-18 22:00:34 0 d-----w- c:\programdata\WindowsSearch
2009-12-18 20:48:37 0 d-----w- c:\programdata\NimiVisuals
2009-12-18 14:12:14 0 d-----w- c:\program files\common files\Akamai

==================== Find3M ====================

2010-01-06 12:56:32 100701 ----a-w- c:\programdata\nvModes.dat
2009-12-30 18:20:56 86016 ----a-w- c:\windows\inf\infpub.dat
2009-12-30 18:20:55 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-30 18:20:20 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-30 12:27:36 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-11-30 12:27:34 41616 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-11-30 12:27:34 100048 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 12:31:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 23:08:37 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-07-29 20:12:52 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-29 12:56:48 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009052820090529\index.dat
2009-07-05 10:13:06 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009061520090622\index.dat
2009-07-05 10:13:06 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009062220090629\index.dat
2009-07-05 10:13:06 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009062920090630\index.dat
2009-07-05 10:13:06 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009070420090705\index.dat
2009-07-05 10:13:06 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009070520090706\index.dat

============= FINISH: 12:17:12.74 ===============

#6 rob335

rob335
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:43 PM

Posted 18 January 2010 - 02:27 AM

I think it is cloaked malware...

#7 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:43 PM

Posted 18 January 2010 - 11:36 AM

Hi rob335,



Welcome to BleepingComputer HijackThis Logs and Malware Removal, :(
My name is sundavis, I will be helping you to deal with your Malware problems today.

Step1

1.Go to this thread and Download TDSSKiller.zip to your Desktop.
2.Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
3.Start > Run and copy/paste the following bolded command into run box and hit Enter.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

4.If TDSSKiller alerts you that the system needs to reboot, please consent.
5.When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Step2
  • If you already have Combofix, please delete that copy and download it again as it's being updated regularly.
  • Please visit this webpage for download links, and instructions for running the tool:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  • Note: If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu.
    The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.
  • Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow Combofix to continue scanning for malware.
  • When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.
  • Do not mouse click on Combofix while it is running. That may cause it to stall.

Step3

Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


In your next reply, please post back:


1.TDSSKiller log
2.ComboFix log
3.MBAM log Thanks

#8 rob335

rob335
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:43 PM

Posted 18 January 2010 - 03:00 PM

Here are the TDSSKiller and MalwareBytes Log, but i can't install Combofix - it says that the installation files are corrupted.

TDSSKiller:
19:15:40:202 21644 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
19:15:40:202 21644 ================================================================================
19:15:40:202 21644 SystemInfo:

19:15:40:202 21644 OS Version: 6.0.6002 ServicePack: 2.0
19:15:40:202 21644 Product type: Workstation
19:15:40:203 21644 ComputerName: ROB-PC
19:15:40:203 21644 UserName: Rob
19:15:40:203 21644 Windows directory: C:\Windows
19:15:40:203 21644 Processor architecture: Intel x86
19:15:40:203 21644 Number of processors: 2
19:15:40:203 21644 Page size: 0x1000
19:15:40:207 21644 Boot type: Normal boot
19:15:40:207 21644 ================================================================================
19:15:40:344 21644 UnloadDriverW: NtUnloadDriver error 2
19:15:40:344 21644 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
19:15:40:367 21644 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
19:15:50:736 21644 UtilityInit: KLMD drop and load success
19:15:50:736 21644 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
19:15:50:736 21644 UtilityInit: KLMD open success
19:15:50:736 21644 UtilityInit: Initialize success
19:15:50:736 21644
19:15:50:736 21644 Scanning Services ...
19:15:50:737 21644 CreateRegParser: Registry parser init started
19:15:50:737 21644 CreateRegParser: DisableWow64Redirection error
19:15:50:737 21644 wfopen_ex: Trying to open file C:\Windows\system32\config\system
19:15:50:765 21644 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043
19:15:50:765 21644 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:15:50:765 21644 wfopen_ex: Trying to KLMD file open
19:15:50:765 21644 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system
19:15:50:765 21644 wfopen_ex: File opened ok (Flags 2)
19:15:50:766 21644 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 18E2CD8
19:15:50:766 21644 wfopen_ex: Trying to open file C:\Windows\system32\config\software
19:15:50:769 21644 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043
19:15:50:769 21644 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:15:50:769 21644 wfopen_ex: Trying to KLMD file open
19:15:50:769 21644 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software
19:15:50:769 21644 wfopen_ex: File opened ok (Flags 2)
19:15:50:769 21644 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 18E2D00
19:15:50:769 21644 CreateRegParser: EnableWow64Redirection error
19:15:50:769 21644 CreateRegParser: RegParser init completed
19:15:55:283 21644 GetAdvancedServicesInfo: Raw services enum returned 501 services
19:15:55:289 21644 fclose_ex: Trying to close file C:\Windows\system32\config\system
19:15:55:292 21644 fclose_ex: Trying to close file C:\Windows\system32\config\software
19:15:55:294 21644
19:15:55:295 21644 Scanning Kernel memory ...
19:15:55:295 21644 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
19:15:55:296 21644 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 857425A8
19:15:55:296 21644 DetectCureTDL3: KLMD_GetDeviceObjectList returned 1 DevObjects
19:15:55:296 21644
19:15:55:296 21644 DetectCureTDL3: DEVICE_OBJECT: 85851AC8
19:15:55:296 21644 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85851AC8
19:15:55:296 21644 DetectCureTDL3: DEVICE_OBJECT: 858324A0
19:15:55:296 21644 KLMD_GetLowerDeviceObject: Trying to get lower device object for 858324A0
19:15:55:296 21644 DetectCureTDL3: DEVICE_OBJECT: 855B4A70
19:15:55:296 21644 KLMD_GetLowerDeviceObject: Trying to get lower device object for 855B4A70
19:15:55:296 21644 DetectCureTDL3: DEVICE_OBJECT: 855B4B98
19:15:55:296 21644 KLMD_GetLowerDeviceObject: Trying to get lower device object for 855B4B98
19:15:55:296 21644 KLMD_ReadMem: Trying to ReadMemory 0x855B4B98[0x38]
19:15:55:296 21644 DetectCureTDL3: DRIVER_OBJECT: 8675B588
19:15:55:296 21644 KLMD_ReadMem: Trying to ReadMemory 0x8675B588[0xA8]
19:15:55:296 21644 KLMD_ReadMem: Trying to ReadMemory 0x8561EB98[0x38]
19:15:55:296 21644 KLMD_ReadMem: Trying to ReadMemory 0x855A6698[0xA8]
19:15:55:296 21644 KLMD_ReadMem: Trying to ReadMemory 0x84805940[0x1A]
19:15:55:296 21644 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
19:15:55:297 21644 DetectCureTDL3: IrpHandler (0) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (1) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (2) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (3) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (4) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (5) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (6) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (7) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (8) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (9) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (10) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (11) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (12) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (13) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (14) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (15) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (16) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (17) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (18) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (19) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (20) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (21) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (22) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (23) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (24) addr: 85622841
19:15:55:297 21644 DetectCureTDL3: IrpHandler (25) addr: 85622841
19:15:55:298 21644 DetectCureTDL3: IrpHandler (26) addr: 85622841
19:15:55:298 21644 DetectCureTDL3: All IRP handlers pointed to one addr: 85622841
19:15:55:298 21644 KLMD_ReadMem: Trying to ReadMemory 0x85622841[0x400]
19:15:55:298 21644 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 333, 121, 3, 109
19:15:55:298 21644 Driver "atapi" Irp handler infected by TDSS rootkit ... 19:15:55:299 21644 KLMD_WriteMem: Trying to WriteMemory 0x856228BA[0xD]
19:15:55:299 21644 cured
19:15:55:300 21644 KLMD_ReadMem: Trying to ReadMemory 0x856226EC[0x400]
19:15:55:300 21644 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1
19:15:55:300 21644 Driver "atapi" StartIo handler infected by TDSS rootkit ... 19:15:55:300 21644 TDL3_StartIoHookCure: Number of patches 1
19:15:55:300 21644 KLMD_WriteMem: Trying to WriteMemory 0x856227F5[0x6]
19:15:55:300 21644 cured
19:15:55:301 21644 TDL3_FileDetect: Processing driver: atapi
19:15:55:301 21644 TDL3_FileDetect: Processing driver file: C:\Windows\system32\drivers\atapi.sys
19:15:55:301 21644 KLMD_CreateFileW: Trying to open file C:\Windows\system32\drivers\atapi.sys
19:15:55:319 21644 TDL3_FileDetect: C:\Windows\system32\drivers\atapi.sys - Verdict: Infected
19:15:55:319 21644 File C:\Windows\system32\drivers\atapi.sys infected by TDSS rootkit ... 19:15:55:320 21644 TDL3_FileCure: Processing driver file: C:\Windows\system32\drivers\atapi.sys
19:16:00:140 21644 FileCallback: Backup candidate found: C:\Windows\system32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys:19944, checking..
19:16:00:223 21644 ValidateDriverFile: Stage 1 passed
19:16:00:237 21644 ValidateDriverFile: Stage 2 passed
19:16:00:447 21644 DigitalSignVerifyByHandle: Embedded DS result: 00000000
19:16:00:447 21644 ValidateDriverFile: Stage 3 passed
19:16:00:447 21644 FileCallback: File validated successfully, restore information prepared
19:16:05:559 21644 FindDriverFileBackup: Backup copy found in DriverStore
19:16:05:559 21644 TDL3_FileCure: Backup copy found, using it..
19:16:05:564 21644 TDL3_FileCure: Dumping cured buffer to file C:\Windows\system32\drivers\tsk975F.tmp
19:16:05:613 21644 TDL3_FileCure: New / Old Image paths: (system32\drivers\tsk975F.tmp, system32\drivers\atapi.sys)
19:16:05:671 21644 TDL3_FileCure: KLMD jobs schedule success
19:16:05:672 21644 will be cured on next reboot
19:16:05:672 21644 UtilityBootReinit: Reboot required for cure complete..
19:16:05:673 21644 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmdb.sys) returned status 00000000
19:16:05:799 21644 UtilityBootReinit: KLMD drop success
19:16:05:812 21644 KLMD_ApplyPendList: Pending buffer(2627_1929, 616) dropped successfully
19:16:05:812 21644 UtilityBootReinit: Cure on reboot scheduled successfully
19:16:05:812 21644
19:16:05:812 21644 Completed
19:16:05:813 21644
19:16:05:813 21644 Results:
19:16:05:813 21644 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
19:16:05:814 21644 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:16:05:814 21644 File objects infected / cured / cured on reboot: 1 / 0 / 1
19:16:05:814 21644
19:16:05:815 21644 UnloadDriverW: NtUnloadDriver error 1
19:16:05:815 21644 KLMD_Unload: UnloadDriverW(klmd21) error 1
19:16:05:821 21644 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
19:16:05:822 21644 UtilityDeinit: KLMD(ARK) unloaded successfully

