Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to install security programs


  • This topic is locked This topic is locked
28 replies to this topic

#1 LaCritique

LaCritique

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 17 February 2010 - 09:56 PM

Hi all,
Had some problems with installing programs at the moment, I'm trying to keep on top of my system being clean and all. At present I cannot install any of the following for example Ad-Aware, Spybot, Housecall, CWS Shredder (updater) etc which worries me. Whenever I try installing programs I generally get messages stating: 'FILE CORRUPT' in the case of spybot it won't let me install the core component spybot files during midway through its installation. Did a combofix earlier on which has settled nothing but alas I am informed on the rules not to post about that so here are my details:

Defogger done.


DDS (Ver_09-12-01.01) - NTFSx86
Run by John Paul at 2:30:42.51 on 18/02/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1658 [GMT 0:00]

SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\John Paul\Desktop\gmer\gmer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Users\John Paul\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\johnpa~1\appdata\roaming\mozilla\firefox\profiles\zhf14hga.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/webhp?hl=en
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\john paul\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-12 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-3-2 130960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-3-2 29520]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-12 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-12 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-12 56816]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-17 1153368]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]
S3 F;F;c:\users\johnpa~1\appdata\local\temp\f.exe --> c:\users\johnpa~1\appdata\local\temp\F.exe [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-5-3 13224]
S3 VBLEXWFEHIZVZ;VBLEXWFEHIZVZ;c:\users\johnpa~1\appdata\local\temp\vblexwfehizvz.exe --> c:\users\johnpa~1\appdata\local\temp\VBLEXWFEHIZVZ.exe [?]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-26 193840]
S4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-26 365952]

=============== Created Last 30 ================

2010-02-18 02:09:05 204 ----a-w- c:\users\john paul\defogger_reenable
2010-02-18 01:56:24 0 d-sh--w- C:\$RECYCLE.BIN
2010-02-18 01:30:54 77312 ----a-w- c:\windows\MBR.exe
2010-02-18 01:30:53 98816 ----a-w- c:\windows\sed.exe
2010-02-18 01:30:53 261632 ----a-w- c:\windows\PEV.exe
2010-02-18 01:30:53 161792 ----a-w- c:\windows\SWREG.exe
2010-02-18 00:29:22 120709304 ----a-w- c:\windows\system32\DNTQ
2010-02-18 00:09:42 0 d-----w- c:\program files\Trend Micro
2010-02-17 23:09:42 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-17 23:08:42 0 d-----w- c:\users\johnpa~1\appdata\roaming\SUPERAntiSpyware.com
2010-02-17 23:08:42 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-17 22:47:05 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-17 22:47:05 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-13 21:06:43 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-02-13 21:05:07 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-13 21:05:07 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-13 14:18:51 0 d-----w- c:\users\johnpa~1\appdata\roaming\Malwarebytes
2010-02-13 14:18:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-13 14:18:13 0 d-----w- c:\programdata\Malwarebytes
2010-02-13 14:18:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-13 14:18:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-13 03:10:11 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-13 03:10:10 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-13 03:10:04 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-13 03:10:04 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-13 03:09:33 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-13 03:09:32 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-13 03:09:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-13 03:09:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-13 03:09:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-13 03:09:32 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-13 03:09:31 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-13 03:09:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-13 03:09:31 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-13 03:08:52 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-13 03:08:52 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 19:09:47 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
2010-02-10 19:08:25 0 d-----w- c:\programdata\Affinegy
2010-02-10 19:08:25 0 d-----w- c:\program files\Virgin Broadband Wireless
2010-02-06 22:29:41 0 d-----w- c:\programdata\Trusteer
2010-02-06 21:52:10 0 d-----w- c:\program files\iPod

==================== Find3M ====================

2010-02-18 02:11:33 161159 ----a-w- c:\programdata\nvModes.dat
2010-02-16 00:02:11 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-13 21:08:16 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-13 21:08:15 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-06 22:40:39 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-06 22:40:39 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-06 22:40:39 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-30 23:09:52 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-30 22:54:31 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-30 22:29:49 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-04-26 01:39:21 2 --shatr- c:\windows\winstart.bat
2009-10-17 12:00:42 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-11-18 18:17:53 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-10-26 10:07:17 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 2:31:24.30 ===============


If you want a HJT!log etc then let me know what else I can do. Thanks alot in advance.
JLC

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 AM

Posted 20 February 2010 - 01:20 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 LaCritique

LaCritique
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 20 February 2010 - 02:23 PM

OTL logfile created on: 20/02/2010 18:57:47 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\John Paul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.27 Gb Total Space | 53.32 Gb Free Space | 23.99% Space Free | Partition Type: NTFS
Drive D: | 10.61 Gb Total Space | 1.79 Gb Free Space | 16.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEANLACRITIQUE
Current User Name: John Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/20 18:56:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\John Paul\Desktop\OTL.exe
PRC - [2010/02/20 01:11:51 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/02/06 22:40:28 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/02/06 22:40:25 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/01/22 19:16:42 | 000,141,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/11 21:39:51 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/10/11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/07/23 15:39:04 | 000,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 06:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 15:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/30 11:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/08/01 23:14:02 | 000,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008/06/09 18:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2008/04/17 18:05:20 | 000,103,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/04/17 18:05:10 | 001,049,896 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/01/21 02:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/10/17 23:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (SafeList) ==========

