Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am an idiot


  • This topic is locked This topic is locked
32 replies to this topic

#1 shaamoney

shaamoney

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 14 March 2010 - 03:18 PM

Hi All,

I hope you can all help my predicament...

I moved to the City in January and Sky has only just activated our internet and this meant a host of updates, including flash. I download a flash_player, but wasnt 100% sure of it and thus had Avira scan it. Scan came back clear, but as soon as I executed the file I had several pop ups (please see end of the threads for images).

School boy error after drinks, but I thought Avira would find it.

I killed the internet and ran scans with Avira, Malwarebytes, Spybot S&D, CCleaner, Superantispyware and A-squared. All was ok (apparently). I went online and found a few links to the files it creates and I went through and nabbed them, but I am still getting the occasional Avira warning.

I have also booted in safe mode and ran the same scans and nothing came up. Note, both scans were made after I went through and manually killed the .exe

The HJT log is below the images. I would appreciate any help.







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:47, on 14/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spotify\spotify.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SndVol.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.bris.ac.uk:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...ivex-latest.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37E3ADBC-E762-449E-B213-1D9F5DC6D600}: NameServer = 93.188.164.230,93.188.166.78
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E23E857-8B0B-4952-BAD4-4827BAE7C547}: NameServer = 93.188.164.230,93.188.166.78
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.230,93.188.166.78
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.230,93.188.166.78
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.230,93.188.166.78
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BOE120MySQL - Unknown owner - C:\Program Files\Business Objects\MySQL5\bin\mysqld-nt.exe
O23 - Service: Server Intelligence Agent (USERPC) (BOE120SIAUSERPC) - Apache Software Foundation - C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\sia.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98d6e6e3a5616) (gupdate1c98d6e6e3a5616) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 11864 bytes

Sorry, it seems it wont upload the images...

The names of the "alerts" were as follows:

Virus or unwanted program 'TR/TDss.axqv [trojan]'
detected in file 'C:\Windows\temp\00005ac3.sys.
Action performed: Deny access

Virus or unwanted program 'HTML/FakeAlert.AA [virus]'
detected in file 'C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8FNI8B71\wrz2[1].htm.
Action performed: Delete file

Virus or unwanted program 'HTML/Crypted.Gen [virus]'
detected in file 'C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\pagocf12.default\Cache\8810EBC7d01.
Action performed: Delete file

Virus or unwanted program 'HEUR/HTML.Malware [heuristic]'
detected in file 'C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\pagocf12.default\Cache\CC59B245d01.
Action performed: Deny access







Merged posts. ~ OB

Edited by Orange Blossom, 14 March 2010 - 04:44 PM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:56 AM

Posted 17 March 2010 - 08:30 AM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 shaamoney

shaamoney
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 19 March 2010 - 06:06 PM

Hi Elle,

Thank you so much for getting back to me, I was beginning to get a little worried.

I have done as you instructed, except for the gmer as this caused a blue screen every single time I ran it. I even tried in safe mode, without luck. The DDS is below.

I am extremely grateful for this as I am currently without use of my main PC. If anyone can help I would be greatly in their debt!

Please let me know if I can do anything else.

DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 21:58:09.33 on 19/03/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3582.879 [GMT 0:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Free\a2service.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Business Objects\MySQL5\bin\mysqld-nt.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\sia.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\CMS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\ConnectionServer.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\JobServer.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\crcache.exe
C:\Program Files\Business Objects\javasdk\bin\java.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\JobServer.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\crproc.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AAAnalytics.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AADashboard.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\fccache.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\JobServer.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\EventServer.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\fileserver.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\JobServer.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\fcproc.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\JobServer.exe
C:\Program Files\Business Objects\javasdk\bin\java.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\fileserver.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AARepoMgt.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AAMetrics.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AARules.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AADMining.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AASPC.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\JobServer.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\JobServer.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\crystalras.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AAProfiler.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AAQueryMgr.exe
C:\Program Files\Business Objects\javasdk\bin\java.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\wireportserver.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\fcproc.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\crproc.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Windows\System32\notepad.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.co.uk
uInternet Settings,ProxyServer = wwwcache.bris.ac.uk:8080
uInternet Settings,ProxyOverride = *.local;<local>
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: TweakMASTER Component: {7daac7de-9ef0-4ff0-bfa5-aff3e899054c} - c:\progra~1\tweakm~1\TweakBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [WordWeb] "c:\program files\wordweb\wweb32.exe" -startup
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
TCP: NameServer = 93.188.164.230,93.188.166.78
TCP: {37E3ADBC-E762-449E-B213-1D9F5DC6D600} = 93.188.164.230,93.188.166.78
TCP: {7E23E857-8B0B-4952-BAD4-4827BAE7C547} = 93.188.164.230,93.188.166.78
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\pagocf12.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\pagocf12.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-1 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 74480]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-4-13 1858144]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-6-23 21504]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-1 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-1 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-1 56816]
R2 BOE120MySQL;BOE120MySQL;c:\program files\business objects\mysql5\bin\mysqld-nt.exe [2008-9-26 4538368]
R2 BOE120SIAUSERPC;Server Intelligence Agent (USERPC);c:\program files\business objects\businessobjects enterprise 12.0\win32_x86\sia.exe [2008-9-26 53248]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-3-13 311568]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-12 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-11-20 240232]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2008-11-18 46824]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2007-4-20 674048]
S2 gupdate1c98d6e6e3a5616;Google Update Service (gupdate1c98d6e6e3a5616);c:\program files\google\update\GoogleUpdate.exe [2009-2-13 133104]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-3-4 101248]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-12-10 85504]

=============== Created Last 30 ================

2010-03-14 23:23:40 0 d-----w- C:\Autoruns
2010-03-14 21:57:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 21:57:45 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 21:57:45 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 20:51:05 77312 ----a-w- c:\windows\MBR.exe
2010-03-14 20:51:04 98816 ----a-w- c:\windows\sed.exe
2010-03-14 20:51:04 261632 ----a-w- c:\windows\PEV.exe
2010-03-14 20:51:04 161792 ----a-w- c:\windows\SWREG.exe
2010-03-14 20:50:44 0 d-s---w- C:\ComboFix
2010-03-14 20:47:20 318976 ----a-w- c:\windows\system32\CF18171.exe
2010-03-14 19:22:54 0 d-----w- c:\program files\Trend Micro
2010-03-13 12:15:13 0 d-----w- c:\programdata\PrevxCSI
2010-03-13 04:09:20 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-13 03:30:43 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-13 03:30:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-13 03:30:35 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-13 02:53:32 0 d-----w- c:\programdata\IObit
2010-03-13 02:53:08 0 d-----w- c:\program files\IObit
2010-03-13 00:53:46 318976 ----a-w- c:\windows\system32\CF26465.exe
2010-03-07 03:12:08 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-06 14:58:53 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-03-06 14:58:52 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-03-06 14:58:47 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-03-06 14:58:47 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-03-06 14:58:46 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-03-06 14:58:46 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-03-06 14:58:46 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-03-06 14:58:46 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-03-06 14:58:46 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-03-06 14:58:46 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-03-06 14:58:46 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-03-06 14:58:40 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-03-06 14:58:40 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-03-04 07:46:13 0 d-----w- c:\users\user\appdata\roaming\Birdstep Technology
2010-03-04 07:45:55 0 d-----w- c:\programdata\Birdstep Technology
2010-03-04 07:45:26 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-03-04 07:45:26 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-03-04 07:45:26 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-03-04 07:45:26 101248 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2010-03-04 07:45:02 71262 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2010-03-04 07:45:02 0 d-----w- c:\program files\Huawei Modems
2010-03-04 07:44:43 0 d-----w- c:\program files\3 Mobile Broadband

==================== Find3M ====================

2010-03-14 23:56:36 35560 ----a-w- c:\programdata\nvModes.dat
2010-03-04 07:45:25 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-04 07:45:25 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-04 07:45:24 143360 ----a-w- c:\windows\inf\infstor.dat
2010-02-24 09:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-07 21:10:47 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-10-13 03:28:54 36196 ----a-w- c:\windows\inf\perflib\041f\perfd.dat
2008-10-13 03:28:54 36196 ----a-w- c:\windows\inf\perflib\041f\perfc.dat
2008-10-13 03:28:54 281380 ----a-w- c:\windows\inf\perflib\041f\perfi.dat
2008-10-13 03:28:54 281380 ----a-w- c:\windows\inf\perflib\041f\perfh.dat
2008-09-18 05:28:10 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat
2008-09-18 05:28:10 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat
2008-09-18 05:28:10 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat
2008-09-18 05:28:10 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat
2008-07-02 14:09:52 174 --sha-w- c:\program files\desktop.ini
2008-05-10 12:52:12 36916 ----a-w- c:\windows\inf\perflib\0407\perfd.dat
2008-05-10 12:52:12 36916 ----a-w- c:\windows\inf\perflib\0407\perfc.dat
2008-05-10 12:52:12 290748 ----a-w- c:\windows\inf\perflib\0407\perfi.dat
2008-05-10 12:52:12 290748 ----a-w- c:\windows\inf\perflib\0407\perfh.dat
2008-05-10 12:13:22 40258 ----a-w- c:\windows\inf\perflib\0c0a\perfd.dat
2008-05-10 12:13:22 40258 ----a-w- c:\windows\inf\perflib\0c0a\perfc.dat
2008-05-10 12:13:22 336930 ----a-w- c:\windows\inf\perflib\0c0a\perfi.dat
2008-05-10 12:13:22 336930 ----a-w- c:\windows\inf\perflib\0c0a\perfh.dat
2008-05-10 11:02:54 43928 ----a-w- c:\windows\inf\perflib\0408\perfd.dat
2008-05-10 11:02:54 43928 ----a-w- c:\windows\inf\perflib\0408\perfc.dat
2008-05-10 11:02:54 364862 ----a-w- c:\windows\inf\perflib\0408\perfi.dat
2008-05-10 11:02:54 364862 ----a-w- c:\windows\inf\perflib\0408\perfh.dat
2008-05-10 10:24:01 36614 ----a-w- c:\windows\inf\perflib\0410\perfd.dat
2008-05-10 10:24:01 36614 ----a-w- c:\windows\inf\perflib\0410\perfc.dat
2008-05-10 10:24:01 331172 ----a-w- c:\windows\inf\perflib\0410\perfi.dat
2008-05-10 10:24:01 331172 ----a-w- c:\windows\inf\perflib\0410\perfh.dat
2008-05-10 10:05:01 39514 ----a-w- c:\windows\inf\perflib\0816\perfd.dat
2008-05-10 10:05:01 39514 ----a-w- c:\windows\inf\perflib\0816\perfc.dat
2008-05-10 10:05:01 332682 ----a-w- c:\windows\inf\perflib\0816\perfi.dat
2008-05-10 10:05:01 332682 ----a-w- c:\windows\inf\perflib\0816\perfh.dat
2008-05-10 09:08:16 34724 ----a-w- c:\windows\inf\perflib\0405\perfd.dat
2008-05-10 09:08:16 34724 ----a-w- c:\windows\inf\perflib\0405\perfc.dat
2008-05-10 09:08:16 286912 ----a-w- c:\windows\inf\perflib\0405\perfi.dat
2008-05-10 09:08:16 286912 ----a-w- c:\windows\inf\perflib\0405\perfh.dat
2008-05-10 08:37:12 30674 ----a-w- c:\windows\inf\perflib\0404\perfd.dat
2008-05-10 08:37:12 30674 ----a-w- c:\windows\inf\perflib\0404\perfc.dat
2008-05-10 08:37:12 116540 ----a-w- c:\windows\inf\perflib\0404\perfi.dat
2008-05-10 08:37:12 116540 ----a-w- c:\windows\inf\perflib\0404\perfh.dat
2008-05-10 08:05:21 30674 ----a-w- c:\windows\inf\perflib\0804\perfd.dat
2008-05-10 08:05:21 30674 ----a-w- c:\windows\inf\perflib\0804\perfc.dat
2008-05-10 08:05:21 109926 ----a-w- c:\windows\inf\perflib\0804\perfi.dat
2008-05-10 08:05:21 109926 ----a-w- c:\windows\inf\perflib\0804\perfh.dat
2008-05-10 07:13:06 41018 ----a-w- c:\windows\inf\perflib\0401\perfd.dat
2008-05-10 07:13:06 41018 ----a-w- c:\windows\inf\perflib\0401\perfc.dat
2008-05-10 07:13:06 285290 ----a-w- c:\windows\inf\perflib\0401\perfi.dat
2008-05-10 07:13:06 285290 ----a-w- c:\windows\inf\perflib\0401\perfh.dat
2008-05-10 06:30:36 35166 ----a-w- c:\windows\inf\perflib\0414\perfd.dat
2008-05-10 06:30:36 35166 ----a-w- c:\windows\inf\perflib\0414\perfc.dat
2008-05-10 06:30:36 294254 ----a-w- c:\windows\inf\perflib\0414\perfi.dat
2008-05-10 06:30:36 294254 ----a-w- c:\windows\inf\perflib\0414\perfh.dat
2008-05-10 05:39:28 38684 ----a-w- c:\windows\inf\perflib\0419\perfd.dat
2008-05-10 05:39:28 38684 ----a-w- c:\windows\inf\perflib\0419\perfc.dat
2008-05-10 05:39:28 332666 ----a-w- c:\windows\inf\perflib\0419\perfi.dat
2008-05-10 05:39:28 332666 ----a-w- c:\windows\inf\perflib\0419\perfh.dat
2008-05-10 05:02:16 47554 ----a-w- c:\windows\inf\perflib\040e\perfd.dat
2008-05-10 05:02:16 47554 ----a-w- c:\windows\inf\perflib\040e\perfc.dat
2008-05-10 05:02:16 283574 ----a-w- c:\windows\inf\perflib\040e\perfi.dat
2008-05-10 05:02:16 283574 ----a-w- c:\windows\inf\perflib\040e\perfh.dat
2008-05-10 04:37:48 35978 ----a-w- c:\windows\inf\perflib\041d\perfd.dat
2008-05-10 04:37:48 35978 ----a-w- c:\windows\inf\perflib\041d\perfc.dat
2008-05-10 04:37:48 290490 ----a-w- c:\windows\inf\perflib\041d\perfi.dat
2008-05-10 04:37:48 290490 ----a-w- c:\windows\inf\perflib\041d\perfh.dat
2008-05-10 04:23:57 41976 ----a-w- c:\windows\inf\perflib\0413\perfd.dat
2008-05-10 04:23:57 41976 ----a-w- c:\windows\inf\perflib\0413\perfc.dat
2008-05-10 04:23:57 336440 ----a-w- c:\windows\inf\perflib\0413\perfi.dat
2008-05-10 04:23:57 336440 ----a-w- c:\windows\inf\perflib\0413\perfh.dat
2008-05-10 03:59:06 37468 ----a-w- c:\windows\inf\perflib\0415\perfd.dat
2008-05-10 03:59:06 37468 ----a-w- c:\windows\inf\perflib\0415\perfc.dat
2008-05-10 03:59:06 332832 ----a-w- c:\windows\inf\perflib\0415\perfi.dat
2008-05-10 03:59:06 332832 ----a-w- c:\windows\inf\perflib\0415\perfh.dat
2008-05-10 03:43:11 30674 ----a-w- c:\windows\inf\perflib\0411\perfd.dat
2008-05-10 03:43:11 30674 ----a-w- c:\windows\inf\perflib\0411\perfc.dat
2008-05-10 03:43:11 139030 ----a-w- c:\windows\inf\perflib\0411\perfi.dat
2008-05-10 03:43:11 139030 ----a-w- c:\windows\inf\perflib\0411\perfh.dat
2008-05-10 03:29:13 37412 ----a-w- c:\windows\inf\perflib\0416\perfd.dat
2008-05-10 03:29:13 37412 ----a-w- c:\windows\inf\perflib\0416\perfc.dat
2008-05-10 03:29:13 318818 ----a-w- c:\windows\inf\perflib\0416\perfi.dat
2008-05-10 03:29:13 318818 ----a-w- c:\windows\inf\perflib\0416\perfh.dat
2008-05-10 03:16:09 30674 ----a-w- c:\windows\inf\perflib\0412\perfd.dat
2008-05-10 03:16:09 30674 ----a-w- c:\windows\inf\perflib\0412\perfc.dat
2008-05-10 03:16:09 155890 ----a-w- c:\windows\inf\perflib\0412\perfi.dat
2008-05-10 03:16:09 155890 ----a-w- c:\windows\inf\perflib\0412\perfh.dat
2008-05-10 02:46:20 31198 ----a-w- c:\windows\inf\perflib\040d\perfd.dat
2008-05-10 02:46:20 31198 ----a-w- c:\windows\inf\perflib\040d\perfc.dat
2008-05-10 02:46:20 225844 ----a-w- c:\windows\inf\perflib\040d\perfi.dat
2008-05-10 02:46:20 225844 ----a-w- c:\windows\inf\perflib\040d\perfh.dat
2008-05-10 02:29:42 36790 ----a-w- c:\windows\inf\perflib\040b\perfd.dat
2008-05-10 02:29:42 36790 ----a-w- c:\windows\inf\perflib\040b\perfc.dat
2008-05-10 02:29:42 274158 ----a-w- c:\windows\inf\perflib\040b\perfi.dat
2008-05-10 02:29:42 274158 ----a-w- c:\windows\inf\perflib\040b\perfh.dat
2009-10-18 23:14:21 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-06-10 20:24:21 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2009-06-10 20:24:21 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2007-07-11 15:27:18 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:07:31.35 ===============