MalwareBytes:
Malwarebytes' Anti-Malware 1.42
Database version: 3454
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

18/01/2010 19:54:45
mbam-log-2010-01-18 (19-54-45).txt

Scan type: Quick Scan
Objects scanned: 113565
Time elapsed: 13 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I'll try and get ComboFix to work, and post that as soon as possible!

rob335

Edited by rob335, 18 January 2010 - 03:20 PM.


#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:43 PM

Posted 18 January 2010 - 11:23 PM

Hi rob335,



I'll try and get ComboFix to work, and post that as soon as possible!

Please delete the current copy of ComboFix from your desktop. Please disable your AV before proceeding. Download a new copy of ComboFix and save it to your desktop.

Click Start button > Select Run > then copy/paste the following bolded command into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply. After that, please do the following:


Step1
  • Please download OTL and save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste the following bolded text:

    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop

  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Copy and paste both logs back here in your next reply.

In your next reply, please post back:


1.ComboFix log
2.OTListIt.txt and Extra.txt Thanks

Tell me if you have any remaining issues on your pc.

#10 rob335

rob335
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:43 PM

Posted 19 January 2010 - 03:01 PM

OTL.txt:

OTL logfile created on: 19/01/2010 19:00:51 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Rob\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 28.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.43 Gb Total Space | 31.14 Gb Free Space | 22.02% Space Free | Partition Type: NTFS
Drive D: | 7.62 Gb Total Space | 1.67 Gb Free Space | 21.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROB-PC
Current User Name: Rob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/19 18:59:22 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
PRC - [2010/01/08 01:42:18 | 00,527,344 | ---- | M] (Google Inc.) -- C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/12/03 19:42:56 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/18 12:47:14 | 01,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/11/04 17:56:16 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Users\Rob\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/30 20:09:41 | 00,282,968 | ---- | M] () -- C:\Program Files\Common Files\Iconix\IconixService.exe
PRC - [2009/09/18 12:58:55 | 00,186,744 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\AddOns\Norton AddOn Pack\Engine\3.7.0.23\ccProxy.exe
PRC - [2009/09/04 15:23:56 | 08,975,680 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/09/04 15:23:56 | 02,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/09/04 15:22:22 | 00,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/08/22 08:14:09 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
PRC - [2009/07/26 16:44:34 | 00,113,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Mail\wlmail.exe
PRC - [2009/06/16 09:58:08 | 00,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 06:28:08 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/04/11 06:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 15:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/04 02:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvsvc.exe
PRC - [2008/10/16 19:12:28 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/10/09 07:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2008/07/13 10:37:23 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/06/20 16:37:44 | 00,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/06/20 16:37:34 | 01,316,136 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/06/12 15:57:18 | 00,991,584 | ---- | M] (Vendio Services, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe
PRC - [2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 01:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/03/25 19:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/03/25 19:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/01/19 07:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/11/27 11:58:28 | 03,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/10/03 15:15:40 | 00,480,560 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/09/26 07:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2007/09/15 02:29:10 | 00,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/07/10 06:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\XAudio.exe
PRC - [2007/05/16 10:43:06 | 00,677,432 | R--- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2007/04/24 01:11:42 | 00,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007/04/24 01:11:20 | 00,176,128 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2007/02/13 18:38:36 | 00,159,744 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2006/12/15 00:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/12/10 20:52:38 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006/05/02 21:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe


========== Modules (SafeList) ==========

MOD - [2010/01/19 18:59:22 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
MOD - [2009/10/30 11:18:16 | 00,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/04/11 06:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - File not found [On_Demand | Stopped] -- -- (MySQL)
SRV - File not found [Disabled | Stopped] -- -- (MSSQLServerADHelper100)
SRV - [2010/01/01 11:08:54 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2009/11/10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/30 20:09:41 | 00,282,968 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Iconix\IconixService.exe -- (IconixService)
SRV - [2009/09/25 01:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/18 12:58:55 | 00,186,744 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\AddOns\Norton AddOn Pack\Engine\3.7.0.23\ccProxy.exe -- (ccProxy)
SRV - [2009/09/04 15:22:22 | 00,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/08/22 08:14:09 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe -- (N360)
SRV - [2009/08/05 22:48:42 | 00,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/06/16 09:58:08 | 00,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/14 20:19:31 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9d4d15cffcc03) Google Update Service (gupdate1c9d4d15cffcc03)
SRV - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/25 18:42:29 | 00,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/04 02:42:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\System32\nvvsvc.exe -- (nvsvc)
SRV - [2008/11/19 18:23:16 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/09 07:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/07/11 00:28:06 | 40,999,448 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/01/19 07:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/27 11:58:28 | 03,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/07/10 06:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/04/24 01:11:44 | 00,106,593 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/24 01:11:42 | 00,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/02/17 14:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/02/12 16:36:58 | 00,880,640 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2006/12/15 00:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 21:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2400098543-1109025889-639053156-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2400098543-1109025889-639053156-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2400098543-1109025889-639053156-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2400098543-1109025889-639053156-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
IE - HKU\S-1-5-21-2400098543-1109025889-639053156-1000\S-1-5-21-2400098543-1109025889-639053156-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2400098543-1109025889-639053156-1000\S-1-5-21-2400098543-1109025889-639053156-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig|http://forums.x10hosting.com"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}:0.7.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/23 13:14:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/23 14:56:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/23 14:56:08 | 00,000,000 | ---D | M]