MOD - [2010/02/20 18:56:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\John Paul\Desktop\OTL.exe
MOD - [2009/04/11 06:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (VBLEXWFEHIZVZ)
SRV - File not found [On_Demand | Stopped] -- -- (F)
SRV - [2010/02/06 22:40:25 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/11/29 15:50:41 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/11 21:39:51 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/07/23 15:39:04 | 000,211,488 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/09 14:56:48 | 000,094,208 | ---- | M] (Hewlett-Packard) [Disabled | Stopped] -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/10/06 16:54:52 | 000,365,952 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/30 11:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/06/09 18:21:58 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/05/01 23:25:56 | 000,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/04/03 18:33:26 | 000,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/02/03 19:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/17 23:37:04 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/05/28 16:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/11/02 12:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 21:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 10:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/02/18 22:34:46 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 22:34:46 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/18 22:34:46 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/06 22:40:50 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (Inspect)
DRV - [2010/02/06 22:40:39 | 000,130,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/02/06 22:40:39 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/12/30 23:09:52 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/09/05 16:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/28 18:42:52 | 000,040,448 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/08/21 20:24:04 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/19 16:21:49 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/03 22:05:15 | 000,024,616 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/05/03 22:05:15 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/04/30 22:03:08 | 006,754,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC)
DRV - [2009/04/30 22:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 15:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/11 04:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/03/30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/26 07:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/02/17 19:56:16 | 000,039,488 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Pcouffin.sys -- (Pcouffin)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/10/26 10:07:16 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/10/26 10:07:16 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/10/26 10:07:16 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/16 03:00:00 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/05/26 16:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2008/04/24 22:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/04/17 18:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/21 02:23:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2008/01/21 02:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 02:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/21 02:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/11/01 01:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 01:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/11/01 01:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 23:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/25 08:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117obex.sys -- (s117obex)
DRV - [2007/06/25 08:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 08:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/25 08:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV - [2007/06/25 08:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV - [2007/06/25 08:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 08:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2007/06/19 00:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 06:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/18 22:26:58 | 000,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/03/18 02:24:59 | 000,026,844 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2005/11/24 11:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt73.sys -- (RT73)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-309953292-3820396624-3086073273-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-309953292-3820396624-3086073273-1000\S-1-5-21-309953292-3820396624-3086073273-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-309953292-3820396624-3086073273-1000\S-1-5-21-309953292-3820396624-3086073273-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bleepingcomputer.com/forums/t/296615/unable-to-install-security-programs/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.2
FF - prefs.js..extensions.enabledItems: fabtab@captaincaveman.nl:1.3.4.1
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.6.2
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: scrapbookplus@addons.mozilla.org:1.7.17.29
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/20 01:11:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/20 01:11:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/02/06 21:47:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/02/06 21:47:52 | 000,000,000 | ---D | M]

[2009/11/29 01:15:18 | 000,000,000 | ---D | M] -- C:\Users\John Paul\AppData\Roaming\Mozilla\Extensions
[2009/11/29 01:15:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John Paul\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/02/19 23:14:33 | 000,000,000 | ---D | M] -- C:\Users\John Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zhf14hga.default\extensions
[2010/02/06 22:45:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zhf14hga.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/07/01 13:46:10 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\John Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zhf14hga.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/02/16 00:36:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\John Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zhf14hga.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/07/12 16:41:18 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\John Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zhf14hga.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/11/28 21:32:52 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\John Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zhf14hga.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/01/22 22:49:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\John Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zhf14hga.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/16 00:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zhf14hga.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/01/22 22:49:15 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\John Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zhf14hga.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/12/30 20:44:14 | 000,000,000 | ---D | M] -- C:\Users\John Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zhf14hga.default\extensions\fabtab@captaincaveman.nl
[2010/02/13 17:32:22 | 000,000,000 | ---D | M] -- C:\Users\John Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zhf14hga.default\extensions\facepad@lazyrussian.com
[2010/01/22 22:49:19 | 000,000,000 | ---D | M] -- C:\Users\John Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zhf14hga.default\extensions\personas@christopher.beard
[2010/02/18 00:08:44 | 000,000,000 | ---D | M] -- C:\Users\John Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zhf14hga.default\extensions\scrapbookplus@addons.mozilla.org
[2009/11/29 01:15:18 | 000,000,000 | ---D | M] -- C:\Users\John Paul\AppData\Roaming\Mozilla\SeaMonkey\Profiles\8lyyf387.default\extensions
[2010/02/19 23:14:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/06/24 12:14:16 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/06/24 12:14:16 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/06/24 12:14:16 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/06/24 12:14:16 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-309953292-3820396624-3086073273-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-309953292-3820396624-3086073273-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-309953292-3820396624-3086073273-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Windows\ACD Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 02:34:27 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/20 18:56:31 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\John Paul\Desktop\OTL.exe
[2010/02/20 18:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/02/20 18:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/02/20 00:51:15 | 000,000,000 | ---D | C] -- C:\Users\John Paul\DoctorWeb
[2010/02/19 00:20:36 | 000,000,000 | ---D | C] -- C:\Users\John Paul\Desktop\Spyware tools
[2010/02/18 18:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2010/02/18 01:56:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/18 01:56:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/02/18 01:56:19 | 000,000,000 | ---D | C] -- C:\Users\John Paul\AppData\Local\temp
[2010/02/18 01:30:54 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/18 01:30:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/18 01:30:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/18 01:30:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/18 01:26:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/18 01:26:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/18 01:26:26 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/02/18 00:09:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/17 23:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/02/17 23:08:42 | 000,000,000 | ---D | C] -- C:\Users\John Paul\AppData\Roaming\SUPERAntiSpyware.com
[2010/02/17 23:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/17 22:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/13 21:06:43 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/02/13 21:05:07 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/13 21:05:07 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/13 14:18:51 | 000,000,000 | ---D | C] -- C:\Users\John Paul\AppData\Roaming\Malwarebytes
[2010/02/13 14:18:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/13 14:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/13 14:18:02 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/13 14:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/13 03:09:33 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/13 03:09:31 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/13 03:09:31 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/13 03:09:31 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/10 19:09:47 | 000,027,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Windows\System32\drivers\AFGSp50.sys
[2010/02/10 19:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Broadband Wireless
[2010/02/10 19:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Affinegy
[2010/02/07 00:11:24 | 000,000,000 | ---D | C] -- C:\Users\John Paul\AppData\Roaming\vlc
[2010/02/06 22:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2010/02/06 21:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/06 21:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/01/22 22:31:45 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/01/22 22:31:44 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/01/22 22:31:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/22 22:31:30 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/01/22 22:31:30 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/01/22 22:31:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/01/22 22:31:30 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/01/22 22:31:30 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/01/22 22:31:29 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/01/22 22:31:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/01/22 22:31:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/01/22 22:31:29 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/01/22 22:31:29 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/01/22 22:31:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/01/22 22:31:29 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/01/22 22:31:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