Attached Files



#4 shaamoney

shaamoney
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 19 March 2010 - 07:37 PM

I did some scanning of the site and noticed if GMAR didnt run, it was advised that combofix was executed and this is the log (after two blue screens!):

ComboFix 10-03-19.06 - User 19/03/2010 23:44:38.3.4 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3582.1205 [GMT 0:00]
Running from: c:\users\User\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
c:\windows\system32\Connect.dll

.
((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-20 00:06 . 2010-03-20 00:06 -------- d-----w- c:\users\User\AppData\Local\temp
2010-03-20 00:06 . 2010-03-20 00:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-19 23:35 . 2010-03-19 23:39 -------- d-----w- C:\32788R22FWJFW
2010-03-14 23:23 . 2010-03-14 23:23 -------- d-----w- C:\Autoruns
2010-03-14 21:57 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 21:57 . 2010-03-14 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 21:57 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 20:47 . 2010-03-14 20:46 318976 ----a-w- c:\windows\system32\CF18171.exe
2010-03-14 19:22 . 2010-03-14 19:22 -------- d-----w- c:\program files\Trend Micro
2010-03-13 12:15 . 2010-03-13 12:15 -------- d-----w- c:\programdata\PrevxCSI
2010-03-13 04:09 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-13 03:30 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-13 03:30 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-13 03:30 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-13 02:53 . 2010-03-13 02:53 -------- d-----w- c:\programdata\IObit
2010-03-13 02:53 . 2010-03-13 02:53 -------- d-----w- c:\program files\IObit
2010-03-13 00:53 . 2010-03-13 00:53 318976 ----a-w- c:\windows\system32\CF26465.exe
2010-03-07 03:12 . 2010-03-07 03:12 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-06 14:58 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-03-06 14:58 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-03-06 14:58 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-03-06 14:58 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-03-06 14:58 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-03-06 14:58 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-03-06 14:58 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-03-06 14:58 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-03-06 14:58 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-03-06 14:58 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-03-06 14:58 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-03-06 14:58 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-03-06 14:58 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-03-04 07:46 . 2010-03-04 07:46 -------- d-----w- c:\users\User\AppData\Roaming\Birdstep Technology
2010-03-04 07:45 . 2010-03-04 07:46 -------- d-----w- c:\programdata\Birdstep Technology
2010-03-04 07:45 . 2009-09-10 12:55 102912 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-03-04 07:45 . 2009-07-24 13:51 101248 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2010-03-04 07:45 . 2009-06-22 18:01 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-03-04 07:45 . 2007-08-09 02:06 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-03-04 07:45 . 2010-03-04 07:45 -------- d-----w- c:\program files\Huawei Modems
2010-03-04 07:45 . 2010-03-04 07:45 71262 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2010-03-04 07:44 . 2010-03-04 07:44 -------- d-----w- c:\program files\3 Mobile Broadband

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 23:24 . 2009-11-17 20:23 -------- d-----w- c:\program files\Steam
2010-03-19 23:23 . 2008-05-09 17:54 -------- d-----w- c:\programdata\NVIDIA
2010-03-19 23:23 . 2009-12-10 22:27 35560 ----a-w- c:\programdata\nvModes.dat
2010-03-19 23:22 . 2009-12-16 18:58 -------- d-----w- c:\program files\Common Files\Akamai
2010-03-18 23:23 . 2008-10-02 00:46 -------- d-----w- c:\programdata\Google Updater
2010-03-15 07:31 . 2009-02-12 21:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-14 22:17 . 2008-05-08 01:31 1356 ----a-w- c:\users\User\AppData\Local\d3d9caps.dat
2010-03-14 20:56 . 2009-06-03 19:42 -------- d-----w- c:\users\User\AppData\Roaming\Spotify
2010-03-13 04:11 . 2008-05-11 00:14 -------- d-----w- c:\programdata\Microsoft Help
2010-03-13 02:59 . 2009-04-13 23:28 -------- d-----w- c:\program files\a-squared Free
2010-03-13 01:57 . 2008-05-10 05:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-13 00:33 . 2008-05-12 03:54 -------- d-----w- c:\users\User\AppData\Roaming\Skype
2010-03-13 00:01 . 2008-11-13 22:40 -------- d-----w- c:\users\User\AppData\Roaming\skypePM
2010-03-12 21:53 . 2009-11-17 20:23 -------- d-----w- c:\program files\Common Files\Steam
2010-03-07 03:33 . 2008-05-10 00:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-06 15:15 . 2008-10-02 00:46 -------- d-----w- c:\program files\Google
2010-03-04 07:44 . 2008-05-10 01:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-24 09:16 . 2009-10-02 19:43 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-31 23:10 . 2008-05-08 01:32 160536 ----a-w- c:\users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-23 09:26 . 2010-03-06 14:59 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-02 06:38 . 2010-03-06 14:59 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-03-06 14:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-03-06 14:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-03-06 14:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-07-11 15:27 . 2006-11-22 14:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-10 17:20 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-19 02:14 133104 ----atw- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 04:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 16:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-07-06 03:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 13:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-06-15 08:45 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskbar Shuffle]
2008-04-17 00:28 818176 ----a-w- c:\program files\Taskbar Shuffle\taskbarshuffle.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-05-09 17:37 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakMASTER]
2006-11-27 14:25 283168 ----a-w- c:\program files\TweakMASTER\TMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-01-29 22:11 52392 ----a-w- c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
"Intuit SyncManager"=c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"boinctray"="c:\program files\BOINC\boinctray.exe"
"CTCheck"=c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:59,b4,3f,e0,96,47,ca,01

R2 BOE120MySQL;BOE120MySQL;c:\program files\Business Objects\MySQL5\bin\mysqld-nt.exe BOE120MySQL [x]
R2 gupdate1c98d6e6e3a5616;Google Update Service (gupdate1c98d6e6e3a5616);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 133104]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-07-24 101248]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2009-06-26 85504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-08 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-09 74480]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2009-10-06 1858144]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
S2 BOE120SIAUSERPC;Server Intelligence Agent (USERPC);c:\program files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\sia.exe [2008-09-26 53248]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2009-12-24 311568]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232]
S2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2009-11-13 46824]
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-04-20 674048]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-08-22 13:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 16:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 09:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-19 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-09-18 10:08]

2010-03-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-02 12:38]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 00:02]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 00:02]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1553740332-3321730226-973910935-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-19 02:14]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1553740332-3321730226-973910935-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-19 02:14]

2010-03-19 c:\windows\Tasks\User_Feed_Synchronization-{7B6E1FD6-ED76-419D-ACF3-0809DCEC34F0}.job
- c:\windows\system32\msfeedssync.exe [2010-03-06 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.co.uk
uInternet Settings,ProxyServer = wwwcache.bris.ac.uk:8080
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pagocf12.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\User\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pagocf12.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-TOY5KNQ8OC - c:\users\User\AppData\Local\Temp\Ehh.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 00:06
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x8795D8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x833cad24
\Driver\ACPI -> acpi.sys @ 0x80692d68
\Driver\atapi -> atapi.sys @ 0x807979b0
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1553740332-3321730226-973910935-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3FD2CBEE-9ADB-F08A-C7D5-BC3179213754}*]
"iapmicahhpmcjkmgcn"=hex:62,61,6d,63,00,f1

[HKEY_USERS\S-1-5-21-1553740332-3321730226-973910935-1000\Software\SecuROM\License information*]
"datasecu"=hex:d3,2d,ab,e0,f9,eb,8b,28,47,af,f8,48,dd,f2,66,5a,6f,eb,7f,39,d6,
28,74,b8,18,dc,83,57,21,f9,bf,1c,da,6b,eb,d2,ef,71,b2,d6,02,e1,81,8c,86,17,\
"rkeysecu"=hex:f1,29,cc,6d,9a,cf,2f,87,c6,22,f8,28,32,33,03,8b

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-20 00:22:04
ComboFix-quarantined-files.txt 2010-03-20 00:21
ComboFix2.txt 2009-02-12 21:38

Pre-Run: 17,552,752,640 bytes free
Post-Run: 17,377,452,032 bytes free

- - End Of File - - FA74A0BDF6C9C20EEBBD75029D4B29A5


#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:56 AM

Posted 21 March 2010 - 09:38 AM

Hello, shaamoney
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.