[2009/10/08 15:55:17 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Extensions
[2009/12/31 15:44:16 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\lfu48u3r.default\extensions
[2009/10/08 16:18:48 | 00,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\lfu48u3r.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2009/12/30 11:04:00 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\lfu48u3r.default\extensions\cfxe@Triton
[2009/10/18 09:03:35 | 00,001,720 | ---- | M] () -- C:\Users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\lfu48u3r.default\searchplugins\youtube-video-search.xml
[2010/01/19 18:50:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/31 21:47:26 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2007/03/09 23:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2010/01/18 20:12:57 | 00,373,478 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12872 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (IconixBHOClass Class) - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_41.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll (Vendio Services, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O3 - HKU\S-1-5-21-2400098543-1109025889-639053156-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-2400098543-1109025889-639053156-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2400098543-1109025889-639053156-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-2400098543-1109025889-639053156-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2400098543-1109025889-639053156-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - HKU\S-1-5-21-2400098543-1109025889-639053156-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2400098543-1109025889-639053156-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2400098543-1109025889-639053156-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKU\.DEFAULT..\RunOnce: [RealUpgradeHelper] C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [RealUpgradeHelper] C:\Program Files\Common Files\Real\Update_OB\upgrdhlp.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2400098543-1109025889-639053156-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident\4.0; File not found
O4 - Startup: C:\Users\Mum and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 2
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2400098543-1109025889-639053156-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2400098543-1109025889-639053156-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchFilesInStartMenu = 1
O7 - HKU\S-1-5-21-2400098543-1109025889-639053156-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2400098543-1109025889-639053156-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-2400098543-1109025889-639053156-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_41.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_41.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2400098543-1109025889-639053156-1000\..Trusted Domains: 62 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} https://www.coolroom.com/ActiveX/ax.dll (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} http://tiga.socialgo.com/application/exter...topImporter.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Rob\Pictures\Dogs\Lady, Gemma & Other Dogs\imm017_18A.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rob\Pictures\Dogs\Lady, Gemma & Other Dogs\imm017_18A.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/08 02:31:08 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 15:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{abdacaa9-e407-11de-a7ce-001b246749cf}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/01/19 18:58:49 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2010/01/18 20:19:39 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/01/13 08:44:14 | 00,176,392 | ---- | C] (Kaspersky Lab) -- C:\Users\Rob\Desktop\TDSSKiller.exe
[2010/01/06 11:56:08 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/08/22 19:08:59 | 00,047,360 | ---- | C] (VSO Software) -- C:\Users\Rob\AppData\Roaming\pcouffin.sys
[1 C:\Users\Rob\Desktop\*.tmp files -> C:\Users\Rob\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/19 19:28:36 | 10,223,616 | -HS- | M] () -- C:\Users\Rob\ntuser.dat
[2010/01/19 19:27:00 | 00,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{085998C7-F81B-4EB7-AD2C-B831EF19DD67}.job
[2010/01/19 19:21:49 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{72A04D72-B6CB-4BE2-A8D5-E377AE5F9093}.job
[2010/01/19 19:01:02 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2400098543-1109025889-639053156-1000UA.job
[2010/01/19 18:59:22 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Desktop\OTL.exe
[2010/01/19 18:55:19 | 00,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/01/19 18:55:18 | 00,100,701 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/19 18:54:51 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/01/19 18:53:03 | 00,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/01/19 18:49:55 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/19 18:49:49 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/19 18:49:49 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/19 18:49:43 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/19 18:49:37 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/18 21:12:48 | 00,524,288 | -HS- | M] () -- C:\Users\Rob\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/18 21:12:48 | 00,065,536 | -HS- | M] () -- C:\Users\Rob\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/18 21:11:56 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/18 21:11:28 | 03,369,242 | -H-- | M] () -- C:\Users\Rob\AppData\Local\IconCache.db
[2010/01/18 20:42:02 | 00,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/18 20:12:57 | 00,373,478 | R--- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/01/18 19:14:33 | 00,176,392 | ---- | M] (Kaspersky Lab) -- C:\Users\Rob\Desktop\TDSSKiller.exe
[2010/01/18 19:13:24 | 00,152,401 | ---- | M] () -- C:\Users\Rob\Desktop\tdsskiller.zip
[2010/01/12 18:01:03 | 00,000,846 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2400098543-1109025889-639053156-1000Core.job
[2010/01/08 17:35:03 | 30,544,9126 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/07 20:39:08 | 00,000,104 | ---- | M] () -- C:\Users\Rob\Desktop\E-mail.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/06 15:39:16 | 00,000,172 | ---- | M] () -- C:\Windows\wininit.ini
[2010/01/06 12:56:32 | 00,100,701 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/01/06 11:57:08 | 00,001,015 | ---- | M] () -- C:\Users\Rob\Desktop\Spybot - Search & Destroy.lnk
[1 C:\Users\Rob\Desktop\*.tmp files -> C:\Users\Rob\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/18 19:13:21 | 00,152,401 | ---- | C] () -- C:\Users\Rob\Desktop\tdsskiller.zip
[2010/01/06 18:45:31 | 30,544,9126 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/01/06 11:57:07 | 00,001,015 | ---- | C] () -- C:\Users\Rob\Desktop\Spybot - Search & Destroy.lnk
[2009/12/31 13:51:50 | 00,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2009/12/08 17:26:08 | 00,000,760 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\setup_ldm.iss
[2009/11/15 11:35:29 | 00,000,024 | ---- | C] () -- C:\Users\Rob\AppData\Local\M
[2009/11/12 18:19:52 | 00,000,046 | ---- | C] () -- C:\Users\Rob\AppData\Local\DonationCoder_desktopcoral_InstallInfo.dat
[2009/10/23 07:46:44 | 00,000,000 | ---- | C] () -- C:\Windows\windowfx3.ini
[2009/10/23 07:46:34 | 00,000,000 | ---- | C] () -- C:\Windows\windowfx2.ini
[2009/10/23 07:45:08 | 00,000,010 | ---- | C] () -- C:\Windows\System32\wfxhelp22.dll
[2009/09/02 08:22:50 | 00,000,005 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\openList.awt
[2009/09/02 08:22:50 | 00,000,005 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\closedList.awt
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/21 20:22:42 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/18 10:26:13 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/07/18 10:26:13 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/01/02 18:36:17 | 00,000,153 | ---- | C] () -- C:\Users\Rob\AppData\Local\rahistory.xml
[2008/12/30 15:40:15 | 00,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys
[2008/12/27 14:24:12 | 00,100,701 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/27 14:24:12 | 00,100,701 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/09/07 16:17:56 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{3b7866c3-7cc3-11dd-bbf0-001b246749cf}.TMContainer00000000000000000002.regtrans-ms
[2008/09/07 16:17:56 | 00,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{3b7866c3-7cc3-11dd-bbf0-001b246749cf}.TMContainer00000000000000000001.regtrans-ms
[2008/09/07 16:17:56 | 00,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2008/09/07 16:17:56 | 00,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{3b7866c3-7cc3-11dd-bbf0-001b246749cf}.TM.blf
[2008/09/07 16:17:56 | 00,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2008/09/07 16:17:56 | 00,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2008/08/30 09:11:16 | 00,000,172 | ---- | C] () -- C:\Windows\wininit.ini
[2008/08/22 19:11:40 | 00,000,668 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\vso_ts_preview.xml
[2008/08/22 19:10:59 | 00,000,033 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\pcouffin.log
[2008/08/22 19:08:59 | 00,087,608 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\inst.exe
[2008/08/22 19:08:59 | 00,007,887 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\pcouffin.cat
[2008/08/22 19:08:59 | 00,001,144 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\pcouffin.inf
[2008/03/25 16:04:59 | 00,000,858 | ---- | C] () -- C:\Users\Rob\AppData\Local\RAExpertHistory.xml
[2008/03/10 19:12:09 | 00,001,356 | ---- | C] () -- C:\Users\Rob\AppData\Local\d3d9caps.dat
[2008/03/02 16:25:30 | 00,002,198 | ---- | C] () -- C:\Users\Rob\AppData\Local\bwdgti.dat
[2008/02/12 10:29:18 | 00,100,701 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\nvModes.001
[2008/02/12 10:29:17 | 00,100,701 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\nvModes.dat
[2008/01/06 09:35:45 | 00,000,000 | ---- | C] () -- C:\Users\Rob\AppData\Local\FnF4.txt
[2007/12/27 14:16:59 | 00,023,213 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\UserTile.png
[2007/12/26 11:45:17 | 00,404,480 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2007/12/26 11:45:17 | 00,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/12/26 11:45:17 | 00,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2007/12/09 11:43:37 | 00,000,098 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\wklnhst.dat
[2007/12/09 11:34:24 | 00,077,824 | ---- | C] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/07 11:25:59 | 00,000,000 | ---- | C] () -- C:\Users\Rob\AppData\Local\QSwitch.txt
[2007/12/07 11:25:59 | 00,000,000 | ---- | C] () -- C:\Users\Rob\AppData\Local\DSwitch.txt
[2007/12/07 11:25:59 | 00,000,000 | ---- | C] () -- C:\Users\Rob\AppData\Local\AtStart.txt
[2007/09/27 11:52:00 | 00,466,944 | ---- | C] () -- C:\Windows\System32\softcoin.dll
[2007/09/27 11:52:00 | 00,344,064 | ---- | C] () -- C:\Windows\System32\gencoin.dll
[2007/06/08 02:22:57 | 00,011,944 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/27 20:43:02 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 06:01:36 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 06:01:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:21 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/10 00:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/07 12:06:00 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/02/11 12:22:58 | 00,077,824 | ---- | C] () -- C:\Windows\System32\CDVPreviewEx.dll