========== Files - Modified Within 30 Days ==========

[2010/02/20 19:01:59 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-309953292-3820396624-3086073273-1000UA.job
[2010/02/20 18:57:05 | 002,883,584 | ---- | M] () -- C:\Users\John Paul\ntuser.dat
[2010/02/20 18:56:43 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\John Paul\Desktop\OTL.exe
[2010/02/20 18:47:00 | 000,161,159 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/20 18:47:00 | 000,161,159 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/20 18:45:11 | 000,704,552 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/20 18:45:11 | 000,604,284 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/20 18:45:11 | 000,107,506 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/20 18:38:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/20 18:38:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/20 18:38:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/20 18:38:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/20 18:38:09 | 2951,032,832 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/20 16:33:11 | 000,524,288 | -HS- | M] () -- C:\Users\John Paul\ntuser.dat{e87807a7-88d1-11de-867d-001f165dcc21}.TMContainer00000000000000000001.regtrans-ms
[2010/02/20 16:33:11 | 000,065,536 | -HS- | M] () -- C:\Users\John Paul\ntuser.dat{e87807a7-88d1-11de-867d-001f165dcc21}.TM.blf
[2010/02/20 16:30:33 | 003,565,822 | -H-- | M] () -- C:\Users\John Paul\AppData\Local\IconCache.db
[2010/02/20 01:01:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-309953292-3820396624-3086073273-1000Core.job
[2010/02/19 00:32:31 | 002,218,038 | ---- | M] () -- C:\Windows\ACD Wallpaper.bmp
[2010/02/18 19:09:10 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/18 19:08:01 | 000,147,968 | ---- | M] () -- C:\Users\John Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/18 18:37:22 | 000,000,792 | ---- | M] () -- C:\Users\John Paul\Desktop\WinDirStat.lnk
[2010/02/18 02:09:37 | 000,000,204 | ---- | M] () -- C:\Users\John Paul\defogger_reenable
[2010/02/18 01:51:58 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/18 00:38:00 | 120,709,304 | ---- | M] () -- C:\Windows\System32\DNTQ
[2010/02/17 22:22:48 | 000,025,088 | ---- | M] () -- C:\Users\John Paul\Documents\Draft odeon email.doc
[2010/02/17 00:56:19 | 000,000,680 | ---- | M] () -- C:\Users\John Paul\AppData\Local\d3d9caps.dat
[2010/02/13 03:02:40 | 000,002,066 | ---- | M] () -- C:\Users\John Paul\Desktop\Google Chrome.lnk
[2010/02/07 00:11:00 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/02/06 22:40:50 | 000,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010/02/06 22:40:39 | 000,171,552 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2010/02/06 22:40:39 | 000,130,960 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2010/02/06 22:40:39 | 000,029,520 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2010/02/06 22:08:15 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Users\John Paul\Documents\utorrent.exe

========== Files Created - No Company Name ==========

[2010/02/20 15:13:04 | 000,001,659 | ---- | C] () -- C:\Users\John Paul\Desktop\Command Prompt.lnk
[2010/02/18 18:37:22 | 000,000,792 | ---- | C] () -- C:\Users\John Paul\Desktop\WinDirStat.lnk
[2010/02/18 02:09:05 | 000,000,204 | ---- | C] () -- C:\Users\John Paul\defogger_reenable
[2010/02/18 01:30:54 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/18 01:30:53 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/18 01:30:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/18 01:30:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/18 01:30:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/18 01:30:10 | 2951,032,832 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/18 00:29:22 | 120,709,304 | ---- | C] () -- C:\Windows\System32\DNTQ
[2010/02/17 22:22:47 | 000,025,088 | ---- | C] () -- C:\Users\John Paul\Documents\Draft odeon email.doc
[2010/02/07 00:11:00 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/02/06 21:53:19 | 000,002,191 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/12/30 21:13:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/01 14:52:53 | 000,000,221 | ---- | C] () -- C:\Users\John Paul\AppData\Roaming\default.rss
[2009/08/01 13:51:49 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/07/28 21:23:37 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/06/09 18:21:51 | 000,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI
[2009/05/08 09:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/04/30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009/04/30 15:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/04/22 00:45:33 | 000,000,025 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
[2009/04/14 12:41:21 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
[2009/03/13 20:07:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\F5D9050.dll
[2009/03/13 20:02:07 | 000,000,525 | ---- | C] () -- C:\Windows\System32\ucuiinfo.ini
[2009/03/11 00:48:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/11 00:22:11 | 000,122,880 | ---- | C] () -- C:\Windows\System32\cddvdint.dll
[2009/02/21 17:20:23 | 000,000,680 | ---- | C] () -- C:\Users\John Paul\AppData\Local\d3d9caps.dat
[2009/02/21 17:05:24 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/02/15 15:58:35 | 000,161,159 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/02/14 13:30:09 | 000,161,159 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/11 23:42:15 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/02/11 16:21:34 | 000,147,968 | ---- | C] () -- C:\Users\John Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/11 16:08:53 | 000,000,000 | ---- | C] () -- C:\Users\John Paul\AppData\Local\QSwitch.txt
[2009/02/11 16:08:53 | 000,000,000 | ---- | C] () -- C:\Users\John Paul\AppData\Local\DSwitch.txt
[2009/02/11 16:08:53 | 000,000,000 | ---- | C] () -- C:\Users\John Paul\AppData\Local\AtStart.txt
[2008/12/27 19:57:47 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2008/12/27 19:57:36 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2008/12/27 19:57:08 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2008/12/27 19:56:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2008/12/27 19:54:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008/12/27 19:53:51 | 000,000,248 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/12/07 13:08:06 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/07 13:08:04 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/10/26 11:04:11 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/26 10:58:07 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/26 10:56:09 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/26 10:54:45 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/09/12 15:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 09:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 21:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 06:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 06:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 02:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 02:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 09:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/10/26 10:07:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008/10/26 10:07:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008/10/26 10:07:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008/10/26 10:07:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 02:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 02:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:D1B5B4F1
< End of report >