Please navigate to C:\Qoobox and post back with the content of Combofix2.txt.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 shaamoney

shaamoney
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 22 March 2010 - 07:26 PM

Hi Tom,

Thank you kindly for your offer of help.

I have done as you instructed - please find the below log.


ComboFix 09-02-11.02 - User 2009-02-12 21:09:19.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.1111 [GMT 0:00]
Running from: c:\users\User\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-12 to 2009-02-12 )))))))))))))))))))))))))))))))
.

2009-02-12 04:33 . 2009-02-12 20:47 <DIR> d-------- C:\MGtools
2009-02-12 04:33 . 2009-02-12 20:47 148,417 --a------ C:\MGlogs.zip
2009-02-12 04:27 . 2009-02-12 04:28 1,337,212 --a------ C:\MGtools.exe
2009-02-12 04:15 . 2009-02-12 04:15 108 --a------ C:\index.ini
2009-02-12 03:48 . 2009-02-12 17:39 <DIR> d-------- c:\program files\a-squared Anti-Malware
2009-02-12 03:33 . 2009-02-12 03:33 <DIR> d-------- c:\users\User\AppData\Roaming\Malwarebytes
2009-02-12 03:33 . 2009-02-12 03:33 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-12 03:33 . 2009-02-12 03:33 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-12 03:33 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-12 03:33 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-12 02:51 . 2009-02-12 02:51 <DIR> d-------- c:\programdata\Sports Interactive
2009-02-12 02:32 . 2009-02-12 02:32 <DIR> d--h----- c:\users\User\InstallAnywhere
2009-02-12 02:32 . 2009-02-12 02:40 <DIR> d--h----- c:\program files\Zero G Registry
2009-02-12 02:32 . 2009-02-12 02:32 <DIR> d-------- c:\program files\Sports Interactive
2009-02-12 02:30 . 2009-02-12 02:51 <DIR> d-------- c:\users\User\AppData\Roaming\Sports Interactive
2009-02-11 17:44 . 2009-01-15 03:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 17:44 . 2009-01-15 06:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-11 17:07 . 2009-02-11 17:07 <DIR> d-------- c:\program files\SupCom
2009-02-09 00:44 . 2009-02-09 00:44 <DIR> d-------- c:\users\User\AppData\Roaming\OpenOffice.org
2009-02-09 00:36 . 2009-02-09 00:36 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-02-09 00:36 . 2009-02-09 00:36 <DIR> d-------- c:\program files\JRE
2009-02-07 02:01 . 2009-02-07 04:06 <DIR> d-------- c:\users\User\AppData\Roaming\Red Alert 3
2009-02-07 02:00 . 2009-02-07 02:00 <DIR> dr-h----- c:\users\User\AppData\Roaming\SecuROM
2009-02-03 01:42 . 2009-02-03 01:42 <DIR> d--h----- c:\windows\PIF
2009-02-01 13:26 . 2009-02-06 20:59 <DIR> d-------- c:\programdata\Electronic Arts
2009-02-01 13:17 . 2009-02-01 13:17 3,616 --a------ c:\windows\System32\ealregsnapshot1.reg
2009-01-18 02:51 . 2009-01-18 02:53 <DIR> d-------- c:\users\User\AppData\Roaming\ooVoo Details
2009-01-18 02:51 . 2009-01-18 02:51 <DIR> d-------- c:\program files\ooVoo
2009-01-14 03:02 . 2008-12-16 02:42 288,768 --a------ c:\windows\System32\drivers\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 21:02 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-12 21:00 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-12 15:37 --------- d-----w c:\programdata\Google Updater
2009-02-12 03:16 --------- d-----w c:\programdata\Microsoft Help
2009-02-10 03:44 --------- d-----w c:\program files\DivX
2009-02-09 00:51 --------- d-----w c:\users\User\AppData\Roaming\Skype
2009-02-09 00:05 --------- d-----w c:\users\User\AppData\Roaming\skypePM
2009-02-07 02:00 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2009-02-03 17:25 --------- d-----w c:\program files\HP
2009-02-01 13:26 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-01 13:26 --------- d-----w c:\program files\Electronic Arts
2009-01-29 12:59 --------- d-----w c:\users\User\AppData\Roaming\FileZilla
2009-01-20 19:00 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-01-20 19:00 --------- d-----w c:\program files\Java
2009-01-18 16:22 202,000 ----a-w c:\windows\System32\PnkBstrB.exe
2009-01-18 16:22 139,280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-18 03:59 --------- d-----w c:\program files\FileZilla FTP Client
2009-01-11 15:47 --------- d-----w c:\programdata\Creative
2009-01-11 06:29 --------- d-----w c:\program files\FLV Player
2009-01-11 05:21 --------- d-----w c:\program files\Creative
2009-01-11 05:20 --------- d-----w c:\program files\Audible
2009-01-11 05:19 --------- d--h--w c:\program files\Creative Installation Information
2009-01-11 05:17 --------- d-----w c:\program files\Common Files\Creative
2009-01-10 07:56 --------- d-----w c:\users\User\AppData\Roaming\LimeWire
2009-01-10 06:29 --------- d-----w c:\program files\ABC Amber BlackBerry Converter
2009-01-10 06:07 --------- d-----w c:\users\User\AppData\Roaming\Roxio
2009-01-07 14:13 --------- d-----w c:\program files\Bonjour
2009-01-05 21:51 --------- d-----w c:\program files\LimeWire
2009-01-05 20:26 73,216 ----a-w c:\windows\ST6UNST.EXE
2009-01-05 20:26 249,856 ------w c:\windows\Setup1.exe
2009-01-05 20:26 --------- d-----w c:\program files\Stardock
2009-01-05 20:26 --------- d-----w c:\program files\Karen's Alarm Clock
2009-01-05 20:26 --------- d-----w c:\program files\Common Files\Stardock
2009-01-05 20:25 --------- d-----w c:\program files\CountDown
2009-01-05 20:02 --------- d-----w c:\users\User\AppData\Roaming\NesterSoft
2009-01-05 20:02 --------- d-----w c:\program files\TimeLeft3
2009-01-05 00:21 --------- d-----w c:\program files\Astro Gemini Software
2009-01-05 00:19 --------- d-----w c:\users\User\AppData\Roaming\TERMINAL Studio
2008-12-20 21:14 682,280 ----a-w c:\windows\System32\pbsvc.exe
2008-12-20 21:14 22,328 ----a-w c:\users\User\AppData\Roaming\PnkBstrK.sys
2008-12-20 20:51 --------- d-----w c:\program files\Activision
2008-12-20 20:47 --------- d-----w c:\programdata\BOINC
2008-12-15 19:30 --------- d-----w c:\program files\BOINC
2008-12-15 03:43 --------- d-----w c:\program files\Mario Forever
2008-12-15 02:59 --------- d-----w c:\users\User\AppData\Roaming\Turbine
2008-12-12 11:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 11:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\System32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\System32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-11-17 08:47 492,288 ----a-w c:\windows\boinc.scr
2008-07-02 14:09 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-20 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 c:\windows\SkyTel.exe]

c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-07 14:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
"Intuit SyncManager"=c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"boinctray"="c:\program files\BOINC\boinctray.exe"
"CTCheck"=c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
"a-squared"="c:\program files\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D83DB6F5-B434-4CB5-9EBA-7F81A94E76C1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{51B9B3D4-0652-49DB-BEB2-8A9EDFC87C79}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D19FFDD0-0931-425E-83F9-0FA16CC0D7BB}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6CD4BB66-9CAD-4EE6-AF2A-E129F1041C94}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DF675C51-B86A-4AE3-9E81-6DE98805F5F0}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{334E8453-C11C-49AE-8816-208537D86F3D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0567CF8E-A81F-4F4B-915A-F6D981258DAF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{B20C9EE4-F2D3-4949-BC59-178DB130062C}c:\\program files\\invasion interactive ltd\\rising eagle\\bin\\win32\\risingeagle.exe"= UDP:c:\program files\invasion interactive ltd\rising eagle\bin\win32\risingeagle.exe:RisingEagle
"UDP Query User{43AE7EE0-B7C4-4531-9B2E-B42A2970EC7E}c:\\program files\\invasion interactive ltd\\rising eagle\\bin\\win32\\risingeagle.exe"= TCP:c:\program files\invasion interactive ltd\rising eagle\bin\win32\risingeagle.exe:RisingEagle
"{995B067F-E067-4BFD-9827-1F2B894F6BE6}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{38D25B2F-930E-4469-B62D-50C160DBD230}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{B4EE6713-C79E-4B53-906F-FD08EB16A13A}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{B816FEBE-AF52-4457-AA88-3B8545BBD4A7}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{9EFEC8A2-54BB-4077-BB01-6105751E378F}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C873B180-7421-456F-9661-F9D5641974B4}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{45735B00-D6A6-406A-93F8-B765540FBC2A}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{DAAFF45E-3A61-41B1-A15D-58392B47B757}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{D7B7FDDE-2FF5-424D-8C1C-2596DBA2D977}c:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= UDP:c:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"UDP Query User{CC7A365D-B484-4C32-AF69-9898CD3B37A8}c:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= TCP:c:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm
"{7940B19E-1F1B-45AE-A07D-145467D502B6}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{9722FCF9-5E63-4CB7-9B83-9B42DEF2D0CC}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"TCP Query User{2455B124-25AE-4097-937D-D1613548913E}c:\\program files\\coffeecup software\\coffee.exe"= UDP:c:\program files\coffeecup software\coffee.exe:CoffeeCup HTML Editor
"UDP Query User{C5F0A869-6506-4A33-B462-2C2FE799547A}c:\\program files\\coffeecup software\\coffee.exe"= TCP:c:\program files\coffeecup software\coffee.exe:CoffeeCup HTML Editor
"TCP Query User{9CB905A2-06ED-4F2B-9772-F3F64ABF1D87}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{25B833A7-2C83-4EB5-A8FB-7BB9310D56C3}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"{93D9598D-BFAA-4722-8164-2D9A6B9145C3}"= UDP:c:\users\User\Desktop\wowclient-downloader.exe:Blizzard Downloader
"{0B0FC51B-7733-4BEB-A875-7F202667FA3E}"= TCP:c:\users\User\Desktop\wowclient-downloader.exe:Blizzard Downloader
"{112FB39E-DE23-489B-A629-864A74E0B55D}"= UDP:3724:Blizzard Downloader: 3724
"{25EE66D3-8F41-43EB-A341-26BF6E07812F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{35193899-8CC7-4054-8405-22D5EF74F281}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID
"{27B90494-AEFF-477A-92FD-72DE0BFBC10D}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID
"{36669A33-3000-41F3-8B27-596167121117}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{C5AD38F3-DBF2-4063-BB84-3BE86352CFEA}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{47ABC7E6-D7F9-434F-A3C9-7E9068EC2D2E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EA22FE1E-63F8-4C74-889D-8F4F06BD56A1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{0C221D2E-7DAC-4478-AE1B-31C8A4B6F08D}c:\\program files\\codemasters\\the lord of the rings online\\lotroclient.exe"= UDP:c:\program files\codemasters\the lord of the rings online\lotroclient.exe:lotroclient
"UDP Query User{B5BBCA0D-CBEE-4380-96E9-01EB14E79E88}c:\\program files\\codemasters\\the lord of the rings online\\lotroclient.exe"= TCP:c:\program files\codemasters\the lord of the rings online\lotroclient.exe:lotroclient
"{8D5E4C04-1326-4E6B-A0BE-9DC57FC2810E}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{1D30390E-71AA-40A4-9EAA-B0EE6D541919}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{61E31C5C-6E31-478C-AC56-545C3D0B494D}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{AF165468-4FF8-4A1E-BEA4-C96F57EC85CF}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{4244F792-9E63-4745-92DE-95FB441106EE}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{62BBBB38-5EE3-479F-A700-41FC92840290}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War™
"{AB25F308-BCAB-4EC3-B3D8-7D738CB20503}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{2F796AD1-B621-406C-B3E2-13DB636795F1}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War™
"{9EED5883-8FE0-41ED-A968-6243366982BF}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DB944E04-8040-494F-8EA6-8C9E4C4AB6BD}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{EC6EBB0B-4590-400A-BDF4-A69C918CD2E7}c:\\program files\\oovoo\\oovoo.exe"= UDP:c:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{370D4B85-DA67-4FAD-ADDD-8CD6E63C2F8C}c:\\program files\\oovoo\\oovoo.exe"= TCP:c:\program files\oovoo\oovoo.exe:ooVoo
"{C4AD8CC8-C949-4991-BC1A-6115FAD00883}"= Disabled:UDP:443:ooVoo TCP port 443
"{72353941-4A8A-41DF-816E-A1B8AC62D9B7}"= Disabled:TCP:443:ooVoo UDP port 443
"{B9550F80-510A-4ADA-B332-4B645324DC1E}"= Disabled:UDP:37674:ooVoo TCP port 37674
"{FF03C70D-8751-48A1-929F-9578ADB93251}"= Disabled:TCP:37674:ooVoo UDP port 37674
"{1CC752A3-2FC4-4970-9D50-FA0B37DF7A11}"= Disabled:TCP:37675:ooVoo UDP port 37675
"TCP Query User{680570F7-3249-4FE0-805D-2F64F8F9E0E4}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{97E0C993-2999-4DA0-A800-B88797B38C98}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{03359AAA-E2FB-47AF-A65E-4F3C9B68D14A}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{6CE879BB-B1F2-4AD6-B8F3-BCC39FA8E9EF}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009