========== LOP Check ==========

[2008/05/20 18:43:38 | 00,000,000 | ---D | M] -- C:\Users\Mum and Dad\AppData\Roaming\eBay
[2008/12/01 07:24:01 | 00,000,000 | ---D | M] -- C:\Users\Mum and Dad\AppData\Roaming\Iconix
[2008/02/12 09:27:34 | 00,000,000 | ---D | M] -- C:\Users\Mum and Dad\AppData\Roaming\Nokia
[2008/02/12 09:27:57 | 00,000,000 | ---D | M] -- C:\Users\Mum and Dad\AppData\Roaming\PC Suite
[2009/12/30 08:40:44 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\BatteryBar
[2009/09/19 19:15:54 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
[2008/02/16 11:06:58 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\DassaultSystemes
[2010/01/02 08:58:37 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Dropbox
[2008/03/31 07:42:07 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\eBay
[2010/01/08 17:33:01 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\FileZilla
[2009/07/18 10:25:52 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\GetRightToGo
[2008/09/02 17:42:03 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Iconix
[2009/12/30 17:07:36 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Image Zone Express
[2008/07/19 15:49:36 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\muvee Technologies
[2008/09/30 16:28:01 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\NCH Swift Sound
[2009/08/21 14:35:04 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Notepad++
[2009/01/23 20:41:20 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Opera
[2009/02/13 19:50:20 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\PCF-VLC
[2010/01/01 12:41:23 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Printer Info Cache
[2009/05/29 19:52:16 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Publish Providers
[2009/07/21 18:46:29 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\shrink_pic
[2008/04/19 14:32:24 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Snapfish
[2009/11/22 16:54:02 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Spotify
[2008/03/28 11:22:07 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SystemGadgets
[2007/12/09 11:43:39 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Template
[2009/05/06 19:49:46 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2008/08/22 19:34:54 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Vso
[2009/12/30 18:21:52 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Western Digital
[2009/05/26 17:16:42 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Windows Live Writer
[2008/09/12 18:02:42 | 00,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\XnView
[2010/01/18 21:11:56 | 00,032,648 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010/01/19 19:27:00 | 00,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{085998C7-F81B-4EB7-AD2C-B831EF19DD67}.job
[2010/01/19 19:21:49 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{72A04D72-B6CB-4BE2-A8D5-E377AE5F9093}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 07:42:25 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/06/08 02:38:20 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/06/08 02:38:21 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/06/08 02:38:21 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006/11/02 09:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2010/01/18 19:19:28 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys
[2009/04/11 06:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 06:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 07:41:30 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 09:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/16 09:25:34 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/16 09:25:34 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/16 09:25:33 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006/11/02 09:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 07:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 07:42:51 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2006/11/02 09:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 09:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 06:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll
[2009/04/11 06:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 07:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006/11/02 09:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 07:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 07:42:09 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 07:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 09:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 06:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll
[2009/04/11 06:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:FCFD8689
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A6CD15C3
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >


Extras.txt:

OTL Extras logfile created on: 19/01/2010 19:00:51 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\Rob\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 28.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.43 Gb Total Space | 31.14 Gb Free Space | 22.02% Space Free | Partition Type: NTFS
Drive D: | 7.62 Gb Total Space | 1.67 Gb Free Space | 21.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROB-PC
Current User Name: Rob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2400098543-1109025889-639053156-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B29E20-9B02-4F5E-A8A3-54B2C26FF41A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0986C2EA-2E20-40B5-B889-EDA2004A1941}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{100C3EF0-F570-47C9-A21A-8DD7C6B71194}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12F0F8B2-F0B5-44EB-950F-0084DA908282}" = lport=3306 | protocol=6 | dir=in | name=mysql server |
"{1C3FE00E-EEC5-4488-AF95-DF5CDC825C32}" = rport=10244 | protocol=6 | dir=out | app=system |
"{1DDF1C14-6B86-4F5E-B415-86CE039FCB06}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1F9000EE-EF75-4705-B21E-E49232620AA2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20A6CF75-EEE6-4606-88B9-B1BCDA68D3F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2E3789AD-3177-40ED-ABD8-309FD400D250}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3288825E-6C6A-42C3-9524-11C340EEDD95}" = lport=2869 | protocol=6 | dir=in | app=system |
"{36F30C38-AB3F-48FD-951A-62D5E523480C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3A00A9B6-E7EF-4DC3-B82C-8963BE5A7D76}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{3BA2DFAB-C6F4-482E-BC25-D1061A0DD517}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52765873-D49F-408B-8582-F319CF33F6CA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52BC9310-6B71-420B-A836-E91BE155F5BF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{55D3DE3A-F2A1-4C5A-A3C8-A5F6F096338E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5FB1F5E6-7872-4AB9-9440-8384E5F2D3C1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E502732-6B66-4B67-A60A-580986299F36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E761F1A-05F0-4AEA-9F0A-9F231F886464}" = lport=3390 | protocol=6 | dir=in | app=system |
"{7F5EB351-42A8-484D-A5C6-49A700185939}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{842432AD-B2F3-40A7-A1F4-9072BD32F8F4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{858F099E-64FD-4170-8C2C-F4BB10F163DB}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{89E2C6C6-9E6A-4F52-A9A5-6D68D333323C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8BD1DA5B-A64F-4957-A971-AA92AD064F96}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9EE68571-D4CB-45FF-9F08-3918941E66D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A26B4421-B675-47D1-BA5C-9B06670C1AE3}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A63EA6EF-3430-474E-A331-40821FF8E489}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B57EEA43-C801-46FD-AF32-DC2A508BC3CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BB145CF9-7BA7-41F8-9E37-5F41EE7968C2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{BF9A4623-9450-468C-925B-778253F99CCF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C21ACC9A-AF0C-4232-97A1-21068E8A8472}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D1316AFE-E8F3-4F57-AC21-4057598A8880}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D8272F7A-95E7-464A-A5F0-9D0A8404F23B}" = lport=10244 | protocol=6 | dir=in | app=system |
"{DDCF6EFE-C748-4627-9FD2-C2B9F4A46505}" = lport=10244 | protocol=6 | dir=in | app=system |
"{E1C22D9B-5177-4083-84F4-B3095E28471C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2A4E9FA-E5B4-46E0-9810-AA1CA674A0BA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4ADDFAC-95E0-4BD7-A69F-20426BA41C3B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E94E422F-CFCD-4482-BC16-6C0008D68528}" = lport=3390 | protocol=6 | dir=in | app=system |
"{EC080FFD-7561-4C44-8873-D3484ADC4DB2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5FB819D-2C87-4A8D-ADEE-AC350DD597D1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAEFB72E-610C-40B3-AC5B-33BB3375B812}" = rport=2869 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{083BAF0D-810E-4E66-AEED-8907DE6E2624}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1789D1FA-A84A-42A4-A552-414F71E6F21C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{18D72C44-0A53-4449-AC87-487F1B77E3B2}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{1FDEC61A-C3B3-45A8-9011-AAF74E9A2DC4}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{2418A80F-2961-48B6-BA9B-72627102EA69}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{2D3D0BB0-025F-4E06-AD23-2113E9294A9D}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{341F5803-4B42-4BD8-B033-B2AE8C01B94D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3E9E06B9-D194-43F3-BB52-CD2C53DA22E4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{530B42A0-1820-4BF4-8FC1-C89272EC139E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{56E0D50E-3C5C-48A0-9DD1-8A99BF916238}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{57849F5F-9524-401B-8606-331B44BC624F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5856C73F-818E-4A5B-A64E-61C05E2EC4A8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5E266F92-0A3B-49DD-9C99-2588DA2531B4}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{6080A2E8-7BA2-4326-89C4-D4356F3C6860}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{6154198B-B81D-4100-B852-96989831CF7D}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{728D55CA-63CF-47F3-8E66-A12FAB49BFD0}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{7FDBD24D-0082-4CAF-BB05-0A4E0CB6E5D4}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{9597BAE6-9CBE-4D85-99DA-18E4C2956D78}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A242E042-68BA-40FA-B64A-298FE4DC7282}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A3F11FB8-1AC6-4896-81E3-185F59D5F7A2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AE871A7D-A08B-4B4E-9E2A-C0EEBAD0F50F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B9DFF1E9-4AF6-4279-9185-3BE032869DCA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BDDD9460-6C53-4454-9A2F-9C41C9241DDC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C9BC4BA9-3EE7-462B-A8DA-3BEB1040DBE7}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D0479CB6-2DE6-4954-B4E1-E44102DB4928}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E878E801-B899-44A0-A38A-EE205FF6183D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3861186-4EFB-4F28-85EB-19CAB995FBFB}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{FDAF0F54-9494-4AC1-873F-F460B7F3AA11}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{FDE498F0-F030-48AA-A9A5-2F07FB62C76C}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"TCP Query User{2E6FF742-8913-4976-B71B-AD2AB2C6C1B0}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{47FEE78D-085C-4749-9F71-A4BD0C558758}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{638EE790-7CF5-4A61-AFA8-FF70E99B8EC6}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{6535F786-A2B4-4DE2-B87C-9A3D37A081CE}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{85C6F183-0B8B-4013-89B5-FAB1E28EE31E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{86044997-1631-496B-8781-9F960770D107}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{E45C1F5C-42AD-4986-862B-9515CAC9F136}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{6BEED879-D8A3-4F74-80DF-2888425BF7DA}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{7652957D-E727-42EC-BF20-0CB9F20EA5DE}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{95CB4C37-34A0-420E-9313-141901EACCAB}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{999BB6CB-3849-4B19-AB8A-2496F1C5A19F}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{BF1C31E1-13FE-4D0A-BF34-5A93E6E364D2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{E06FE546-E115-43CC-8736-207C6CDDEE17}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{F398D69A-5E3B-4113-9E53-828AD0386542}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 16
"{26B914C5-5565-4C96-A40C-8E0228D6C457}" = WD SmartWare
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{2FDBDAE0-6FC9-CC7B-CAF4-C94434F9B4C0}" = TweetDeck
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39561278-78E9-4E0D-971F-0F13C7157BC8}" = Media Browser
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}" = eBay Toolbar Featuring Yahoo!
"{3FA00980-87FA-455C-A99B-2A95A2AF29F8}" = Norton Smartphone Security Documentation
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FFB3B34-D639-4384-9AE9-DDE58430D86F}" = MSCU for Microsoft Vista
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50681864-CDFD-4F11-9169-FD81A368E758}" = ESU for Microsoft Vista
"{5164E4B0-9CD0-454A-BAC0-6771A15EEB64}" = Air Mouse Server
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72A819E7-4146-B9EA-1292-C4A77F657B4E}" = eBay Desktop
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2FBA60-AF4A-11DD-AD8B-0800200C9A66}" = LiveUpload to YouTube
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9FE08B0-7804-43FF-8B90-04EEC285FFF6}" = Microsoft Office Live Add-in Patches
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AOP" = Norton AddOn Pack
"BatteryBar" = BatteryBar (remove only)
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"Browser Defender_is1" = Browser Defender 2.0.6.11
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Free Audio Dub_is1" = Free Audio Dub version 1.3
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.3
"Free Studio_is1" = Free Studio version 4.2
"Free Video Converter_is1" = Free Video Converter V 1.0
"Free Video Dub_is1" = Free Video Dub version 1.4
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.1
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 2.1
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.1
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 2.5
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist Corporate
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Iconix eMail ID" = Iconix® eMail ID
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"N360" = Norton 360
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PUBLISHERR" = Microsoft Office Publisher 2007
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"Shrink Pic" = Shrink Pic (remove)
"SmartAudio" = SmartAudio
"Spotify" = Spotify
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1" = TweetDeck
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2400098543-1109025889-639053156-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.1
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