OTL Extras logfile created on: 20/02/2010 18:57:47 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\John Paul\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.27 Gb Total Space | 53.32 Gb Free Space | 23.99% Space Free | Partition Type: NTFS
Drive D: | 10.61 Gb Total Space | 1.79 Gb Free Space | 16.89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEANLACRITIQUE
Current User Name: John Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-309953292-3820396624-3086073273-1000\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-309953292-3820396624-3086073273-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CE1E44F-6681-42A0-8238-D56496DD3047}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{0EBF7353-18A5-4A59-9EB6-383C1343A480}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{10C93278-DB19-4EB8-986F-F15D443C076D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1501EA10-73D7-4456-83B5-A61ADFF50314}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A8AB1FA-2CCF-4D4C-8066-9092F2737708}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CF1B700-25F8-43E3-A935-BFD3E4098A79}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2436BC60-171C-4A08-840B-534597A35D8D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2E78A2F8-11D3-4FE5-8E74-4682A453D4EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3182E8E0-0F20-47B2-B345-02BF56D89B50}" = rport=138 | protocol=17 | dir=out | app=system |
"{3A9AB047-112B-49F2-BDC7-274501536746}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3C605BB4-F223-494B-9B89-919CA21FF1AC}" = lport=10244 | protocol=6 | dir=in | app=system |
"{443D0F84-6EAD-423C-97F6-F75240FC555E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4904C1F2-D746-4061-87A5-BEC2A56FE15E}" = rport=10244 | protocol=6 | dir=out | app=system |
"{59C45E13-1CE1-4B82-9093-21934E56E9CB}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5DA1FB45-E91F-4E06-9757-FDF6F4B09C76}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6EDB0227-DE28-4637-A0F1-8F2FC727FA48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F71F9AF-B7F3-4FBE-9DB1-A2BCE2FCC4BC}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7133F609-C112-4620-84D5-B4737BC5205E}" = lport=3390 | protocol=6 | dir=in | app=system |
"{79C2DCCC-ACC7-4874-B520-2FC07B6C4431}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{83771412-6142-4935-A21B-79DD0F2E12A0}" = lport=3390 | protocol=6 | dir=in | app=system |
"{85F09C7D-058E-479A-8EBA-82634954C774}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8C5A78B0-78AA-4B30-B303-42DDAA19813A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91C42E49-EB0B-4047-8CE8-1ED370B98BF2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9AD01C2F-4372-4BDC-AC09-900663AEC375}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3CF244F-C943-418A-BC53-9D970AB7529C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A75315BF-7EC4-4001-9E99-65551924B434}" = lport=138 | protocol=17 | dir=in | app=system |
"{A9F3AD5D-43FA-48BE-BD4A-9CCA0F4C9FB2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B944E557-4662-47C0-BFB2-FF39FFC6D507}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA2FBA20-14D5-4137-9C03-CAF92FF8B611}" = rport=10244 | protocol=6 | dir=out | app=system |
"{BACA4397-6B94-4FAC-854D-69967C8E5155}" = lport=137 | protocol=17 | dir=in | app=system |
"{CAE7053D-6AB5-4D58-83F9-E77AA3990F89}" = rport=445 | protocol=6 | dir=out | app=system |
"{CFEB5140-FC2E-42B6-BE74-ACA864EA0A20}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D8D4CA67-37A3-4297-99E5-C6D6E39AF592}" = rport=139 | protocol=6 | dir=out | app=system |
"{DD610385-DE8B-4D82-B5F0-7BB7CB1832B7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF9C0263-B663-48E6-8722-0E70050DC95D}" = rport=137 | protocol=17 | dir=out | app=system |
"{E018B1B4-69C2-4CA4-B45D-5EECBEFD67D1}" = lport=445 | protocol=6 | dir=in | app=system |
"{E1BAB972-4801-4532-A23C-596ACCCACF6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E755AB7D-0B54-41BB-A07D-C17751E99445}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ECA5459E-2844-47B9-81B9-069B1BBC4A17}" = lport=10244 | protocol=6 | dir=in | app=system |
"{EE1208BB-5D5B-4804-924A-6EA6DFDBB706}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEBF56CD-A09A-4803-97B4-D5BE7D9315DB}" = lport=139 | protocol=6 | dir=in | app=system |
"{F40DD068-1D83-410F-A7D7-0E3D86059D31}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10AFB32F-C732-4F86-A2B9-A2F864F84A96}" = protocol=6 | dir=in | app=c:\users\john paul\documents\utorrent.exe |
"{1E443BAC-5F13-46B2-878A-87EFB4923860}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{25A66710-9133-4C2E-A429-A7034D555C4C}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{27C66916-BAE4-4CC3-847D-9D4CE2E765F4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{29CE816B-6A41-4491-A238-F1F3AAA1B25C}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{2B03D869-6C64-4A43-99CA-54CF8C5E71EA}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{2B7D2111-E1A1-4658-B6C8-601B93C4ACFE}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{3B47F0C1-0423-45E3-8EC0-7E77EB98C713}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{4792720C-8D1B-46E1-A6ED-47916AAF67FF}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{47D140EC-9ADE-4F84-823D-9CE02FBCF3C1}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4817CDAC-E47E-4B47-850D-22C72093E74C}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4CF05683-CA1E-4A73-B738-D9CB25FDAF29}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5960DF6E-9BBA-4306-AC2A-7E81B325FCA1}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{5D06F547-44D9-41A8-971C-71330EFCAD32}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5ED0E05A-4AB1-4252-B753-FBB3B09F7D5B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{62267F74-752C-4015-B473-C45EDF2F1C53}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{63B5DA54-F98D-433E-A3CA-47357DC322D6}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{655F9E5B-A8C1-44FB-98F5-6366EA714153}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{669B2C49-6979-4753-BF69-D58806EEE31D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{683E0D44-C37E-4026-9247-4782D25ADEB6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D842371-1847-4C1D-8DE3-C211F7B5C5C4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{728F68FC-DC78-450E-8EE5-513D83C2B18F}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{7A7BD672-28BF-4245-9DBA-DB9AD0F2AECE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FBF6F1E-44E3-4426-9B58-F996DC782682}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8A246877-EF9B-4A60-82F1-1E1BA683AA3D}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{8E850550-452D-4699-A608-692F8A487603}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{91405A2B-1D3C-422F-9B33-5E5B679D2AC7}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{9233D39F-0CD2-45A1-94E0-E953447021CF}" = protocol=17 | dir=in | app=c:\users\john paul\documents\utorrent.exe |
"{B0E6B1CB-0419-4A3A-BDAA-ACF10978AAF0}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{B6CAF897-A569-484B-BCDB-8E7EE3EDE7D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA873EF5-6A68-4A21-B228-DE7077928C5B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{C0700B39-1DF3-4369-A9C1-A514D65ED808}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{C13CF54E-4D6A-4CAF-A76A-014A0F180A23}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C8F42866-50BA-4A5B-BA12-54657E7EA12F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CFC974B8-7A4F-4685-9E48-604259CFCCFB}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{D5CC055A-7125-4E2D-8646-EFE712350C68}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{D5DEEB53-6470-46C8-BC57-EBFBF7DD3599}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{D636B67A-4A58-4704-AED5-A7CE92DC6B8D}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{E18EAD67-315E-470D-A80E-991E16833953}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E408C7D8-2484-4630-83C0-0892D40A1D19}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{E8EBC2C0-954B-4C25-AA44-21AB4FFCE670}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E9ACBEEF-0A4F-499B-BDE5-99854C63ED17}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F33FE769-3673-4722-8027-E3EDC6383810}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{F513C5D4-B9B4-452E-96EA-DE06E3760136}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F69F17A3-3CC9-4461-9CD9-F40CAD220C64}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{FC92EA0E-A43D-456F-974D-006C821AE3CF}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9922FE96-6803-498D-A6AD-4EB5A3B956A5}" = Belkin Wireless G Plus MIMO USB Network Adapter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b16e6f75-910e-4192-b15c-d2f9caf3fd6e}" = Nero 9
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ECE0113B-23D0-4DD8-89E6-D2F026CABF03}" = ACDSee 7.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Audio Capture" = River Past Audio Capture
"Audio CD Ripper" = River Past Audio CD Ripper
"Audio Converter Pro" = River Past Audio Converter Pro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"COMODO Internet Security" = COMODO Internet Security
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dvdSanta 4.00 - Create Your Own DVD Movies!_is1" = dvdSanta 4.00
"DVDXCopyPlatinum" = DVD X Copy Platinum 5.0.0
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"LastFM_is1" = Last.fm 1.5.4.24567
"Live 7.0.3" = Live 7.0.3
"Lock my Folder" = Lock my Folder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MOV Booster Pack" = River Past MOV Booster Pack
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"NVIDIA Drivers" = NVIDIA Drivers
"PlayDV" = River Past PlayDV
"PowerISO" = PowerISO
"Pure Sudoku Deluxe_is1" = Pure Sudoku Deluxe 1.03
"RealMedia Booster Pack" = River Past RealMedia Booster Pack
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Screen Recorder Pro" = River Past Screen Recorder Pro
"SeaMonkey (2.0)" = SeaMonkey (2.0)
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Update Service" = Update Service
"Video Cleaner Pro" = River Past Video Cleaner Pro
"Video Perspective" = River Past Video Perspective
"Video Slice" = River Past Video Slice
"VLC media player" = VLC media player 1.0.5
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-309953292-3820396624-3086073273-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 AM