R2 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2008-11-18 39936]
R3 3xHybrid;3xHybrid service;c:\windows\System32\drivers\3xHybrid.sys [2007-04-20 674048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0910c59b-1c9d-11dd-bfcd-806e6f6e6963}]
\shell\AutoRun\command - D:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
%SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder

2009-02-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-18 10:08]

2009-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1553740332-3321730226-973910935-1000.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-19 02:14]

2009-02-12 c:\windows\Tasks\User_Feed_Synchronization-{7B6E1FD6-ED76-419D-ACF3-0809DCEC34F0}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 07:33]
.
- - - - ORPHANS REMOVED - - - -

BHO-{AE90C38C-97CF-4696-B290-C7973DC9675E} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
Toolbar-{C3CD744D-2FAE-4640-8297-16B5DA423104} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
WebBrowser-{C3CD744D-2FAE-4640-8297-16B5DA423104} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = hxxp://wwwcache.bris.ac.uk:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pagocf12.default\
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\users\User\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 21:16:57
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-12 21:38:24
ComboFix-quarantined-files.txt 2009-02-12 21:38:21

Pre-Run: 54,278,078,464 bytes free
Post-Run: 54,264,299,520 bytes free

270 --- E O F --- 2009-02-12 03:20:28


#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:56 AM

Posted 23 March 2010 - 01:40 PM

Hi,

  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 shaamoney

shaamoney
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 23 March 2010 - 08:15 PM

OTL logfile created on: 23/03/2010 20:52:10 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\User\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 47.00% Memory free
7.00 Gb Paging File | 4.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 16.16 Gb Free Space | 3.47% Space Free | Partition Type: NTFS
Drive D: | 3.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/23 20:51:19 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2010/03/12 20:03:55 | 000,332,720 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2010/03/08 06:52:48 | 001,217,872 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010/01/13 10:21:22 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/02 04:56:14 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/11/20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/13 18:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/11/08 23:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2009/10/06 16:56:34 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/08/06 00:17:24 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/10 20:26:02 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 15:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/25 02:40:48 | 000,049,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Business Objects\javasdk\bin\java.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/26 14:39:08 | 001,658,880 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\WIReportServer.exe
PRC - [2008/09/26 14:33:08 | 004,694,016 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\fcproc.exe
PRC - [2008/09/26 14:33:08 | 004,694,016 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\fccache.exe
PRC - [2008/09/26 14:33:08 | 004,694,016 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\crproc.exe
PRC - [2008/09/26 14:33:08 | 004,694,016 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\crcache.exe
PRC - [2008/09/26 14:32:28 | 000,831,488 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\JobServer.exe
PRC - [2008/09/26 14:32:22 | 000,770,048 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\fileserver.exe
PRC - [2008/09/26 14:32:08 | 000,827,392 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\EventServer.exe
PRC - [2008/09/26 14:31:54 | 001,978,368 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\CMS.exe
PRC - [2008/09/26 14:23:44 | 000,053,248 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\sia.exe
PRC - [2008/09/26 14:17:08 | 001,040,384 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AASPC.exe
PRC - [2008/09/26 14:17:06 | 004,685,824 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AAAnalytics.exe
PRC - [2008/09/26 14:17:06 | 003,571,712 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AARepoMgt.exe
PRC - [2008/09/26 14:17:06 | 003,076,096 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AAQueryMgr.exe
PRC - [2008/09/26 14:17:06 | 002,031,616 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AARules.exe
PRC - [2008/09/26 14:17:04 | 001,667,072 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AADMining.exe
PRC - [2008/09/26 14:17:04 | 001,449,984 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AADashboard.exe
PRC - [2008/09/26 14:17:04 | 001,040,384 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AAProfiler.exe
PRC - [2008/09/26 14:17:04 | 000,983,040 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AAMetrics.exe
PRC - [2008/09/26 13:58:54 | 000,381,440 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\crystalras.exe
PRC - [2008/09/26 13:56:42 | 001,676,000 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\ConnectionServer.exe
PRC - [2006/10/31 21:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/03/23 20:51:19 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
MOD - [2009/04/11 06:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/12 20:03:55 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/12 19:58:59 | 002,462,256 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3648.dll -- (Akamai)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/12/16 19:39:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/11/13 18:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/10/06 16:56:34 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/08/06 00:17:24 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/26 09:26:20 | 000,085,504 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/06/10 20:26:02 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/09/26 14:26:04 | 004,538,368 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Business Objects\MySQL5\bin\mysqld-nt.exe -- (BOE120MySQL)
SRV - [2008/09/26 14:23:44 | 000,053,248 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\sia.exe -- (BOE120SIAUSERPC) Server Intelligence Agent (USERPC)
SRV - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/31 21:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = wwwcache.bris.ac.uk:8080

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.04
FF - prefs.js..extensions.enabledItems: iaplayer@instantaction.com:0.4.1.1
FF - prefs.js..extensions.enabledItems: {5C5F7695-9DEB-41a3-ADDE-948C7555AEC1}:0.1.6
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
FF - prefs.js..extensions.enabledItems: statusbar@toodledo.com:1.60
FF - prefs.js..network.proxy.autoconfig_url: "http://wwwcache.bris.ac.uk/autoconfig"
FF - prefs.js..network.proxy.type: 2


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/13 10:22:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/13 02:18:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/12/02 19:02:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/01/04 23:22:28 | 000,000,000 | ---D | M]

[2009/06/20 02:33:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009/06/20 02:33:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/03/20 20:41:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions
[2009/12/20 10:48:00 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/08/13 03:48:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/16 04:20:57 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/07/04 00:21:42 | 000,000,000 | ---D | M] (MyBristol Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\{5C5F7695-9DEB-41a3-ADDE-948C7555AEC1}
[2009/01/26 09:13:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/05 14:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/05/18 16:37:55 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/11/05 14:29:51 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/05/22 19:47:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\iaplayer@instantaction.com
[2009/08/02 21:15:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\statusbar@toodledo.com
[2008/05/11 16:44:49 | 000,000,891 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\pagocf12.default\searchplugins\dictionarycom.xml
[2009/05/20 23:39:03 | 000,000,945 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\pagocf12.default\searchplugins\youtube-video-search.xml
[2010/03/20 20:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/04 17:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/08/17 21:00:37 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/17 21:00:39 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/17 21:00:39 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/17 21:00:39 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/03/13 12:03:24 | 000,365,820 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12614 more lines...
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (TweakMASTER Component) - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\Program Files\TweakMASTER\TweakBHO.dll (Hagel Technologies Ltd)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...ivex-latest.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/14 23:23:45 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2009/10/07 20:14:39 | 000,000,035 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/02 13:53:38 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/23 20:51:17 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/03/20 00:22:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/20 00:22:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2010/03/19 23:35:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/19 23:35:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/14 23:23:40 | 000,000,000 | ---D | C] -- C:\Autoruns
[2010/03/14 21:57:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/14 21:57:45 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/14 21:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/14 20:51:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/14 20:51:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/14 19:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/13 12:15:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI
[2010/03/13 02:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/03/13 02:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\IObit

========== Files - Modified Within 14 Days ==========

[2010/03/23 20:53:56 | 009,175,040 | -HS- | M] () -- C:\Users\User\NTUSER.DAT
[2010/03/23 20:52:15 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B6E1FD6-ED76-419D-ACF3-0809DCEC34F0}.job
[2010/03/23 20:51:19 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/03/23 20:12:05 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1553740332-3321730226-973910935-1000UA.job
[2010/03/23 20:03:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/23 19:23:38 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/23 19:23:38 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/23 12:40:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/23 04:22:56 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1553740332-3321730226-973910935-1000Core.job
[2010/03/23 03:03:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/20 00:06:24 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/19 23:34:09 | 000,000,537 | ---- | M] () -- C:\Users\User\Desktop\ComboFix - Shortcut.lnk
[2010/03/19 23:23:02 | 000,035,560 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/19 23:23:01 | 000,035,560 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/19 23:22:42 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/03/19 23:22:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/19 23:22:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/19 23:22:23 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/19 22:18:18 | 000,284,915 | ---- | M] () -- C:\Users\User\Desktop\gmer.zip
[2010/03/19 22:17:33 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2010/03/19 21:53:58 | 000,000,126 | ---- | M] () -- C:\Users\User\Desktop\c_cziYoC.htm.part.htm
[2010/03/19 21:53:34 | 000,525,824 | ---- | M] () -- C:\Users\User\Desktop\dds.scr
[2010/03/14 23:54:49 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/03/14 23:54:49 | 000,065,536 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/03/14 23:19:25 | 000,000,036 | ---- | M] () -- C:\Users\User\AppData\Local\housecall.guid.cache
[2010/03/14 23:16:20 | 000,675,162 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2010/03/14 23:16:20 | 000,658,944 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2010/03/14 23:16:20 | 000,605,384 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2010/03/14 23:16:20 | 000,347,082 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2010/03/14 23:16:20 | 000,336,080 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2010/03/14 23:16:20 | 000,137,534 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2010/03/14 23:16:20 | 000,131,634 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2010/03/14 23:16:20 | 000,109,820 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2010/03/14 23:16:20 | 000,109,814 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2010/03/14 23:16:19 | 000,681,978 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2010/03/14 23:16:19 | 000,678,476 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2010/03/14 23:16:19 | 000,678,428 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2010/03/14 23:16:19 | 000,669,214 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2010/03/14 23:16:19 | 000,613,056 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
[2010/03/14 23:16:19 | 000,467,400 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2010/03/14 23:16:19 | 000,406,762 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2010/03/14 23:16:19 | 000,393,478 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2010/03/14 23:16:19 | 000,136,990 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2010/03/14 23:16:19 | 000,135,926 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2010/03/14 23:16:19 | 000,135,138 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2010/03/14 23:16:19 | 000,126,552 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
[2010/03/14 23:16:19 | 000,124,836 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2010/03/14 23:16:19 | 000,109,982 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2010/03/14 23:16:19 | 000,109,750 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2010/03/14 23:16:19 | 000,085,478 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2010/03/14 23:16:18 | 000,678,972 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2010/03/14 23:16:18 | 000,633,416 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/03/14 23:16:18 | 000,621,560 | ---- | M] () -- C:\Windows\System32\perfh00E.dat
[2010/03/14 23:16:18 | 000,614,328 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010/03/14 23:16:18 | 000,611,174 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/14 23:16:18 | 000,570,632 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2010/03/14 23:16:18 | 000,531,280 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/03/14 23:16:18 | 000,451,290 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2010/03/14 23:16:18 | 000,373,326 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2010/03/14 23:16:18 | 000,151,480 | ---- | M] () -- C:\Windows\System32\perfc00E.dat
[2010/03/14 23:16:18 | 000,137,970 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2010/03/14 23:16:18 | 000,131,860 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/03/14 23:16:18 | 000,129,520 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2010/03/14 23:16:18 | 000,109,982 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/14 23:16:18 | 000,098,586 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2010/03/14 23:16:18 | 000,090,380 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2010/03/14 23:16:18 | 000,090,104 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/03/14 23:16:18 | 000,077,326 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2010/03/14 23:16:17 | 014,992,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/14 23:16:17 | 000,454,540 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2010/03/14 23:16:17 | 000,124,532 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010/03/14 23:16:17 | 000,087,130 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2010/03/14 22:17:32 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2010/03/14 21:57:54 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/14 20:40:44 | 000,000,162 | -H-- | M] () -- C:\Users\User\Desktop\~$iruses.docx
[2010/03/14 19:34:08 | 000,162,785 | ---- | M] () -- C:\Users\User\Desktop\Viruses.docx
[2010/03/14 19:23:11 | 000,001,834 | ---- | M] () -- C:\Users\User\Desktop\HijackThis.lnk
[2010/03/13 12:03:24 | 000,365,820 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/03/13 00:26:30 | 000,000,418 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/03/12 23:44:44 | 000,102,956 | ---- | M] () -- C:\Users\User\Desktop\Sky internet.jpg
[2010/03/12 23:09:35 | 000,206,848 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/12 22:12:12 | 000,000,165 | -H-- | M] () -- C:\Users\User\Desktop\~$Montgomery Letter Ledger.xlsx
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe

========== Files Created - No Company Name ==========

[2010/03/19 23:34:09 | 000,000,537 | ---- | C] () -- C:\Users\User\Desktop\ComboFix - Shortcut.lnk
[2010/03/19 22:58:53 | 3756,515,328 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/19 22:22:21 | 000,293,376 | ---- | C] () -- C:\Users\User\Desktop\gmer.exe
[2010/03/19 22:18:18 | 000,284,915 | ---- | C] () -- C:\Users\User\Desktop\gmer.zip
[2010/03/19 22:17:32 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2010/03/19 21:53:56 | 000,000,126 | ---- | C] () -- C:\Users\User\Desktop\c_cziYoC.htm.part.htm
[2010/03/19 21:53:31 | 000,525,824 | ---- | C] () -- C:\Users\User\Desktop\dds.scr
[2010/03/14 23:19:25 | 000,000,036 | ---- | C] () -- C:\Users\User\AppData\Local\housecall.guid.cache
[2010/03/14 21:57:54 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/14 20:51:05 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/14 20:51:04 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/14 20:51:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/14 20:51:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/14 20:51:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/14 20:40:44 | 000,000,162 | -H-- | C] () -- C:\Users\User\Desktop\~$iruses.docx
[2010/03/14 19:23:11 | 000,001,834 | ---- | C] () -- C:\Users\User\Desktop\HijackThis.lnk
[2010/03/13 14:31:35 | 000,162,785 | ---- | C] () -- C:\Users\User\Desktop\Viruses.docx
[2010/03/12 23:44:44 | 000,102,956 | ---- | C] () -- C:\Users\User\Desktop\Sky internet.jpg
[2010/03/12 22:12:12 | 000,000,165 | -H-- | C] () -- C:\Users\User\Desktop\~$Montgomery Letter Ledger.xlsx
[2010/01/11 15:56:36 | 000,004,096 | -H-- | C] () -- C:\Users\User\AppData\Local\keyfile3.drm
[2009/12/10 23:11:11 | 000,035,560 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/10 22:27:17 | 000,035,560 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/15 00:01:24 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/10/07 13:16:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/13 04:30:36 | 000,000,714 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/08/01 00:36:51 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/08/01 00:36:50 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/07/30 01:12:33 | 000,010,391 | ---- | C] () -- C:\Users\User\AppData\Roaming\Comma Separated Values (Windows).TSK
[2009/05/09 17:42:12 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/03/05 05:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/12 22:26:30 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/15 03:48:17 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2008/11/25 02:38:16 | 000,000,586 | ---- | C] () -- C:\Windows\Calendar.INI
[2008/11/20 13:53:48 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2008/11/20 13:22:23 | 000,002,885 | ---- | C] () -- C:\Users\User\AppData\Roaming\xobni_install.log
[2008/10/27 22:22:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/27 21:58:08 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008/09/23 11:59:54 | 000,038,429 | ---- | C] () -- C:\Users\User\AppData\Roaming\Comma Separated Values (Windows).ADR
[2008/09/21 16:16:24 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2008/09/19 04:09:33 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/06/23 21:17:32 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/05/18 00:58:35 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2008/05/17 00:55:58 | 000,138,576 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/05/17 00:55:57 | 000,022,328 | ---- | C] () -- C:\Users\User\AppData\Roaming\PnkBstrK.sys
[2008/05/14 16:36:14 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008/05/10 22:39:58 | 000,012,685 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/05/10 17:56:58 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/05/10 01:42:04 | 000,206,848 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/10 01:35:07 | 000,001,328 | ---- | C] () -- C:\Windows\TVP3XDrv.ini
[2008/05/09 18:08:28 | 000,000,558 | ---- | C] () -- C:\Windows\DFC.INI
[2008/05/08 01:31:59 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2007/01/12 22:50:00 | 000,215,144 | ---- | C] () -- C:\Windows\patchw32.dll
[2006/12/05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 12:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/04/28 15:34:24 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2005/07/22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2008/11/03 05:10:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Astro Gemini Software
[2010/03/04 07:46:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Birdstep Technology
[2008/10/28 04:16:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Blackberry Desktop
[2008/11/20 18:06:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\desksware
[2009/12/03 07:16:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2009/08/21 10:31:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreshDiagnose
[2009/05/22 19:49:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GarageGames
[2008/09/18 03:32:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GlarySoft
[2009/12/03 03:59:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2009/08/13 03:26:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView
[2009/11/21 19:16:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LimeWire
[2009/09/17 22:23:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Multi Edit Software
[2009/01/05 20:02:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NesterSoft
[2009/01/18 02:53:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ooVoo Details
[2009/02/09 00:44:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2008/05/10 01:37:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Peak Multimedia
[2009/02/07 04:06:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Red Alert 3
[2008/10/28 04:13:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Research In Motion
[2008/10/27 22:48:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2008/06/17 01:25:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SecondLife
[2009/12/19 21:03:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sports Interactive
[2010/03/14 20:56:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
[2009/12/10 20:52:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SystemRequirementsLab
[2009/01/05 00:19:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TERMINAL Studio
[2008/06/03 03:36:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
[2008/12/15 02:59:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Turbine
[2009/12/04 17:18:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/03/19 23:22:42 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/03/14 23:25:18 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/03/23 20:52:15 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7B6E1FD6-ED76-419D-ACF3-0809DCEC34F0}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/02/12 04:28:12 | 001,337,212 | ---- | M] () -- C:\MGtools.exe


< MD5 for: AGP440.SYS >
[2008/01/19 07:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 07:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 07:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 07:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 07:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 07:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 09:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2006/11/22 14:58:10 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2006/11/22 14:58:10 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2006/11/22 14:58:10 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/05/09 18:52:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/05/09 18:52:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/05/09 18:52:56 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 07:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 07:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 09:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 07:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 07:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 07:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 07:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 09:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