I'll post the ComboFix logs next

#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:43 PM

Posted 19 January 2010 - 10:56 PM

:( Still here Waiting.

#12 rob335

rob335
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:43 PM

Posted 20 January 2010 - 07:40 AM

I'll try to post it when I get home

#13 rob335

rob335
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:43 PM

Posted 20 January 2010 - 01:34 PM

ComboFix Log:

ComboFix 10-01-19.08 - Rob 20/01/2010 17:44:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1982.1100 [GMT 0:00]
Running from: c:\users\Rob\Desktop\combofix.exe
Command switches used :: /killall
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2400098543-1109025889-639053156-500
c:\$recycle.bin\S-1-5-21-3411221701-3325101154-959618156-500
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\programdata\ntuser.dat{3b7866c3-7cc3-11dd-bbf0-001b246749cf}.TMContainer00000000000000000001.regtrans-ms
c:\users\Rob\AppData\Roaming\inst.exe
c:\windows\system32\oem49.inf
c:\windows\system32\oem62.inf
c:\windows\system32\oem76.inf
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wfxhelp22.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-12-20 to 2010-01-20 )))))))))))))))))))))))))))))))
.

2010-01-20 18:02 . 2010-01-20 18:11 -------- d-----w- c:\users\Rob\AppData\Local\temp
2010-01-17 12:20 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-17 12:20 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-06 11:56 . 2010-01-06 15:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-03 15:40 . 2010-01-03 15:40 -------- d-----w- c:\users\Rob\AppData\Local\Threat Expert
2010-01-01 14:06 . 2010-01-01 14:06 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-01-01 11:29 . 2010-01-01 11:29 -------- d-----w- c:\program files\CCleaner
2010-01-01 11:08 . 2010-01-01 11:08 103720 ----a-w- c:\users\Rob\GoToAssistDownloadHelper.exe
2009-12-31 13:51 . 2009-11-10 10:26 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-31 13:51 . 2009-11-10 10:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-31 13:51 . 2009-10-28 01:36 1152444 ----a-w- c:\windows\UDB.zip
2009-12-31 13:51 . 2008-11-26 12:08 131 ----a-w- c:\windows\IDB.zip
2009-12-31 13:51 . 2009-11-10 10:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-31 13:51 . 2009-11-10 10:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-31 13:45 . 2009-10-30 11:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-31 13:45 . 2009-10-30 11:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-12-31 13:43 . 2009-11-09 11:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-31 13:43 . 2009-10-06 16:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-31 13:41 . 2009-09-03 09:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-31 13:40 . 2009-12-31 13:53 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-31 13:40 . 2010-01-20 18:11 -------- d-----w- c:\program files\Spyware Doctor
2009-12-31 13:40 . 2009-12-31 13:40 -------- d-----w- c:\users\Rob\AppData\Roaming\PC Tools
2009-12-31 13:40 . 2009-12-31 13:40 -------- d-----w- c:\programdata\PC Tools
2009-12-30 18:25 . 2009-12-30 18:25 -------- d-----w- c:\programdata\WD_SmartWareCommon
2009-12-30 18:22 . 2009-12-30 18:22 -------- d-----w- c:\users\Rob\AppData\Local\Western_Digital
2009-12-30 18:21 . 2009-12-30 18:21 -------- d-----w- c:\users\Rob\AppData\Roaming\Western Digital
2009-12-30 18:21 . 2009-12-30 18:21 -------- d-----w- c:\programdata\Western Digital
2009-12-30 18:17 . 2009-12-30 18:17 -------- d-----w- c:\program files\Western Digital
2009-12-30 18:16 . 2009-12-30 18:16 -------- d-----w- c:\users\Rob\AppData\Local\Western Digital
2009-12-30 13:11 . 2009-12-30 13:11 -------- d-----w- c:\users\Rob\AppData\Roaming\Malwarebytes
2009-12-30 13:11 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:11 . 2009-12-30 13:11 -------- d-----w- c:\programdata\Malwarebytes
2009-12-30 13:11 . 2010-01-18 20:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 13:11 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 09:44 . 2009-12-27 09:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 18:14 . 2007-12-26 09:49 -------- d-----w- c:\programdata\Kontiki
2010-01-20 18:04 . 2007-12-08 09:01 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-20 17:32 . 2009-02-09 21:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-20 16:54 . 2008-06-28 10:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 19:40 . 2008-08-25 17:31 -------- d-----w- c:\programdata\Google Updater
2010-01-18 20:22 . 2010-01-18 20:22 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-18 19:19 . 2009-07-21 20:21 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-18 19:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-08 17:33 . 2009-08-26 12:47 -------- d-----w- c:\users\Rob\AppData\Roaming\FileZilla
2010-01-08 17:28 . 2009-08-26 12:57 -------- d-----w- c:\program files\FileZilla FTP Client
2010-01-06 12:56 . 2008-12-27 14:24 100701 ----a-w- c:\programdata\nvModes.dat
2010-01-03 15:11 . 2008-03-10 19:12 1356 ----a-w- c:\users\Rob\AppData\Local\d3d9caps.dat
2010-01-02 08:58 . 2009-10-23 11:20 -------- d-----w- c:\users\Rob\AppData\Roaming\Dropbox
2010-01-01 12:41 . 2008-04-26 09:08 -------- d-----w- c:\users\Rob\AppData\Roaming\Printer Info Cache
2010-01-01 12:21 . 2008-03-29 09:57 -------- d-----w- c:\program files\Common Files\Logitech
2009-12-31 15:44 . 2008-11-09 14:33 -------- d-----w- c:\programdata\HP Product Assistant
2009-12-31 15:44 . 2007-12-07 14:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-31 15:44 . 2009-02-26 20:35 -------- d-----w- c:\program files\Safari
2009-12-31 15:44 . 2009-09-24 17:21 -------- d-----w- c:\program files\BatteryBar
2009-12-31 15:44 . 2007-06-08 02:09 -------- d-----w- c:\program files\Microsoft Works
2009-12-30 17:07 . 2008-04-26 09:08 -------- d-----w- c:\users\Rob\AppData\Roaming\Image Zone Express
2009-12-30 08:40 . 2009-09-24 17:21 -------- d-----w- c:\users\Rob\AppData\Roaming\BatteryBar
2009-12-28 09:43 . 2009-12-28 09:43 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-27 09:48 . 2009-12-27 09:48 52224 ----a-w- c:\users\Rob\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-27 09:48 . 2009-12-27 09:48 117760 ----a-w- c:\users\Rob\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-19 13:54 . 2009-12-19 13:54 -------- d-----w- c:\program files\MSECache
2009-12-18 22:00 . 2009-12-18 22:00 -------- d-----w- c:\programdata\WindowsSearch
2009-12-18 20:48 . 2009-12-18 20:48 -------- d-----w- c:\programdata\NimiVisuals
2009-12-18 14:34 . 2009-12-18 14:12 -------- d-----w- c:\program files\Common Files\Akamai
2009-12-12 14:38 . 2009-12-10 16:57 -------- d-----w- c:\programdata\VMware
2009-12-10 21:02 . 2007-06-08 02:10 -------- d-----w- c:\programdata\Microsoft Help
2009-12-10 09:00 . 2010-01-20 17:10 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100119.051\CCERASER.DLL
2009-12-10 09:00 . 2010-01-17 11:58 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\CCERASER.DLL
2009-12-09 17:55 . 2009-12-06 11:12 -------- d-----w- c:\programdata\MediaBrowser
2009-12-09 17:43 . 2009-01-23 20:40 -------- d-----w- c:\program files\Opera
2009-12-08 14:52 . 2009-12-08 14:52 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-06 16:45 . 2008-08-04 15:54 -------- d-----w- c:\program files\Sun
2009-12-06 12:23 . 2009-12-06 12:23 -------- d-----w- c:\program files\ffdshow
2009-12-06 11:25 . 2009-12-06 11:25 1753088 ----a-w- c:\programdata\MediaBrowser\Plugins\mediainfo\mediainfo.dll
2009-12-06 11:23 . 2009-12-06 11:23 161280 ----a-w- c:\programdata\MediaBrowser\Plugins\mtn\swscale-0.dll
2009-12-06 11:23 . 2009-12-06 11:23 3018752 ----a-w- c:\programdata\MediaBrowser\Plugins\mtn\avcodec-51.dll
2009-12-06 11:23 . 2009-12-06 11:23 78848 ----a-w- c:\programdata\MediaBrowser\Plugins\mtn\mtn.exe
2009-12-06 11:23 . 2009-12-06 11:23 765952 ----a-w- c:\programdata\MediaBrowser\Plugins\mtn\bgd.dll
2009-12-06 11:23 . 2009-12-06 11:23 58880 ----a-w- c:\programdata\MediaBrowser\Plugins\mtn\avutil-49.dll
2009-12-06 11:23 . 2009-12-06 11:23 4608 ----a-w- c:\programdata\MediaBrowser\Plugins\mtn\avdevice-52.dll
2009-12-06 11:23 . 2009-12-06 11:23 435200 ----a-w- c:\programdata\MediaBrowser\Plugins\mtn\avformat-52.dll
2009-12-06 11:23 . 2009-12-06 11:23 2041856 ----a-w- c:\programdata\MediaBrowser\Plugins\MtnFrameGrabProvider.dll
2009-12-06 11:22 . 2009-12-06 11:18 1721344 ----a-w- c:\programdata\MediaBrowser\Plugins\MediaInfoProvider.dll
2009-12-06 11:21 . 2009-12-06 11:21 70656 ----a-w- c:\programdata\MediaBrowser\Plugins\DvrmsMetadataProvider.dll
2009-12-06 11:17 . 2009-12-06 11:17 12288 ----a-w- c:\programdata\MediaBrowser\Plugins\FilmTrailerPlugin.dll
2009-12-06 11:17 . 2009-12-06 11:17 10240 ----a-w- c:\programdata\MediaBrowser\Plugins\ITunesTrailers.dll
2009-12-06 11:11 . 2009-12-06 11:11 -------- d-----w- c:\program files\MediaBrowser
2009-12-03 19:45 . 2009-04-26 13:06 -------- d-----w- c:\program files\Common Files\Real
2009-11-30 12:27 . 2009-12-06 16:38 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-11-30 12:27 . 2009-12-06 16:32 41616 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-11-30 12:27 . 2009-11-30 12:27 100048 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-11-29 20:40 . 2008-01-08 19:59 -------- d-----w- c:\program files\Windows Live
2009-11-29 20:35 . 2009-11-29 20:35 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-25 21:16 . 2007-12-30 12:12 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-11-22 16:54 . 2009-04-01 19:04 -------- d-----w- c:\users\Rob\AppData\Roaming\Spotify
2009-11-21 06:40 . 2009-12-10 19:54 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 19:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-10 19:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-10 19:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 11:48 . 2009-11-29 09:53 872960 ----a-w- c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\lfu48u3r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 11:48 . 2009-11-29 09:53 43008 ----a-w- c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\lfu48u3r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 11:48 . 2009-11-29 09:53 340480 ----a-w- c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\lfu48u3r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 11:48 . 2009-11-29 09:53 346624 ----a-w- c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\lfu48u3r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-12 18:19 . 2009-11-12 18:19 46 ----a-w- c:\windows\system32\DonationCoder_desktopcoral_InstallInfo.dat
2009-11-12 18:19 . 2009-11-12 18:19 46 ----a-w- c:\users\Rob\AppData\Local\DonationCoder_desktopcoral_InstallInfo.dat
2009-11-09 12:31 . 2009-12-12 16:59 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-12 16:58 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-12 16:58 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-02 20:42 . 2009-11-01 17:15 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 11:43 . 2009-11-01 11:43 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb51DA.tmp.exe
2009-10-30 09:46 . 2009-10-30 09:46 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 09:17 . 2009-11-25 21:46 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 23:08 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-03-31 21:47 . 2009-02-09 19:18 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-03 198160]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2009-12-03 136744]

c:\users\Mum and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-11 805392]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-9-4 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-9-4 8975680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSearchFilesInStartMenu"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-01-01 11:08 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Rob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Shrink Pic.lnk]
backup=c:\windows\pss\Shrink Pic.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(B):ff,c3,6f,6e,47,0a,ca,01

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [31/12/2009 13:43 207792]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [12/09/2009 14:24 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [12/09/2009 14:24 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [12/09/2009 14:24 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSvix86.sys [20/01/2010 17:10 343088]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16:26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16:26 74480]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [31/12/2009 13:51 112592]
R2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [01/08/2008 11:53 282968]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [12/09/2009 14:22 117640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [06/01/2010 11:56 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [31/12/2009 13:40 359624]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [04/09/2009 15:22 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 09:58 20480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/08/2009 08:00 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [12/09/2009 14:24 48688]
S2 gupdate1c9d4d15cffcc03;Google Update Service (gupdate1c9d4d15cffcc03);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 20:19 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [01/03/2008 14:51 84832]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [26/07/2008 08:12 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [29/11/2009 20:41 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\System32\drivers\netaapl.sys [29/05/2009 12:36 17408]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16:27 7408]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [30/11/2009 12:27 100048]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam.sys [13/02/2009 12:02 11520]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;"c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" --> c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10/07/2008 01:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);"c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS --> c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-07 18:42]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 20:19]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 20:19]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2400098543-1109025889-639053156-1000Core.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-03 19:32]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2400098543-1109025889-639053156-1000UA.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-03 19:32]