Posted 20 February 2010 - 02:35 PM

Hi,

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please do not run Combofix on your own

Please post the log from ComboFix in your next reply.

Did you run RootkitRevealer earlier?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 LaCritique

LaCritique
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 20 February 2010 - 02:44 PM

ComboFix 10-02-12.01 - John Paul 18/02/2010 1:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1665 [GMT 0:00]
Running from: c:\users\John Paul\Desktop\Jump.exe
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-309953292-3820396624-3086073273-500
c:\$recycle.bin\S-1-5-21-3926210305-1454408057-3256566471-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://armmf.adobe.com
.
((((((((((((((((((((((((( Files Created from 2010-01-18 to 2010-02-18 )))))))))))))))))))))))))))))))
.

2010-02-18 01:51 . 2010-02-18 01:52 -------- d-----w- c:\users\John Paul\AppData\Local\temp
2010-02-18 01:26 . 2010-02-18 01:28 -------- d-----w- C:\32788R22FWJFW
2010-02-18 00:09 . 2010-02-18 00:09 -------- d-----w- c:\program files\Trend Micro
2010-02-17 23:10 . 2010-02-17 23:10 52224 ----a-w- c:\users\John Paul\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-17 23:10 . 2010-02-17 23:10 117760 ----a-w- c:\users\John Paul\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-17 23:09 . 2010-02-17 23:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-17 23:08 . 2010-02-17 23:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-17 23:08 . 2010-02-17 23:08 -------- d-----w- c:\users\John Paul\AppData\Roaming\SUPERAntiSpyware.com
2010-02-17 22:47 . 2010-02-17 23:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-17 22:47 . 2010-02-17 22:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-13 21:05 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-13 21:05 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-13 14:18 . 2010-02-13 14:18 -------- d-----w- c:\users\John Paul\AppData\Roaming\Malwarebytes
2010-02-13 14:18 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-13 14:18 . 2010-02-13 14:18 -------- d-----w- c:\programdata\Malwarebytes
2010-02-13 14:18 . 2010-02-13 14:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-13 14:18 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-13 03:10 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-13 03:10 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-13 03:10 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-13 03:10 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-13 03:09 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-13 03:09 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-13 03:09 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-13 03:09 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-13 03:09 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-13 03:09 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-13 03:09 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-13 03:09 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-13 03:09 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-13 03:08 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-13 03:08 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 19:09 . 2008-05-26 16:09 27072 ----a-w- c:\windows\system32\drivers\AFGSp50.sys
2010-02-10 19:08 . 2010-02-10 19:11 -------- d-----w- c:\program files\Virgin Broadband Wireless
2010-02-10 19:08 . 2010-02-10 19:09 -------- d-----w- c:\programdata\Affinegy
2010-02-07 00:11 . 2010-02-15 21:34 -------- d-----w- c:\users\John Paul\AppData\Roaming\vlc
2010-02-06 22:29 . 2010-02-06 22:29 -------- d-----w- c:\programdata\Trusteer
2010-02-06 21:52 . 2010-02-06 21:52 -------- d-----w- c:\program files\iPod
2010-02-06 21:47 . 2010-02-06 21:47 -------- d-----w- c:\program files\QuickTime
2010-02-06 21:44 . 2010-02-06 21:44 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-18 01:30 . 2009-02-14 13:30 161159 ----a-w- c:\programdata\nvModes.dat
2010-02-18 01:09 . 2009-11-29 01:14 -------- d-----w- c:\program files\SeaMonkey
2010-02-17 23:09 . 2009-03-02 20:39 -------- d-----w- c:\users\John Paul\AppData\Roaming\uTorrent
2010-02-17 23:07 . 2009-04-14 12:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-17 00:56 . 2009-02-21 17:20 680 ----a-w- c:\users\John Paul\AppData\Local\d3d9caps.dat
2010-02-13 16:45 . 2009-05-04 23:15 -------- d-----w- c:\users\John Paul\AppData\Roaming\Spotify
2010-02-06 22:40 . 2009-03-02 19:50 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-06 22:40 . 2009-03-02 19:50 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-06 22:40 . 2009-03-02 19:50 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-06 22:40 . 2009-03-02 19:50 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-06 21:53 . 2009-03-04 01:30 -------- d-----w- c:\program files\iTunes
2010-02-06 21:52 . 2009-02-13 18:27 -------- d-----w- c:\program files\Common Files\Apple
2010-01-22 22:45 . 2009-02-21 17:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 02:26 . 2009-11-08 19:14 -------- d-----w- c:\program files\Pure Sudoku Deluxe
2010-01-02 06:38 . 2010-01-22 22:31 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 22:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 22:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 22:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-30 23:09 . 2009-07-12 16:06 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-30 22:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-30 22:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-30 22:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-30 22:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-30 22:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-30 22:56 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-30 22:54 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-30 22:45 . 2008-12-27 20:06 -------- d-----w- c:\programdata\NVIDIA
2009-12-26 23:07 . 2009-03-05 01:36 -------- d-----w- c:\users\John Paul\AppData\Roaming\dvdcss
2009-12-15 22:33 . 2009-12-15 22:33 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-29 17:42 . 2009-02-11 16:06 91136 ----a-w- c:\users\John Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-26 01:39 . 2009-04-26 01:39 2 --shatr- c:\windows\winstart.bat
2008-10-26 10:07 . 2008-10-26 09:53 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-07-19 4608]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-06 1800464]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:61,c7,4e,7f,a4,89,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-309953292-3820396624-3086073273-1000]
"EnableNotificationsRef"=dword:00000001