__________________________________________________

OTL Extras logfile created on: 23/03/2010 20:52:10 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\User\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 47.00% Memory free
7.00 Gb Paging File | 4.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 16.16 Gb Free Space | 3.47% Space Free | Partition Type: NTFS
Drive D: | 3.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1121BC74-BD47-4329-A10B-79007C6B5C7A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{112FB39E-DE23-489B-A629-864A74E0B55D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{1E4EFE9D-EA91-4E26-85B7-C7F7E66FB0AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E8F77DC-CC7C-4758-AE27-3ED667335197}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36A56892-40E1-47F5-8E00-F23134F992BD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{36E3E07D-8A11-4448-8354-A799D33BD8CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52B7DD79-37B4-4FA6-8D04-BA9545CA0D5F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{650CFBEB-9C5F-4686-86C5-FE4B76AC0B1B}" = lport=50459 | protocol=6 | dir=in | name=akamai netsession interface |
"{74F71E86-5610-47E9-9586-EB81802D77F2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{832F5450-85CE-4F21-89F3-284E30C09B58}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{97904AB9-675C-40D5-AAB5-798377759585}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97C00ACF-8673-4249-B515-80EDD6176068}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D88F22F-EE31-45CF-B42F-45165051ADFF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C30E060C-EFF0-435E-8D7B-24AE5E0FC85B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D19FFDD0-0931-425E-83F9-0FA16CC0D7BB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E42BA16D-A6C0-4AAE-90C9-601DDA451F4B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024AE424-2199-447B-833C-64F97CDEC438}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{0567CF8E-A81F-4F4B-915A-F6D981258DAF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0A835039-8F51-4A97-92FD-9FE06EF48788}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{0B0FC51B-7733-4BEB-A875-7F202667FA3E}" = protocol=17 | dir=in | app=c:\users\user\desktop\wowclient-downloader.exe |
"{1114660D-84B0-4651-A066-2931C81A015D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{16FBFB3C-3831-4BDC-B9CE-568E63E136D2}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{1B9BEC01-D2B3-4749-9757-D7237C0D2600}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D30390E-71AA-40A4-9EAA-B0EE6D541919}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1E420F6C-2070-40F7-97EF-A5F5920BA058}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{21AB7FCE-93A3-44BA-B88B-999DA834C05B}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{27B90494-AEFF-477A-92FD-72DE0BFBC10D}" = protocol=17 | dir=in | app=c:\program files\codemasters\grid\grid.exe |
"{334E8453-C11C-49AE-8816-208537D86F3D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{35193899-8CC7-4054-8405-22D5EF74F281}" = protocol=6 | dir=in | app=c:\program files\codemasters\grid\grid.exe |
"{38D25B2F-930E-4469-B62D-50C160DBD230}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{38E2F60B-0882-4DE8-A377-2FDFD4BE31F3}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{45735B00-D6A6-406A-93F8-B765540FBC2A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{48B0DF66-C52A-478C-83C0-07E8DC9A5D9E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4B752D66-24BB-479D-A4CC-39F2A1141104}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{4B8E4C37-D6E4-410A-836F-86575B3AEC1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51B9B3D4-0652-49DB-BEB2-8A9EDFC87C79}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5715FA14-9F81-47EF-9FC4-946E417F44E0}" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"{58271871-3700-415F-954C-1FED5068D4AC}" = protocol=6 | dir=in | app=c:\program files\a-squared free\a2free.exe |
"{5B3BFDEF-1148-4AB6-A475-D99B500CB610}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{61E31C5C-6E31-478C-AC56-545C3D0B494D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{67EC8262-B740-4B3D-BE4B-F2877B8481BB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6A16071F-384D-453D-A477-6FC59937163F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{6CD4BB66-9CAD-4EE6-AF2A-E129F1041C94}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7088E480-BA55-455F-B7E2-064E94E2951D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7519A03A-0E53-46FF-8118-3C96EB47759A}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{7940B19E-1F1B-45AE-A07D-145467D502B6}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{7A65C99F-9BF3-43E9-8499-F5DF1339B119}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{8524BB3E-AE8C-4C1D-847F-43CD9A1F16D4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89E02C7F-7F57-482F-9086-F7990CDCB539}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{8D5E4C04-1326-4E6B-A0BE-9DC57FC2810E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9115A615-4A2D-4024-849C-858C5AED6E0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93D9598D-BFAA-4722-8164-2D9A6B9145C3}" = protocol=6 | dir=in | app=c:\users\user\desktop\wowclient-downloader.exe |
"{9722FCF9-5E63-4CB7-9B83-9B42DEF2D0CC}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{995B067F-E067-4BFD-9827-1F2B894F6BE6}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{9EED5883-8FE0-41ED-A968-6243366982BF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9EFEC8A2-54BB-4077-BB01-6105751E378F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A4BFEA00-807E-42CD-B989-42567B0D4867}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{AF165468-4FF8-4A1E-BEA4-C96F57EC85CF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{AF524C10-FAE9-4C4C-B45A-EAAEBEE858F8}" = protocol=17 | dir=in | app=c:\program files\a-squared free\a2free.exe |
"{B4EE6713-C79E-4B53-906F-FD08EB16A13A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{B816FEBE-AF52-4457-AA88-3B8545BBD4A7}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{BACA60FB-3845-4751-A55D-EFA4C02BB3B9}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{C166886C-EDE5-4D03-8536-E1C3738CCB3D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C589137A-6496-4209-8930-8D0A3CA4472C}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{C7DA4217-BDEE-4D40-BDB4-DE3BBFA2CEC0}" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"{C873B180-7421-456F-9661-F9D5641974B4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{C8E7C569-0998-463C-9B1D-0E6504205B71}" = protocol=17 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe |
"{C982808A-B552-4E7B-9B2C-42C65E133670}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{CB094FBC-2942-4632-BC4C-927BE00809DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{D3E01EFE-A6D9-4296-884A-59BBBB79ED13}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D850DA2C-5A55-4A62-983B-D92AA5E562A5}" = protocol=17 | dir=in | app=c:\program files\superantispyware\superantispyware.exe |
"{D9B5CF07-1375-46FC-9D2B-47456CBA1C2C}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{DAAFF45E-3A61-41B1-A15D-58392B47B757}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{DB944E04-8040-494F-8EA6-8C9E4C4AB6BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC033DDC-3A44-4A41-ACF1-C4C2A3CC7780}" = protocol=6 | dir=in | app=c:\program files\superantispyware\superantispyware.exe |
"{DF675BFE-76BB-4BF8-AFE5-41D22903A223}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DF675C51-B86A-4AE3-9E81-6DE98805F5F0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E4DE7EB0-CD0B-4568-B18C-5B36BF3F75B4}" = protocol=6 | dir=out | app=system |
"{E67DFED5-5A21-421B-9363-DA4CCEE36B88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E796E778-E06B-4745-AD4C-F5B7845A092C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F1F7E91D-A950-4FE9-9AD9-B696091ADCCD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F763F464-B254-4595-80EE-020C03B3ACAE}" = protocol=6 | dir=in | app=c:\program files\thq\frontlines-fuel of war\binaries\ffow.exe |
"{F7C816FD-ACB2-48E5-8BF3-07D63C5ED987}" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{F8FAF5A6-2238-4503-B603-70DC34D78738}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{FC9D56AE-70F5-464D-A9E1-E92E3A429800}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{FF4A8620-4D97-4CDD-A5DF-310723CF4BF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0C221D2E-7DAC-4478-AE1B-31C8A4B6F08D}C:\program files\codemasters\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\the lord of the rings online\lotroclient.exe |
"TCP Query User{117F38C2-B2F1-467F-A713-00BEE27C453C}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{13BBA167-6F6B-4AA4-A08A-C87EE53689D4}C:\program files\business objects\businessobjects enterprise 12.0\win32_x86\cms.exe" = protocol=6 | dir=in | app=c:\program files\business objects\businessobjects enterprise 12.0\win32_x86\cms.exe |
"TCP Query User{2455B124-25AE-4097-937D-D1613548913E}C:\program files\coffeecup software\coffee.exe" = protocol=6 | dir=in | app=c:\program files\coffeecup software\coffee.exe |
"TCP Query User{3CFA24D8-74CD-4CA7-9426-1B51494C6ECB}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe |
"TCP Query User{5DEE32B8-EB95-409B-A5CA-3AAE0DD2F4DB}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{63070D0A-4EE6-4E45-BB5D-23B60BF5D9A8}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{680570F7-3249-4FE0-805D-2F64F8F9E0E4}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{78BA8644-9FE9-4EDB-8698-70485274A505}C:\program files\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"TCP Query User{7F3D9578-4633-49EC-9864-42AD5C7E2930}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{9CB905A2-06ED-4F2B-9772-F3F64ABF1D87}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{A748BE0C-1713-41C5-9F58-533FA2128394}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A8F7DA1B-DBD3-4ACB-8EAC-EECFE8CD6B4A}C:\program files\america's army deploy client\aadeployclient.exe" = protocol=6 | dir=in | app=c:\program files\america's army deploy client\aadeployclient.exe |
"TCP Query User{B20C9EE4-F2D3-4949-BC59-178DB130062C}C:\program files\invasion interactive ltd\rising eagle\bin\win32\risingeagle.exe" = protocol=6 | dir=in | app=c:\program files\invasion interactive ltd\rising eagle\bin\win32\risingeagle.exe |
"TCP Query User{D7B7FDDE-2FF5-424D-8C1C-2596DBA2D977}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"TCP Query User{EC6EBB0B-4590-400A-BDF4-A69C918CD2E7}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{EE88ED13-6CA4-41F4-A3F9-F35BC04C5BDA}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{08297EF6-1425-4563-89EA-A6D6B9DE44F8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1BE949AE-64AC-4F5E-98C8-3BFE63DB942D}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe |
"UDP Query User{25B833A7-2C83-4EB5-A8FB-7BB9310D56C3}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{293D534F-CB80-41E6-87BC-C5438D6BB4C5}C:\program files\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"UDP Query User{370D4B85-DA67-4FAD-ADDD-8CD6E63C2F8C}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{43AE7EE0-B7C4-4531-9B2E-B42A2970EC7E}C:\program files\invasion interactive ltd\rising eagle\bin\win32\risingeagle.exe" = protocol=17 | dir=in | app=c:\program files\invasion interactive ltd\rising eagle\bin\win32\risingeagle.exe |
"UDP Query User{4EFE3825-CFA4-4000-99B7-1BBE1E79F1D0}C:\program files\business objects\businessobjects enterprise 12.0\win32_x86\cms.exe" = protocol=17 | dir=in | app=c:\program files\business objects\businessobjects enterprise 12.0\win32_x86\cms.exe |
"UDP Query User{6A71E46D-139A-4A81-9360-737BB80780D5}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{83B9DDAA-31AF-4D9A-BD9E-8FACB6670F4B}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{97E0C993-2999-4DA0-A800-B88797B38C98}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{AE7F1245-AC47-41D8-A087-7A53ACCEF106}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{B5BBCA0D-CBEE-4380-96E9-01EB14E79E88}C:\program files\codemasters\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\the lord of the rings online\lotroclient.exe |
"UDP Query User{C5F0A869-6506-4A33-B462-2C2FE799547A}C:\program files\coffeecup software\coffee.exe" = protocol=17 | dir=in | app=c:\program files\coffeecup software\coffee.exe |
"UDP Query User{CC7A365D-B484-4C32-AF69-9898CD3B37A8}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{E39D9974-83B0-465B-813D-C1A39D5C0A6B}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{E847BBA0-C513-4261-8E59-A7CA85F5CC62}C:\program files\america's army deploy client\aadeployclient.exe" = protocol=17 | dir=in | app=c:\program files\america's army deploy client\aadeployclient.exe |
"UDP Query User{EAB5A7B8-8C28-498E-AB56-392D19AC6BB2}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07417369-6446-4AAB-A622-51244186CBCF}" = America's Army Server Manager
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
"{25EEC359-8639-4528-83F4-A5AC2DAD3B35}" = BiblePro
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2008B2-9C81-4122-BE3F-688B55FA55C5}" = Microsoft Report Viewer Redistributable 2005
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49F864F5-1A85-4E69-8764-C7E4EABD8BA0}" = Peak DVB-T Hybrid Utilities
"{4A11948E-8521-43B8-BBBD-5C24B804F0A3}" = Samsung PC Studio 3
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5418F914-1D31-4849-822C-314AC28B06BF}" = BusinessObjects Edge Series 3.1
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6088158A-5523-423E-BC38-F12C390EFD7A}_is1" = Windows Automation Macro Recorder 1.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AE9A059-6372-435D-A5FE-0568A3B67F19}" = HyperMediaCenter
"{6D6204C8-6B1D-4FBA-ADA9-CB6DFF9BF80D}" = America's Army Deploy Client
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7373184D-8E8F-4308-912A-3901071FA1AD}" = LightScribe Applications
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83E5FE05-31F4-FA91-BB29-3D987008BA49}" = TweetDeck
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8702416E-5CFD-4D48-9674-F0ED6AAC13BF}" = Serif WebPlus 7.0
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F0810-3619-4E86-9072-973FBE1679C5}" = QuickBooks Simple Start 2009
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"{A10F7877-4276-416C-9F22-CB56C0CB2700}" = Medieval - Total War - Gold Edition
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A88A583F-C329-4D7B-AEC4-FF391AA83797}" = Xcelsius 2008
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1B88D34-BC32-4F88-96F4-39CA6B579AC0}" = Global Trading System Pro
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BCFACF6D-86EC-4DB6-820B-F4916EB6B1CE}" = Rising Eagle
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN
"{D2A697A7-D95C-43C1-8A8D-647FC7186A15}" = WinEcon 7.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D740DD9E-F1A1-11D7-8756-00036D1A98A9}" = Weather Exchange
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E7394983-3869-46F4-A117-EB148F104D79}" = World Community Grid - BOINC for Windows
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}" = Microsoft WorldWide Telescope
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Akamai" = Akamai NetSession Interface
"a-squared Free_is1" = a-squared Free 4.5
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digsby" = Digsby
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.50
"FastStone Image Viewer" = FastStone Image Viewer 3.6
"FLV Player" = FLV Player 2.0 (build 25)
"Football Manager 2010" = Football Manager 2010
"ForecastX Wizard (Book Version) V6.0a" = ForecastX Wizard (Book Version) V6.0a
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreshDevices - FreshDiagnose_is1" = FreshDiagnose
"GIMPshop" = GIMPshop 2.2.8
"Glary Utilities_is1" = Glary Utilities 2.6.1
"Google Updater" = Google Updater
"Graph_is1" = Graph 4.3
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HTMLKit_is1" = HTML-Kit
"Huawei Modems" = Huawei modem
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"IObit Security 360_is1" = IObit Security 360
"IrfanView" = IrfanView (remove only)
"Kivi's Underworld Demo_is1" = Kivi's Underworld Demo 1.002
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire 5.3.6
"LogoSmartz 5.0 Trial" = LogoSmartz 5.0 Trial
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mario Forever" = Mario Forever 4.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird (2.0.0.14)" = Mozilla Thunderbird (2.0.0.14)
"Multi-Edit Lite for SAS 2008 (v11.04.00)" = Multi-Edit Lite for SAS 2008 (v11.04.00)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ObjectDock" = ObjectDock
"OpenAL" = OpenAL
"PC Pitstop Driver Alert2_is1" = PC Pitstop Driver Alert2 2.0.0.0
"PictureGear 4.1Lite" = PictureGear 4.1Lite
"ProcessScanner_is1" = Uniblue ProcessScanner
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"Rise And Fall" = Rise And Fall (remove only)
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SecondLife" = SecondLife (remove only)
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Spotify" = Spotify
"ST6UNST #1" = Grau Software CountDown 8.01
"ST6UNST #2" = Karen's Alarm Clock
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TIMELEFT3_is1" = TimeLeft
"TridentSoftwareRapid-Pi_is1" = Rapid-Pi 2.01
"TVP3XDrv" = Peak DVB-T Hybrid BDA Driver
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"twkmastr1_is1" = TweakMASTER
"ULTIMATER" = Microsoft Office Ultimate 2007
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"VirtualCloneDrive" = VirtualCloneDrive
"WebCEO70_is1" = Web CEO 8.0
"WinGimp-2.0_is1" = Gimp 2.6.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WordWeb" = WordWeb
"Xfire" = Xfire (remove only)
"XobniMain" = Xobni
"XpertVision_is1" = XpertVision 6.1
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:56 AM

Posted 25 March 2010 - 12:48 PM

Hi,

Did you set this proxy?

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = wwwcache.bris.ac.uk:8080



  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 shaamoney

shaamoney
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 27 March 2010 - 10:14 AM

One problem I encountered was that it restarted after the scan. I am unsure how this will affect the analysis you are performing. My apologies if this was an error.


15:01:43:852 1020 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
15:01:43:852 1020 ================================================================================
15:01:43:852 1020 SystemInfo:

15:01:43:852 1020 OS Version: 6.0.6002 ServicePack: 2.0
15:01:43:852 1020 Product type: Workstation
15:01:43:852 1020 ComputerName: USER-PC
15:01:43:852 1020 UserName: User
15:01:43:852 1020 Windows directory: C:\Windows
15:01:43:852 1020 Processor architecture: Intel x86
15:01:43:852 1020 Number of processors: 4
15:01:43:852 1020 Page size: 0x1000
15:01:43:852 1020 Boot type: Normal boot
15:01:43:852 1020 ================================================================================
15:01:43:852 1020 UnloadDriverW: NtUnloadDriver error 2
15:01:43:852 1020 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
15:01:45:755 1020 wfopen_ex: Trying to open file C:\Windows\system32\config\system
15:01:45:755 1020 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:01:45:755 1020 wfopen_ex: Trying to KLMD file open
15:01:45:755 1020 wfopen_ex: File opened ok (Flags 2)
15:01:45:771 1020 wfopen_ex: Trying to open file C:\Windows\system32\config\software
15:01:45:771 1020 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
15:01:45:771 1020 wfopen_ex: Trying to KLMD file open
15:01:45:771 1020 wfopen_ex: File opened ok (Flags 2)
15:01:45:771 1020 Initialize success
15:01:45:771 1020
15:01:45:771 1020 Scanning Services ...
15:01:47:034 1020 Raw services enum returned 486 services
15:01:47:050 1020
15:01:47:050 1020 Scanning Kernel memory ...
15:01:47:050 1020 Devices to scan: 1
15:01:47:050 1020
15:01:47:050 1020 Driver Name: atapi
15:01:47:050 1020 IRP_MJ_CREATE : 807979B0
15:01:47:050 1020 IRP_MJ_CREATE_NAMED_PIPE : 807979B0
15:01:47:050 1020 IRP_MJ_CLOSE : 807979B0
15:01:47:050 1020 IRP_MJ_READ : 807979B0
15:01:47:050 1020 IRP_MJ_WRITE : 807979B0
15:01:47:050 1020 IRP_MJ_QUERY_INFORMATION : 807979B0
15:01:47:050 1020 IRP_MJ_SET_INFORMATION : 807979B0
15:01:47:050 1020 IRP_MJ_QUERY_EA : 807979B0
15:01:47:050 1020 IRP_MJ_SET_EA : 807979B0
15:01:47:050 1020 IRP_MJ_FLUSH_BUFFERS : 807979B0
15:01:47:050 1020 IRP_MJ_QUERY_VOLUME_INFORMATION : 807979B0
15:01:47:050 1020 IRP_MJ_SET_VOLUME_INFORMATION : 807979B0
15:01:47:050 1020 IRP_MJ_DIRECTORY_CONTROL : 807979B0
15:01:47:050 1020 IRP_MJ_FILE_SYSTEM_CONTROL : 807979B0
15:01:47:050 1020 IRP_MJ_DEVICE_CONTROL : 807979B0
15:01:47:050 1020 IRP_MJ_INTERNAL_DEVICE_CONTROL : 807979B0
15:01:47:050 1020 IRP_MJ_SHUTDOWN : 807979B0
15:01:47:050 1020 IRP_MJ_LOCK_CONTROL : 807979B0
15:01:47:050 1020 IRP_MJ_CLEANUP : 807979B0
15:01:47:050 1020 IRP_MJ_CREATE_MAILSLOT : 807979B0
15:01:47:050 1020 IRP_MJ_QUERY_SECURITY : 807979B0
15:01:47:050 1020 IRP_MJ_SET_SECURITY : 807979B0
15:01:47:050 1020 IRP_MJ_POWER : 807979B0
15:01:47:050 1020 IRP_MJ_SYSTEM_CONTROL : 807979B0
15:01:47:050 1020 IRP_MJ_DEVICE_CHANGE : 807979B0
15:01:47:050 1020 IRP_MJ_QUERY_QUOTA : 807979B0
15:01:47:050 1020 IRP_MJ_SET_QUOTA : 807979B0
15:01:47:050 1020 Driver "atapi" infected by TDSS rootkit!
15:01:47:066 1020 C:\Windows\system32\drivers\atapi.sys - Verdict: 1
15:01:47:066 1020 File "C:\Windows\system32\drivers\atapi.sys" infected by TDSS rootkit ... 15:01:47:066 1020 Processing driver file: C:\Windows\system32\drivers\atapi.sys
15:01:54:257 1020 vfvi6
15:01:54:351 1020 dsvbh1
15:01:58:672 1020 fdfb1
15:01:58:672 1020 Backup copy found, using it..
15:01:58:703 1020 will be cured on next reboot
15:01:58:703 1020 Reboot required for cure complete..
15:01:58:750 1020 Cure on reboot scheduled successfully
15:01:58:750 1020
15:01:58:750 1020 Completed
15:01:58:750 1020
15:01:58:750 1020 Results:
15:01:58:750 1020 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
15:01:58:750 1020 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:01:58:750 1020 File objects infected / cured / cured on reboot: 1 / 0 / 1
15:01:58:750 1020
15:01:58:750 1020 fclose_ex: Trying to close file C:\Windows\system32\config\system
15:01:58:750 1020 fclose_ex: Trying to close file C:\Windows\system32\config\software
15:01:58:750 1020 UnloadDriverW: NtUnloadDriver error 1
15:01:58:750 1020 KLMD(ARK) unloaded successfully