2010-01-20 c:\windows\Tasks\User_Feed_Synchronization-{085998C7-F81B-4EB7-AD2C-B831EF19DD67}.job
- c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]

2010-01-20 c:\windows\Tasks\User_Feed_Synchronization-{72A04D72-B6CB-4BE2-A8D5-E377AE5F9093}.job
- c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Subscribe with ArchosLink
IE: E&xport to Microsoft Excel
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - hxxps://www.coolroom.com/ActiveX/ax.dll
DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - hxxp://tiga.socialgo.com/application/external/dist/OzDesktopImporter.cab
FF - ProfilePath - c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\lfu48u3r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|http://forums.x10hosting.com
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\lfu48u3r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Rob\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\Search Settings\kb127\SearchSettings.dll
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\Search Settings\kb127\SearchSettings.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-Mail - (no file)



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 7.0\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 7.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Norton 360\AddOns\Norton AddOn Pack\Engine\3.7.0.23\ccProxy.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DllHost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\Bubbles.scr
c:\users\Rob\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2010-01-20 18:21:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-20 18:20

Pre-Run: 34,210,414,592 bytes free
Post-Run: 35,195,449,344 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - FB0DC11CED2DA1FFEB619C5186399FD0

Edited by rob335, 20 January 2010 - 01:35 PM.


#14 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:43 PM

Posted 20 January 2010 - 02:09 PM

Hi rob335,



Step1
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]

DDS::
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {4E7BD74F-2B8D-469E-95BA-ED6DB186BE32} - No File
TB: {00000000-0000-0000-0000-000000000000} - No File

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step2


Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 18...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:

    Java™ 6 Update 16
    Java™ SE Runtime Environment 6
    Java™ 6 Update 3
    Java™ 6 Update 5
    Java™ 6 Update 7

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version.
  • After that, please clear your java cache as instructed in this thread .


Step3


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step4


Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.

1.ComboFix log
2.Kas Online Scan Report

Tell me how things are going now.

#15 rob335

rob335
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:06:43 PM

Posted 20 January 2010 - 03:58 PM

ComboFix Log:

ComboFix 10-01-19.08 - Rob 20/01/2010 20:34:46.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1982.930 [GMT 0:00]
Running from: c:\users\Rob\Desktop\ComboFix.exe
Command switches used :: c:\users\Rob\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-20 to 2010-01-20 )))))))))))))))))))))))))))))))
.

2010-01-20 20:49 . 2010-01-20 20:49 -------- d-----w- c:\users\Rob\AppData\Local\temp
2010-01-20 20:49 . 2010-01-20 20:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-20 20:49 . 2010-01-20 20:49 -------- d-----w- c:\users\Mum and Dad\AppData\Local\temp
2010-01-20 20:49 . 2010-01-20 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-18 20:22 . 2010-01-18 20:22 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-17 12:20 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-17 12:20 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-06 11:56 . 2010-01-06 15:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-03 15:40 . 2010-01-03 15:40 -------- d-----w- c:\users\Rob\AppData\Local\Threat Expert
2010-01-01 14:06 . 2010-01-01 14:06 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-01-01 11:29 . 2010-01-01 11:29 -------- d-----w- c:\program files\CCleaner
2010-01-01 11:08 . 2010-01-01 11:08 103720 ----a-w- c:\users\Rob\GoToAssistDownloadHelper.exe
2009-12-31 13:51 . 2009-11-10 10:26 767952 ----a-w- c:\windows\BDTSupport.dll
2009-12-31 13:51 . 2009-11-10 10:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-12-31 13:51 . 2009-10-28 01:36 1152444 ----a-w- c:\windows\UDB.zip
2009-12-31 13:51 . 2008-11-26 12:08 131 ----a-w- c:\windows\IDB.zip
2009-12-31 13:51 . 2009-11-10 10:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-12-31 13:51 . 2009-11-10 10:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2009-12-31 13:45 . 2009-10-30 11:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-31 13:45 . 2009-10-30 11:09 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-12-31 13:43 . 2009-11-09 11:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-31 13:43 . 2009-10-06 16:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-31 13:41 . 2009-09-03 09:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-31 13:40 . 2009-12-31 13:53 -------- d-----w- c:\program files\Common Files\PC Tools
2009-12-31 13:40 . 2010-01-20 20:41 -------- d-----w- c:\program files\Spyware Doctor
2009-12-31 13:40 . 2009-12-31 13:40 -------- d-----w- c:\users\Rob\AppData\Roaming\PC Tools
2009-12-31 13:40 . 2009-12-31 13:40 -------- d-----w- c:\programdata\PC Tools
2009-12-30 18:25 . 2009-12-30 18:25 -------- d-----w- c:\programdata\WD_SmartWareCommon
2009-12-30 18:22 . 2009-12-30 18:22 -------- d-----w- c:\users\Rob\AppData\Local\Western_Digital
2009-12-30 18:21 . 2009-12-30 18:21 -------- d-----w- c:\users\Rob\AppData\Roaming\Western Digital
2009-12-30 18:21 . 2009-12-30 18:21 -------- d-----w- c:\programdata\Western Digital
2009-12-30 18:17 . 2009-12-30 18:17 -------- d-----w- c:\program files\Western Digital
2009-12-30 18:16 . 2009-12-30 18:16 -------- d-----w- c:\users\Rob\AppData\Local\Western Digital
2009-12-30 13:11 . 2009-12-30 13:11 -------- d-----w- c:\users\Rob\AppData\Roaming\Malwarebytes
2009-12-30 13:11 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:11 . 2009-12-30 13:11 -------- d-----w- c:\programdata\Malwarebytes
2009-12-30 13:11 . 2010-01-18 20:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 13:11 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-28 09:43 . 2009-12-28 09:43 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-12-27 09:48 . 2009-12-27 09:48 52224 ----a-w- c:\users\Rob\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-27 09:48 . 2009-12-27 09:48 117760 ----a-w- c:\users\Rob\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-27 09:44 . 2009-12-27 09:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 20:50 . 2007-12-26 09:49 -------- d-----w- c:\programdata\Kontiki
2010-01-20 20:41 . 2008-08-25 17:31 -------- d-----w- c:\programdata\Google Updater