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [02/03/2009 19:50 130960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [02/03/2009 19:50 29520]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [06/09/2009 06:06 169312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/07/2009 16:06 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 02:23 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [17/02/2010 22:47 1153368]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [21/08/2009 20:24 66592]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [19/07/2009 16:21 716272]
S3 F;F;c:\users\JOHNPA~1\AppData\Local\Temp\F.exe --> c:\users\JOHNPA~1\AppData\Local\Temp\F.exe [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys [03/05/2009 22:05 13224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
S3 VBLEXWFEHIZVZ;VBLEXWFEHIZVZ;c:\users\JOHNPA~1\AppData\Local\Temp\VBLEXWFEHIZVZ.exe --> c:\users\JOHNPA~1\AppData\Local\Temp\VBLEXWFEHIZVZ.exe [?]
S4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26/10/2008 10:01 193840]
S4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [26/10/2008 11:10 365952]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309953292-3820396624-3086073273-1000Core.job
- c:\users\John Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-31 00:56]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309953292-3820396624-3086073273-1000UA.job
- c:\users\John Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-31 00:56]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\John Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zhf14hga.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/webhp?hl=en
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\John Paul\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-18 01:51
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1088)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\guard32.dll
.
Completion time: 2010-02-18 01:56:16
ComboFix-quarantined-files.txt 2010-02-18 01:56

Pre-Run: 11,329,822,720 bytes free
Post-Run: 14,149,935,104 bytes free

- - End Of File - - AC470B8A9CD1D4643BDE631560C1B75C


I've been trying a fair few programs to try sort it out so I'm a bit misty but I believe when I tried rootkit revealer when it got to the third section of scanning it stalled and would not go any further. I'll try it again if you like, I'll wait until your reply though just in case. Haven't changed anything with combofix, just the scan as above.

Thanks again for checking into this as I am lost, I'm not really sure what is going on but the same problem seems to have spread along to the other 2 computers on my network which are both clean with the exception of being unable to install programs. I tried installing in safe mode also with no success earlier; the same errors and corrupt messages appearing.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 AM

Posted 20 February 2010 - 02:55 PM

Hi,

no need to run Rootkitrevealer, there is a left over that might be from RootkitRevealer and I wanted to know if it was run or not. smile.gif

Can you please download and run Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Please also run gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 LaCritique

LaCritique
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 20 February 2010 - 03:00 PM

Already done a MalwareBytes scan which comes through clean. Done a GMER scan:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-18 02:53:06
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\JOHNPA~1\AppData\Local\Temp\kwlirpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x90830F8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x90831F5C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x90831174]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x908303FA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x90830BF4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x908302DC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x90830A82]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x90831C16]
SSDT 9D78C69C ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x9082FCD4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x90831898]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x9083067E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x90830DD0]
SSDT 9D78C688 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x9083090E]
SSDT 9D78C68D ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x908323C6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x90831634]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x90831A46]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x90830618]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x90830802]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x909E40B0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x90830074]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x90831280]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0x9B 0x68 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x53 0xB1 0xC8 0xE7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5F 0x53 0x2D 0xBE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0x9B 0x68 0xE0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x53 0xB1 0xC8 0xE7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5F 0x53 0x2D 0xBE ...

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-18 02:53:06
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\JOHNPA~1\AppData\Local\Temp\kwlirpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x90830F8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x90831F5C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x90831174]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x908303FA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x90830BF4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x908302DC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x90830A82]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x90831C16]
SSDT 9D78C69C ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x9082FCD4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x90831898]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x9083067E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x90830DD0]
SSDT 9D78C688 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x9083090E]
SSDT 9D78C68D ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x908323C6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x90831634]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x90831A46]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x90830618]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x90830802]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x909E40B0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x90830074]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x90831280]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0x9B 0x68 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x53 0xB1 0xC8 0xE7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5F 0x53 0x2D 0xBE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0x9B 0x68 0xE0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x53 0xB1 0xC8 0xE7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x5F 0x53 0x2D 0xBE ...

---- EOF - GMER 1.0.15 ----




#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 AM

Posted 20 February 2010 - 03:06 PM

Hi,

so you were able to install Malwarebytes?

I don't personally like Ad-Aware or Spybot very much, but could you please try and let me know if you can install a freshly downloaded installer. It may be that the download was corrupted.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 LaCritique

LaCritique
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 20 February 2010 - 03:12 PM

I could run MWBytes as it was already installed before the problem with new programs not installing occured. Spybot fails halfway through install, ad-aware fails before it can even start and I can't do online trend micro scan as it fails saying its corrupted. I have tried downloading the installers again after deleting the originals but its still the same, I have also tried renaming the setups/installers but it doesn't do anything. CWS will not update also, I've tried Dr Web which comes back clean too.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 AM

Posted 20 February 2010 - 03:47 PM

Hi,

I'm not sure CWS is still being updated.

Please run ComboFix:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 LaCritique

LaCritique
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 21 February 2010 - 08:18 PM