#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:56 AM

Posted 27 March 2010 - 10:17 AM

Hi,

Looks good, please open OTL and set the extra registry tab to use safe list, post back with the 2 logfiles. How is your system running?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 shaamoney

shaamoney
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 27 March 2010 - 12:49 PM

Hi Schrauber,

System seems fine, but I am not 100% (paranoia I think!)

Do you want me to run OTL with the same custom scan?

netsvcs
%SYSTEMDRIVE%\*.exe
safebootminimal
safebootnetwork
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s

Do you want me to click "Run Scan" or "Quick Scan"?

#13 shaamoney

shaamoney
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 27 March 2010 - 12:56 PM

Results of Quick Scan

OTL logfile created on: 27/03/2010 17:47:41 - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\User\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 16.43 Gb Free Space | 3.53% Space Free | Partition Type: NTFS
Drive D: | 3.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/27 15:08:48 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/23 20:51:19 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2010/01/28 21:22:16 | 003,427,160 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360.exe
PRC - [2009/12/24 17:02:32 | 001,280,272 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360tray.exe
PRC - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/11/20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/13 18:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/10/06 16:56:34 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/08/06 00:17:24 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/10 20:26:02 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 15:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/25 02:40:48 | 000,049,248 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Business Objects\javasdk\bin\java.exe
PRC - [2009/01/26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/09/26 14:39:08 | 001,658,880 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\WIReportServer.exe
PRC - [2008/09/26 14:33:08 | 004,694,016 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\fcproc.exe
PRC - [2008/09/26 14:33:08 | 004,694,016 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\fccache.exe
PRC - [2008/09/26 14:33:08 | 004,694,016 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\crproc.exe
PRC - [2008/09/26 14:33:08 | 004,694,016 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\crcache.exe
PRC - [2008/09/26 14:32:28 | 000,831,488 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\JobServer.exe
PRC - [2008/09/26 14:32:22 | 000,770,048 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\fileserver.exe
PRC - [2008/09/26 14:32:08 | 000,827,392 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\EventServer.exe
PRC - [2008/09/26 14:31:54 | 001,978,368 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\CMS.exe
PRC - [2008/09/26 14:26:04 | 004,538,368 | ---- | M] () -- C:\Program Files\Business Objects\MySQL5\bin\mysqld-nt.exe
PRC - [2008/09/26 14:23:44 | 000,053,248 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\sia.exe
PRC - [2008/09/26 14:17:08 | 001,040,384 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AASPC.exe
PRC - [2008/09/26 14:17:06 | 004,685,824 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AAAnalytics.exe
PRC - [2008/09/26 14:17:06 | 003,571,712 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AARepoMgt.exe
PRC - [2008/09/26 14:17:06 | 003,076,096 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AAQueryMgr.exe
PRC - [2008/09/26 14:17:06 | 002,031,616 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AARules.exe
PRC - [2008/09/26 14:17:04 | 001,667,072 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AADMining.exe
PRC - [2008/09/26 14:17:04 | 001,449,984 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AADashboard.exe
PRC - [2008/09/26 14:17:04 | 001,040,384 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AAProfiler.exe
PRC - [2008/09/26 14:17:04 | 000,983,040 | ---- | M] (Business Objects Americas) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\AAMetrics.exe
PRC - [2008/09/26 13:58:54 | 000,381,440 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\crystalras.exe
PRC - [2008/09/26 13:56:42 | 001,676,000 | ---- | M] (Business Objects) -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\ConnectionServer.exe
PRC - [2006/10/31 21:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe


========== Modules (SafeList) ==========

MOD - [2010/03/23 20:51:19 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
MOD - [2009/04/11 06:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/12 20:03:55 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/12 19:58:59 | 002,462,256 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3648.dll -- (Akamai)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/12/16 19:39:02 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/20 19:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/11/13 18:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/10/06 16:56:34 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/08/06 00:17:24 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/26 09:26:20 | 000,085,504 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/06/10 20:26:02 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/09/26 14:26:04 | 004,538,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Business Objects\MySQL5\bin\mysqld-nt.exe -- (BOE120MySQL)
SRV - [2008/09/26 14:23:44 | 000,053,248 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\win32_x86\sia.exe -- (BOE120SIAUSERPC) Server Intelligence Agent (USERPC)
SRV - [2008/09/10 22:37:36 | 000,024,576 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/31 21:40:16 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = wwwcache.bris.ac.uk:8080

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.04
FF - prefs.js..extensions.enabledItems: iaplayer@instantaction.com:0.4.1.1
FF - prefs.js..extensions.enabledItems: {5C5F7695-9DEB-41a3-ADDE-948C7555AEC1}:0.1.6
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
FF - prefs.js..extensions.enabledItems: statusbar@toodledo.com:1.60
FF - prefs.js..network.proxy.autoconfig_url: "http://wwwcache.bris.ac.uk/autoconfig"
FF - prefs.js..network.proxy.type: 2


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/27 15:09:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/27 15:09:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/12/02 19:02:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/01/04 23:22:28 | 000,000,000 | ---D | M]

[2009/06/20 02:33:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009/06/20 02:33:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/03/20 20:41:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions
[2009/12/20 10:48:00 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/08/13 03:48:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/16 04:20:57 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/07/04 00:21:42 | 000,000,000 | ---D | M] (MyBristol Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\{5C5F7695-9DEB-41a3-ADDE-948C7555AEC1}
[2009/01/26 09:13:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/05 14:29:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/05/18 16:37:55 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/11/05 14:29:51 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/05/22 19:47:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\iaplayer@instantaction.com
[2009/08/02 21:15:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pagocf12.default\extensions\statusbar@toodledo.com
[2008/05/11 16:44:49 | 000,000,891 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\pagocf12.default\searchplugins\dictionarycom.xml
[2009/05/20 23:39:03 | 000,000,945 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\FireFox\Profiles\pagocf12.default\searchplugins\youtube-video-search.xml
[2010/03/20 20:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/02/04 17:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/08/17 21:00:37 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/17 21:00:39 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/17 21:00:39 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/17 21:00:39 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/03/13 12:03:24 | 000,365,820 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12614 more lines...
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (TweakMASTER Component) - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\Program Files\TweakMASTER\TweakBHO.dll (Hagel Technologies Ltd)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...ivex-latest.cab (DownloadManager Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/14 23:23:45 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2009/10/07 20:14:39 | 000,000,035 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/27 15:01:16 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Users\User\Desktop\TDSSKiller.exe
[2010/03/23 20:51:17 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/03/20 00:22:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/03/20 00:22:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\temp
[2010/03/19 23:35:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/03/19 23:35:30 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/03/14 23:23:40 | 000,000,000 | ---D | C] -- C:\Autoruns
[2010/03/14 21:57:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/14 21:57:45 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/14 21:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/14 20:51:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/03/14 20:51:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/03/14 19:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

========== Files - Modified Within 14 Days ==========

[2010/03/27 17:51:44 | 009,175,040 | -HS- | M] () -- C:\Users\User\NTUSER.DAT
[2010/03/27 17:39:44 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B6E1FD6-ED76-419D-ACF3-0809DCEC34F0}.job
[2010/03/27 17:12:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1553740332-3321730226-973910935-1000UA.job
[2010/03/27 17:05:38 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/27 17:05:38 | 000,004,176 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/27 17:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/27 15:09:56 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/27 15:05:59 | 000,035,560 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/27 15:05:58 | 000,035,560 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/27 15:05:48 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/27 15:05:48 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/03/27 15:05:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/27 15:05:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/27 15:04:58 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/27 15:02:33 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms
[2010/03/27 15:02:33 | 000,065,536 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf
[2010/03/27 15:02:31 | 004,068,055 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2010/03/27 04:12:00 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1553740332-3321730226-973910935-1000Core.job
[2010/03/24 07:58:48 | 014,992,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/24 07:58:48 | 000,681,978 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2010/03/24 07:58:48 | 000,678,972 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2010/03/24 07:58:48 | 000,678,476 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2010/03/24 07:58:48 | 000,678,428 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2010/03/24 07:58:48 | 000,675,162 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2010/03/24 07:58:48 | 000,669,214 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2010/03/24 07:58:48 | 000,658,944 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2010/03/24 07:58:48 | 000,633,416 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010/03/24 07:58:48 | 000,621,560 | ---- | M] () -- C:\Windows\System32\perfh00E.dat
[2010/03/24 07:58:48 | 000,614,328 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010/03/24 07:58:48 | 000,613,056 | ---- | M] () -- C:\Windows\System32\perfh01D.dat
[2010/03/24 07:58:48 | 000,611,174 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/24 07:58:48 | 000,605,384 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2010/03/24 07:58:48 | 000,570,632 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2010/03/24 07:58:48 | 000,531,280 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/03/24 07:58:48 | 000,467,400 | ---- | M] () -- C:\Windows\System32\perfh014.dat
[2010/03/24 07:58:48 | 000,454,540 | ---- | M] () -- C:\Windows\System32\perfh001.dat
[2010/03/24 07:58:48 | 000,451,290 | ---- | M] () -- C:\Windows\System32\perfh00B.dat
[2010/03/24 07:58:48 | 000,406,762 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2010/03/24 07:58:48 | 000,393,478 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2010/03/24 07:58:48 | 000,373,326 | ---- | M] () -- C:\Windows\System32\perfh00D.dat
[2010/03/24 07:58:48 | 000,347,082 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2010/03/24 07:58:48 | 000,336,080 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2010/03/24 07:58:48 | 000,151,480 | ---- | M] () -- C:\Windows\System32\perfc00E.dat
[2010/03/24 07:58:48 | 000,137,970 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2010/03/24 07:58:48 | 000,137,534 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2010/03/24 07:58:48 | 000,136,990 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2010/03/24 07:58:48 | 000,135,926 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2010/03/24 07:58:48 | 000,135,138 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2010/03/24 07:58:48 | 000,131,860 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010/03/24 07:58:48 | 000,131,634 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2010/03/24 07:58:48 | 000,129,520 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2010/03/24 07:58:48 | 000,126,552 | ---- | M] () -- C:\Windows\System32\perfc01D.dat
[2010/03/24 07:58:48 | 000,124,836 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2010/03/24 07:58:48 | 000,124,532 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010/03/24 07:58:48 | 000,109,982 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2010/03/24 07:58:48 | 000,109,982 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/24 07:58:48 | 000,109,820 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2010/03/24 07:58:48 | 000,109,814 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2010/03/24 07:58:48 | 000,109,750 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2010/03/24 07:58:48 | 000,098,586 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2010/03/24 07:58:48 | 000,090,380 | ---- | M] () -- C:\Windows\System32\perfc00B.dat
[2010/03/24 07:58:48 | 000,090,104 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/03/24 07:58:48 | 000,087,130 | ---- | M] () -- C:\Windows\System32\perfc001.dat
[2010/03/24 07:58:48 | 000,085,478 | ---- | M] () -- C:\Windows\System32\perfc014.dat
[2010/03/24 07:58:48 | 000,077,326 | ---- | M] () -- C:\Windows\System32\perfc00D.dat
[2010/03/23 20:51:19 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010/03/22 10:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Users\User\Desktop\TDSSKiller.exe
[2010/03/20 00:06:24 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/03/19 23:34:09 | 000,000,537 | ---- | M] () -- C:\Users\User\Desktop\ComboFix - Shortcut.lnk
[2010/03/19 22:18:18 | 000,284,915 | ---- | M] () -- C:\Users\User\Desktop\gmer.zip
[2010/03/19 22:17:33 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2010/03/19 21:53:58 | 000,000,126 | ---- | M] () -- C:\Users\User\Desktop\c_cziYoC.htm.part.htm
[2010/03/19 21:53:34 | 000,525,824 | ---- | M] () -- C:\Users\User\Desktop\dds.scr
[2010/03/14 23:19:25 | 000,000,036 | ---- | M] () -- C:\Users\User\AppData\Local\housecall.guid.cache
[2010/03/14 22:17:32 | 000,001,356 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2010/03/14 21:57:54 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/14 20:40:44 | 000,000,162 | -H-- | M] () -- C:\Users\User\Desktop\~$iruses.docx
[2010/03/14 19:34:08 | 000,162,785 | ---- | M] () -- C:\Users\User\Desktop\Viruses.docx
[2010/03/14 19:23:11 | 000,001,834 | ---- | M] () -- C:\Users\User\Desktop\HijackThis.lnk