2010-01-20 18:04 . 2007-12-08 09:01 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-20 17:32 . 2009-02-09 21:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-20 16:54 . 2008-06-28 10:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 19:19 . 2009-07-21 20:21 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-18 19:12 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-08 17:33 . 2009-08-26 12:47 -------- d-----w- c:\users\Rob\AppData\Roaming\FileZilla
2010-01-08 17:28 . 2009-08-26 12:57 -------- d-----w- c:\program files\FileZilla FTP Client
2010-01-06 12:56 . 2008-12-27 14:24 100701 ----a-w- c:\programdata\nvModes.dat
2010-01-03 15:11 . 2008-03-10 19:12 1356 ----a-w- c:\users\Rob\AppData\Local\d3d9caps.dat
2010-01-02 08:58 . 2009-10-23 11:20 -------- d-----w- c:\users\Rob\AppData\Roaming\Dropbox
2010-01-01 12:41 . 2008-04-26 09:08 -------- d-----w- c:\users\Rob\AppData\Roaming\Printer Info Cache
2010-01-01 12:21 . 2008-03-29 09:57 -------- d-----w- c:\program files\Common Files\Logitech
2009-12-31 15:44 . 2008-11-09 14:33 -------- d-----w- c:\programdata\HP Product Assistant
2009-12-31 15:44 . 2007-12-07 14:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-31 15:44 . 2009-02-26 20:35 -------- d-----w- c:\program files\Safari
2009-12-31 15:44 . 2009-09-24 17:21 -------- d-----w- c:\program files\BatteryBar
2009-12-31 15:44 . 2007-06-08 02:09 -------- d-----w- c:\program files\Microsoft Works
2009-12-30 17:07 . 2008-04-26 09:08 -------- d-----w- c:\users\Rob\AppData\Roaming\Image Zone Express
2009-12-30 08:40 . 2009-09-24 17:21 -------- d-----w- c:\users\Rob\AppData\Roaming\BatteryBar
2009-12-19 13:54 . 2009-12-19 13:54 -------- d-----w- c:\program files\MSECache
2009-12-18 22:00 . 2009-12-18 22:00 -------- d-----w- c:\programdata\WindowsSearch
2009-12-18 20:48 . 2009-12-18 20:48 -------- d-----w- c:\programdata\NimiVisuals
2009-12-18 14:34 . 2009-12-18 14:12 -------- d-----w- c:\program files\Common Files\Akamai
2009-12-12 14:38 . 2009-12-10 16:57 -------- d-----w- c:\programdata\VMware
2009-12-10 21:02 . 2007-06-08 02:10 -------- d-----w- c:\programdata\Microsoft Help
2009-12-10 09:00 . 2010-01-20 17:10 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100119.051\CCERASER.DLL
2009-12-10 09:00 . 2010-01-17 11:58 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100116.021\CCERASER.DLL
2009-12-09 17:55 . 2009-12-06 11:12 -------- d-----w- c:\programdata\MediaBrowser
2009-12-09 17:43 . 2009-01-23 20:40 -------- d-----w- c:\program files\Opera
2009-12-08 14:52 . 2009-12-08 14:52 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-06 16:45 . 2008-08-04 15:54 -------- d-----w- c:\program files\Sun
2009-12-06 12:23 . 2009-12-06 12:23 -------- d-----w- c:\program files\ffdshow
2009-12-06 11:25 . 2009-12-06 11:25 1753088 ----a-w- c:\programdata\MediaBrowser\Plugins\mediainfo\mediainfo.dll
2009-12-06 11:23 . 2009-12-06 11:23 161280 ----a-w- c:\programdata\MediaBrowser\Plugins\mtn\swscale-0.dll
2009-12-06 11:23 . 2009-12-06 11:23 3018752 ----a-w- c:\programdata\MediaBrowser\Plugins\mtn\avcodec-51.dll
2009-12-06 11:23 . 2009-12-06 11:23 78848 ----a-w- c:\programdata\MediaBrowser\Plugins\mtn\mtn.exe
2009-12-06 11:23 . 2009-12-06 11:23 765952 ----a-w- c:\programdata\MediaBrowser\Plugins\mtn\bgd.dll
2009-12-06 11:23 . 2009-12-06 11:23 58880 ----a-w- c:\programdata\MediaBrowser\Plugins\mtn\avutil-49.dll
2009-12-06 11:23 . 2009-12-06 11:23 4608 ----a-w- c:\programdata\MediaBrowser\Plugins\mtn\avdevice-52.dll
2009-12-06 11:23 . 2009-12-06 11:23 435200 ----a-w- c:\programdata\MediaBrowser\Plugins\mtn\avformat-52.dll
2009-12-06 11:23 . 2009-12-06 11:23 2041856 ----a-w- c:\programdata\MediaBrowser\Plugins\MtnFrameGrabProvider.dll
2009-12-06 11:22 . 2009-12-06 11:18 1721344 ----a-w- c:\programdata\MediaBrowser\Plugins\MediaInfoProvider.dll
2009-12-06 11:21 . 2009-12-06 11:21 70656 ----a-w- c:\programdata\MediaBrowser\Plugins\DvrmsMetadataProvider.dll
2009-12-06 11:17 . 2009-12-06 11:17 12288 ----a-w- c:\programdata\MediaBrowser\Plugins\FilmTrailerPlugin.dll
2009-12-06 11:17 . 2009-12-06 11:17 10240 ----a-w- c:\programdata\MediaBrowser\Plugins\ITunesTrailers.dll
2009-12-06 11:11 . 2009-12-06 11:11 -------- d-----w- c:\program files\MediaBrowser
2009-12-03 19:45 . 2009-04-26 13:06 -------- d-----w- c:\program files\Common Files\Real
2009-11-30 12:27 . 2009-12-06 16:38 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-11-30 12:27 . 2009-12-06 16:32 41616 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-11-30 12:27 . 2009-11-30 12:27 100048 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-11-29 20:40 . 2008-01-08 19:59 -------- d-----w- c:\program files\Windows Live
2009-11-29 20:35 . 2009-11-29 20:35 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-25 21:16 . 2007-12-30 12:12 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-11-22 16:54 . 2009-04-01 19:04 -------- d-----w- c:\users\Rob\AppData\Roaming\Spotify
2009-11-21 06:40 . 2009-12-10 19:54 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 19:54 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-10 19:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-10 19:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-19 11:48 . 2009-11-29 09:53 872960 ----a-w- c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\lfu48u3r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 11:48 . 2009-11-29 09:53 43008 ----a-w- c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\lfu48u3r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 11:48 . 2009-11-29 09:53 340480 ----a-w- c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\lfu48u3r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 11:48 . 2009-11-29 09:53 346624 ----a-w- c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\lfu48u3r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-12 18:19 . 2009-11-12 18:19 46 ----a-w- c:\windows\system32\DonationCoder_desktopcoral_InstallInfo.dat
2009-11-12 18:19 . 2009-11-12 18:19 46 ----a-w- c:\users\Rob\AppData\Local\DonationCoder_desktopcoral_InstallInfo.dat
2009-11-09 12:31 . 2009-12-12 16:59 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-12 16:58 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-12 16:58 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-02 20:42 . 2009-11-01 17:15 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 11:43 . 2009-11-01 11:43 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb51DA.tmp.exe
2009-10-30 09:46 . 2009-10-30 09:46 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 09:17 . 2009-11-25 21:46 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 23:08 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-03-31 21:47 . 2009-02-09 19:18 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-03 198160]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2009-12-03 136744]