ComboFix 10-02-21.02 - John Paul 22/02/2010 1:03:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.1929 [GMT 0:00]
Running from: C:\Users\John Paul\Desktop\ComboFix.exe
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-22 01:12:19 . 2010-02-22 01:12:28 -------- d-----w- C:\Users\John Paul\AppData\Local\temp
2010-02-22 01:12:19 . 2010-02-22 01:12:19 -------- d-----w- C:\Users\Public\AppData\Local\temp
2010-02-22 01:12:19 . 2010-02-22 01:12:19 -------- d-----w- C:\Users\Mcx1\AppData\Local\temp
2010-02-22 01:12:19 . 2010-02-22 01:12:19 -------- d-----w- C:\Users\john\AppData\Local\temp
2010-02-22 01:12:19 . 2010-02-22 01:12:19 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-02-20 18:53:23 . 2010-02-20 18:53:23 3584 ----a-r- C:\Users\John Paul\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-02-20 18:53:22 . 2010-02-20 18:53:22 -------- d-----w- C:\Program Files\Windows Installer Clean Up
2010-02-20 18:52:01 . 2010-02-20 18:52:01 -------- d-----w- C:\Program Files\MSECACHE
2010-02-20 00:51:15 . 2010-02-20 00:51:15 -------- d-----w- C:\Users\John Paul\DoctorWeb
2010-02-18 18:37:03 . 2010-02-18 18:37:04 -------- d-----w- C:\Program Files\WinDirStat
2010-02-18 00:09:42 . 2010-02-18 00:09:42 -------- d-----w- C:\Program Files\Trend Micro
2010-02-17 23:10:57 . 2010-02-17 23:10:57 52224 ----a-w- C:\Users\John Paul\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-17 23:10:53 . 2010-02-17 23:10:53 117760 ----a-w- C:\Users\John Paul\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-17 23:09:42 . 2010-02-17 23:09:42 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2010-02-17 23:08:42 . 2010-02-18 22:34:46 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-02-17 23:08:42 . 2010-02-17 23:08:42 -------- d-----w- C:\Users\John Paul\AppData\Roaming\SUPERAntiSpyware.com
2010-02-17 22:47:05 . 2010-02-20 02:59:51 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2010-02-13 21:05:07 . 2009-12-08 20:01:02 3600456 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2010-02-13 21:05:07 . 2009-12-08 20:01:02 3548216 ----a-w- C:\Windows\system32\ntoskrnl.exe
2010-02-13 14:18:51 . 2010-02-13 14:18:51 -------- d-----w- C:\Users\John Paul\AppData\Roaming\Malwarebytes
2010-02-13 14:18:16 . 2010-01-07 16:07:14 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-02-13 14:18:13 . 2010-02-13 14:18:13 -------- d-----w- C:\ProgramData\Malwarebytes
2010-02-13 14:18:02 . 2010-02-13 14:18:37 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-13 14:18:02 . 2010-01-07 16:07:04 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
2010-02-13 03:10:11 . 2009-12-11 11:43:30 302080 ----a-w- C:\Windows\system32\drivers\srv.sys
2010-02-13 03:10:10 . 2009-12-11 11:43:11 98816 ----a-w- C:\Windows\system32\drivers\srvnet.sys
2010-02-13 03:10:04 . 2009-12-08 20:01:08 904776 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2010-02-13 03:10:04 . 2009-12-08 17:26:18 30720 ----a-w- C:\Windows\system32\drivers\tcpipreg.sys
2010-02-13 03:09:33 . 2009-12-04 18:29:41 1314816 ----a-w- C:\Windows\system32\quartz.dll
2010-02-13 03:09:32 . 2009-12-04 18:30:05 12288 ----a-w- C:\Windows\system32\tsbyuv.dll
2010-02-13 03:09:32 . 2009-12-04 18:28:52 22528 ----a-w- C:\Windows\system32\msyuv.dll
2010-02-13 03:09:32 . 2009-12-04 18:28:51 31744 ----a-w- C:\Windows\system32\msvidc32.dll
2010-02-13 03:09:32 . 2009-12-04 18:28:49 13312 ----a-w- C:\Windows\system32\msrle32.dll
2010-02-13 03:09:32 . 2009-12-04 18:28:21 50176 ----a-w- C:\Windows\system32\iyuv_32.dll
2010-02-13 03:09:31 . 2009-12-04 18:28:51 123904 ----a-w- C:\Windows\system32\msvfw32.dll
2010-02-13 03:09:31 . 2009-12-04 18:28:27 82944 ----a-w- C:\Windows\system32\mciavi32.dll
2010-02-13 03:09:31 . 2009-12-04 18:27:12 91136 ----a-w- C:\Windows\system32\avifil32.dll
2010-02-13 03:08:52 . 2009-12-04 15:56:16 212992 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
2010-02-13 03:08:52 . 2009-12-04 15:56:09 105984 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys
2010-02-10 19:09:47 . 2008-05-26 16:09:42 27072 ----a-w- C:\Windows\system32\drivers\AFGSp50.sys
2010-02-10 19:08:25 . 2010-02-10 19:11:05 -------- d-----w- C:\Program Files\Virgin Broadband Wireless
2010-02-10 19:08:25 . 2010-02-10 19:09:47 -------- d-----w- C:\ProgramData\Affinegy
2010-02-07 00:11:24 . 2010-02-21 03:28:58 -------- d-----w- C:\Users\John Paul\AppData\Roaming\vlc
2010-02-06 22:29:41 . 2010-02-06 22:29:41 -------- d-----w- C:\ProgramData\Trusteer
2010-02-06 21:52:10 . 2010-02-06 21:52:10 -------- d-----w- C:\Program Files\iPod
2010-02-06 21:47:20 . 2010-02-06 21:47:51 -------- d-----w- C:\Program Files\QuickTime
2010-02-06 21:44:09 . 2010-02-06 21:44:09 72488 ----a-w- C:\ProgramData\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 00:53:48 . 2009-02-14 13:30:09 161159 ----a-w- C:\ProgramData\nvModes.dat
2010-02-21 03:56:48 . 2009-03-02 20:39:40 -------- d-----w- C:\Users\John Paul\AppData\Roaming\uTorrent
2010-02-18 22:48:31 . 2008-10-26 09:45:23 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-02-18 01:09:31 . 2009-11-29 01:14:34 -------- d-----w- C:\Program Files\SeaMonkey
2010-02-17 23:07:29 . 2009-04-14 12:40:17 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-17 00:56:19 . 2009-02-21 17:20:23 680 ----a-w- C:\Users\John Paul\AppData\Local\d3d9caps.dat
2010-02-13 16:45:01 . 2009-05-04 23:15:00 -------- d-----w- C:\Users\John Paul\AppData\Roaming\Spotify
2010-02-06 22:40:50 . 2009-03-02 19:50:37 74328 ----a-w- C:\Windows\system32\drivers\inspect.sys
2010-02-06 22:40:39 . 2009-03-02 19:50:37 171552 ----a-w- C:\Windows\system32\guard32.dll
2010-02-06 22:40:39 . 2009-03-02 19:50:36 29520 ----a-w- C:\Windows\system32\drivers\cmdhlp.sys
2010-02-06 22:40:39 . 2009-03-02 19:50:36 130960 ----a-w- C:\Windows\system32\drivers\cmdguard.sys
2010-02-06 21:53:17 . 2009-03-04 01:30:08 -------- d-----w- C:\Program Files\iTunes
2010-02-06 21:52:08 . 2009-02-13 18:27:20 -------- d-----w- C:\Program Files\Common Files\Apple
2010-01-22 22:45:57 . 2009-02-21 17:28:50 -------- d-----w- C:\Program Files\Microsoft Silverlight
2010-01-20 02:26:05 . 2009-11-08 19:14:40 -------- d-----w- C:\Program Files\Pure Sudoku Deluxe
2010-01-02 06:38:20 . 2010-01-22 22:31:31 916480 ----a-w- C:\Windows\system32\wininet.dll
2010-01-02 06:32:33 . 2010-01-22 22:31:29 71680 ----a-w- C:\Windows\system32\iesetup.dll
2010-01-02 06:32:33 . 2010-01-22 22:31:29 109056 ----a-w- C:\Windows\system32\iesysprep.dll
2010-01-02 04:57:00 . 2010-01-22 22:31:30 133632 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-12-30 23:09:52 . 2009-07-12 16:06:30 56816 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
2009-12-30 22:57:09 . 2006-11-02 12:37:34 -------- d-----w- C:\Program Files\Windows Calendar
2009-12-30 22:57:08 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail
2009-12-30 22:57:04 . 2006-11-02 12:37:34 -------- d-----w- C:\Program Files\Windows Sidebar
2009-12-30 22:57:03 . 2006-11-02 12:37:34 -------- d-----w- C:\Program Files\Windows Journal
2009-12-30 22:57:00 . 2006-11-02 12:37:34 -------- d-----w- C:\Program Files\Windows Photo Gallery
2009-12-30 22:56:54 . 2006-11-02 12:37:34 -------- d-----w- C:\Program Files\Windows Defender
2009-12-30 22:54:31 . 2006-11-02 10:25:05 665600 ----a-w- C:\Windows\inf\drvindex.dat
2009-12-30 22:45:00 . 2008-12-27 20:06:26 -------- d-----w- C:\ProgramData\NVIDIA
2009-12-26 23:07:24 . 2009-03-05 01:36:24 -------- d-----w- C:\Users\John Paul\AppData\Roaming\dvdcss
2009-12-15 22:33:06 . 2009-12-15 22:33:06 784136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-29 17:42:59 . 2009-02-11 16:06:05 91136 ----a-w- C:\Users\John Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-26 01:39:21 . 2009-04-26 01:39:21 2 --shatr- C:\Windows\winstart.bat
2008-10-26 10:07:17 . 2008-10-26 09:53:28 8192 --sha-w- C:\Windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 18:05:10 1049896]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 23:14:02 202032]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 21:51:00 488752]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 14:51:42 177440]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 12:08:47 209153]
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-06 22:40:28 1800464]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 04:08:38 35696]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 12:08:30 935288]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-11 04:17:36 149280]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2010-01-22 19:16:42 141608]
"Wireless Manager"="C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 16:20:50 585728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 09:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21:42 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\Windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:61,c7,4e,7f,a4,89,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-309953292-3820396624-3086073273-1000]
"EnableNotificationsRef"=dword:00000001

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [02/03/2009 19:50:36 130960]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [02/03/2009 19:50:36 29520]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [05/01/2010 07:56:04 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56:02 66632]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [06/09/2009 06:06:20 169312]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [12/07/2009 16:06:29 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [21/01/2008 02:23:43 21504]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda32v.sys [21/08/2009 20:24:04 66592]
S3 F;F;C:\Users\JOHNPA~1\AppData\Local\Temp\F.exe --> C:\Users\JOHNPA~1\AppData\Local\Temp\F.exe [?]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [03/05/2009 22:05:15 13224]
S3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56:06 12872]
S3 VBLEXWFEHIZVZ;VBLEXWFEHIZVZ;C:\Users\JOHNPA~1\AppData\Local\Temp\VBLEXWFEHIZVZ.exe --> C:\Users\JOHNPA~1\AppData\Local\Temp\VBLEXWFEHIZVZ.exe [?]
S4 Com4QLBEx;Com4QLBEx;C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26/10/2008 10:01:33 193840]
S4 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files\SMINST\BLService.exe [26/10/2008 11:10:34 365952]
S4 sptd;sptd;C:\Windows\System32\drivers\sptd.sys [19/07/2009 16:21:49 716272]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14:42 451872 ----a-w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-22 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309953292-3820396624-3086073273-1000Core.job
- C:\Users\John Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-31 00:56:53 . 2009-12-31 00:56:47]

2010-02-22 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-309953292-3820396624-3086073273-1000UA.job
- C:\Users\John Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-31 00:56:53 . 2009-12-31 00:56:47]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - C:\Users\John Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zhf14hga.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bleepingcomputer.com/forums/index.php?act=Search&CODE=show&searchid=a1ff020485d4042b58b3c15f72d0b080&search_in=posts&result_type=topics&highlite=%2B&kw=|http://www.facebook.com/home.php?ref=home#!/?ref=home
FF - plugin: C:\Program Files\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Users\John Paul\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

Attached Files



#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 AM

Posted 22 February 2010 - 01:08 PM

Hi,

there are no signs of infection in your logs. Do you still have trouble downloading the files? Which browser did you try?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 LaCritique

LaCritique
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 22 February 2010 - 02:16 PM

Still having the same problems which also persist on my other pc which is running XP. I have chosen to start a fresh format install on that to try alleviate the problem but am going to try sort it out on my laptop vista which I am using ahead of a format.

I am just downloading adaware from a different website mirror to the usual ones like cnet and am doing so using intenet explorer rather than firefox which I usually use so I'll post back with the results of the attempt. Currently I'm thinking my installer/setup files on windows must be corrupted or something as I doubt this is an infection now. Its just a rather annoying problem as everything is running fine except for when I want to install new programs or update the ones I have already as all I get is these 'corrupt' messages.

#14 LaCritique

LaCritique
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 22 February 2010 - 02:37 PM

Same problem, heres a print screen of the usual messages its similar to and as just happened:





Also, I don't mind taking this to a more appropriate section of the forums if you want me to since it doesn't seem to be malware, trojans etc.

Thanks again for the help you're providing Myrti

*to update:
The freshly installed version of windows xp on my pc still has this problem already. Anything downloaded is corrupt and its a fresh install. I'm thinking since both this laptop and that pc are having the same problems its something thats happening with my internet connection. It must be corrupted whilst being downloaded I guess?

Edited by LaCritique, 22 February 2010 - 05:04 PM.


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:45 AM

Posted 22 February 2010 - 05:37 PM

Hi,

yes it does indeed look as if the files get corrupted during download. Spybot offers a download with an MD5 hash to compare the file too here: link. Please download it. Then get WinMd5Sum and install it. (let me know if that won't work)

Then run the program from your start menu. In the window that opens browse to the file you downloaded and select it. Copy the MD5 offered by Spybot into the part named compare and click compare. Are the two MD5 the same?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users