c:\users\Mum and Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-8-11 805392]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-9-4 2049344]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-9-4 8975680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSearchFilesInStartMenu"= 1 (0x1)
"NoThumbnailCache"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-01-01 11:08 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Rob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Shrink Pic.lnk]
backup=c:\windows\pss\Shrink Pic.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ff,c3,6f,6e,47,0a,ca,01

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [31/12/2009 13:43 207792]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [12/09/2009 14:24 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [12/09/2009 14:24 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [12/09/2009 14:24 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100119.001\IDSvix86.sys [20/01/2010 17:10 343088]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16:26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16:26 74480]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [31/12/2009 13:51 112592]
R2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [01/08/2008 11:53 282968]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [12/09/2009 14:22 117640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [06/01/2010 11:56 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [31/12/2009 13:40 359624]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [04/09/2009 15:22 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 09:58 20480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26/08/2009 08:00 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [12/09/2009 14:24 48688]
S2 gupdate1c9d4d15cffcc03;Google Update Service (gupdate1c9d4d15cffcc03);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 20:19 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [01/03/2008 14:51 84832]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [26/07/2008 08:12 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [29/11/2009 20:41 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\System32\drivers\netaapl.sys [29/05/2009 12:36 17408]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16:27 7408]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [30/11/2009 12:27 100048]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam.sys [13/02/2009 12:02 11520]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;"c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" --> c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [?]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [10/07/2008 01:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);"c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS --> c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-07 18:42]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 20:19]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 20:19]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2400098543-1109025889-639053156-1000Core.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-03 19:32]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2400098543-1109025889-639053156-1000UA.job
- c:\users\Rob\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-03 19:32]

2010-01-20 c:\windows\Tasks\User_Feed_Synchronization-{085998C7-F81B-4EB7-AD2C-B831EF19DD67}.job
- c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]

2010-01-20 c:\windows\Tasks\User_Feed_Synchronization-{72A04D72-B6CB-4BE2-A8D5-E377AE5F9093}.job
- c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Subscribe with ArchosLink
IE: E&xport to Microsoft Excel
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
DPF: {678940D3-080C-4FCE-A54D-D443E1177F01} - hxxps://www.coolroom.com/ActiveX/ax.dll
DPF: {C42B23DF-334C-4AD0-9AB4-91FF53D04239} - hxxp://tiga.socialgo.com/application/external/dist/OzDesktopImporter.cab
FF - ProfilePath - c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\lfu48u3r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|http://forums.x10hosting.com
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\Rob\AppData\Roaming\Mozilla\Firefox\Profiles\lfu48u3r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 20:49
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 7.0\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 7.0\my.ini\" MySQL"
.
Completion time: 2010-01-20 20:56:13
ComboFix-quarantined-files.txt 2010-01-20 20:56
ComboFix2.txt 2010-01-20 18:21

Pre-Run: 34,837,098,496 bytes free
Post-Run: 34,786,705,408 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 1CED9481FDA998C800AFA7EC2EDAAF40




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users