========== Files Created - No Company Name ==========

[2010/03/19 23:34:09 | 000,000,537 | ---- | C] () -- C:\Users\User\Desktop\ComboFix - Shortcut.lnk
[2010/03/19 22:58:53 | 3756,515,328 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/19 22:22:21 | 000,293,376 | ---- | C] () -- C:\Users\User\Desktop\gmer.exe
[2010/03/19 22:18:18 | 000,284,915 | ---- | C] () -- C:\Users\User\Desktop\gmer.zip
[2010/03/19 22:17:32 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2010/03/19 21:53:56 | 000,000,126 | ---- | C] () -- C:\Users\User\Desktop\c_cziYoC.htm.part.htm
[2010/03/19 21:53:31 | 000,525,824 | ---- | C] () -- C:\Users\User\Desktop\dds.scr
[2010/03/14 23:19:25 | 000,000,036 | ---- | C] () -- C:\Users\User\AppData\Local\housecall.guid.cache
[2010/03/14 21:57:54 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/14 20:51:05 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/03/14 20:51:04 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/03/14 20:51:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/03/14 20:51:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/03/14 20:51:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/03/14 20:40:44 | 000,000,162 | -H-- | C] () -- C:\Users\User\Desktop\~$iruses.docx
[2010/03/14 19:23:11 | 000,001,834 | ---- | C] () -- C:\Users\User\Desktop\HijackThis.lnk
[2010/01/11 15:56:36 | 000,004,096 | -H-- | C] () -- C:\Users\User\AppData\Local\keyfile3.drm
[2009/12/10 23:11:11 | 000,035,560 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/10 22:27:17 | 000,035,560 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/15 00:01:24 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/10/07 13:16:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/13 04:30:36 | 000,000,714 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/08/01 00:36:51 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/08/01 00:36:50 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/07/30 01:12:33 | 000,010,391 | ---- | C] () -- C:\Users\User\AppData\Roaming\Comma Separated Values (Windows).TSK
[2009/05/09 17:42:12 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/03/05 05:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/12 22:26:30 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/15 03:48:17 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2008/11/25 02:38:16 | 000,000,586 | ---- | C] () -- C:\Windows\Calendar.INI
[2008/11/20 13:53:48 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2008/11/20 13:22:23 | 000,002,885 | ---- | C] () -- C:\Users\User\AppData\Roaming\xobni_install.log
[2008/10/27 22:22:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/27 21:58:08 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008/09/23 11:59:54 | 000,038,429 | ---- | C] () -- C:\Users\User\AppData\Roaming\Comma Separated Values (Windows).ADR
[2008/09/21 16:16:24 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2008/09/19 04:09:33 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/06/23 21:17:32 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/05/18 00:58:35 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat
[2008/05/17 00:55:58 | 000,138,576 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/05/17 00:55:57 | 000,022,328 | ---- | C] () -- C:\Users\User\AppData\Roaming\PnkBstrK.sys
[2008/05/14 16:36:14 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008/05/10 22:39:58 | 000,012,685 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/05/10 17:56:58 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008/05/10 01:42:04 | 000,206,848 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/10 01:35:07 | 000,001,328 | ---- | C] () -- C:\Windows\TVP3XDrv.ini
[2008/05/09 18:08:28 | 000,000,558 | ---- | C] () -- C:\Windows\DFC.INI
[2008/05/08 01:31:59 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2007/01/12 22:50:00 | 000,215,144 | ---- | C] () -- C:\Windows\patchw32.dll
[2006/12/05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 12:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/04/28 15:34:24 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2005/07/22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2008/11/03 05:10:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Astro Gemini Software
[2010/03/04 07:46:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Birdstep Technology
[2008/10/28 04:16:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Blackberry Desktop
[2008/11/20 18:06:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\desksware
[2009/12/03 07:16:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2009/08/21 10:31:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreshDiagnose
[2009/05/22 19:49:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GarageGames
[2008/09/18 03:32:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GlarySoft
[2009/12/03 03:59:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2009/08/13 03:26:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\IrfanView
[2009/11/21 19:16:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LimeWire
[2009/09/17 22:23:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Multi Edit Software
[2009/01/05 20:02:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NesterSoft
[2009/01/18 02:53:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ooVoo Details
[2009/02/09 00:44:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2008/05/10 01:37:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Peak Multimedia
[2009/02/07 04:06:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Red Alert 3
[2008/10/28 04:13:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Research In Motion
[2008/10/27 22:48:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2008/06/17 01:25:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SecondLife
[2009/12/19 21:03:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sports Interactive
[2010/03/14 20:56:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
[2009/12/10 20:52:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SystemRequirementsLab
[2009/01/05 00:19:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TERMINAL Studio
[2008/06/03 03:36:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
[2008/12/15 02:59:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Turbine
[2009/12/04 17:18:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/03/27 15:05:48 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/03/27 15:03:08 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/03/27 17:39:44 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7B6E1FD6-ED76-419D-ACF3-0809DCEC34F0}.job

========== Purity Check ==========


< End of report >

OTL Extras logfile created on: 27/03/2010 17:47:41 - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\User\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 16.43 Gb Free Space | 3.53% Space Free | Partition Type: NTFS
Drive D: | 3.35 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-PC
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1121BC74-BD47-4329-A10B-79007C6B5C7A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{112FB39E-DE23-489B-A629-864A74E0B55D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{1E4EFE9D-EA91-4E26-85B7-C7F7E66FB0AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E8F77DC-CC7C-4758-AE27-3ED667335197}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36A56892-40E1-47F5-8E00-F23134F992BD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{36E3E07D-8A11-4448-8354-A799D33BD8CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3707FD01-2282-4F1D-B54F-A122A9F3BC40}" = lport=57987 | protocol=6 | dir=in | name=akamai netsession interface |
"{52B7DD79-37B4-4FA6-8D04-BA9545CA0D5F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73719732-1B72-4011-9954-EA20A55982CB}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{74F71E86-5610-47E9-9586-EB81802D77F2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{97904AB9-675C-40D5-AAB5-798377759585}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97C00ACF-8673-4249-B515-80EDD6176068}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D88F22F-EE31-45CF-B42F-45165051ADFF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C30E060C-EFF0-435E-8D7B-24AE5E0FC85B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D19FFDD0-0931-425E-83F9-0FA16CC0D7BB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E42BA16D-A6C0-4AAE-90C9-601DDA451F4B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024AE424-2199-447B-833C-64F97CDEC438}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{0567CF8E-A81F-4F4B-915A-F6D981258DAF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0A835039-8F51-4A97-92FD-9FE06EF48788}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{0B0FC51B-7733-4BEB-A875-7F202667FA3E}" = protocol=17 | dir=in | app=c:\users\user\desktop\wowclient-downloader.exe |
"{1114660D-84B0-4651-A066-2931C81A015D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{16FBFB3C-3831-4BDC-B9CE-568E63E136D2}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{1A4396B2-4529-4EE2-B98E-E43BB57E79C7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{1B9BEC01-D2B3-4749-9757-D7237C0D2600}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D30390E-71AA-40A4-9EAA-B0EE6D541919}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1E420F6C-2070-40F7-97EF-A5F5920BA058}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{21AB7FCE-93A3-44BA-B88B-999DA834C05B}" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe |
"{27B90494-AEFF-477A-92FD-72DE0BFBC10D}" = protocol=17 | dir=in | app=c:\program files\codemasters\grid\grid.exe |
"{334E8453-C11C-49AE-8816-208537D86F3D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{35193899-8CC7-4054-8405-22D5EF74F281}" = protocol=6 | dir=in | app=c:\program files\codemasters\grid\grid.exe |
"{38D25B2F-930E-4469-B62D-50C160DBD230}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{38E2F60B-0882-4DE8-A377-2FDFD4BE31F3}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{45735B00-D6A6-406A-93F8-B765540FBC2A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{48B0DF66-C52A-478C-83C0-07E8DC9A5D9E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4B752D66-24BB-479D-A4CC-39F2A1141104}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{4B8E4C37-D6E4-410A-836F-86575B3AEC1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51B9B3D4-0652-49DB-BEB2-8A9EDFC87C79}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5715FA14-9F81-47EF-9FC4-946E417F44E0}" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
"{58271871-3700-415F-954C-1FED5068D4AC}" = protocol=6 | dir=in | app=c:\program files\a-squared free\a2free.exe |
"{5B3BFDEF-1148-4AB6-A475-D99B500CB610}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{61E31C5C-6E31-478C-AC56-545C3D0B494D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{67EC8262-B740-4B3D-BE4B-F2877B8481BB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6A16071F-384D-453D-A477-6FC59937163F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{6CD4BB66-9CAD-4EE6-AF2A-E129F1041C94}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{7088E480-BA55-455F-B7E2-064E94E2951D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7519A03A-0E53-46FF-8118-3C96EB47759A}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{7940B19E-1F1B-45AE-A07D-145467D502B6}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{7A65C99F-9BF3-43E9-8499-F5DF1339B119}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{8524BB3E-AE8C-4C1D-847F-43CD9A1F16D4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{89E02C7F-7F57-482F-9086-F7990CDCB539}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{8D5E4C04-1326-4E6B-A0BE-9DC57FC2810E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{9115A615-4A2D-4024-849C-858C5AED6E0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93D9598D-BFAA-4722-8164-2D9A6B9145C3}" = protocol=6 | dir=in | app=c:\users\user\desktop\wowclient-downloader.exe |
"{9722FCF9-5E63-4CB7-9B83-9B42DEF2D0CC}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{995B067F-E067-4BFD-9827-1F2B894F6BE6}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{9EED5883-8FE0-41ED-A968-6243366982BF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9EFEC8A2-54BB-4077-BB01-6105751E378F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"UDP Query User{C5F0A869-6506-4A33-B462-2C2FE799547A}C:\program files\coffeecup software\coffee.exe" = protocol=17 | dir=in | app=c:\program files\coffeecup software\coffee.exe |
"UDP Query User{CC7A365D-B484-4C32-AF69-9898CD3B37A8}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{E39D9974-83B0-465B-813D-C1A39D5C0A6B}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{E847BBA0-C513-4261-8E59-A7CA85F5CC62}C:\program files\america's army deploy client\aadeployclient.exe" = protocol=17 | dir=in | app=c:\program files\america's army deploy client\aadeployclient.exe |
"UDP Query User{EAB5A7B8-8C28-498E-AB56-392D19AC6BB2}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07417369-6446-4AAB-A622-51244186CBCF}" = America's Army Server Manager
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
"{25EEC359-8639-4528-83F4-A5AC2DAD3B35}" = BiblePro
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2008B2-9C81-4122-BE3F-688B55FA55C5}" = Microsoft Report Viewer Redistributable 2005
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49F864F5-1A85-4E69-8764-C7E4EABD8BA0}" = Peak DVB-T Hybrid Utilities
"{4A11948E-8521-43B8-BBBD-5C24B804F0A3}" = Samsung PC Studio 3
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5418F914-1D31-4849-822C-314AC28B06BF}" = BusinessObjects Edge Series 3.1
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5E06C076-E4E7-4239-A886-B3D8AC84C166}" = HP Print Diagnostic Utility
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6088158A-5523-423E-BC38-F12C390EFD7A}_is1" = Windows Automation Macro Recorder 1.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F0AC35-4805-44BC-A3D4-347D4196F9B3}" = Microsoft Xbox 360 Accessories 1.1
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AE9A059-6372-435D-A5FE-0568A3B67F19}" = HyperMediaCenter
"{6D6204C8-6B1D-4FBA-ADA9-CB6DFF9BF80D}" = America's Army Deploy Client
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7373184D-8E8F-4308-912A-3901071FA1AD}" = LightScribe Applications
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83E5FE05-31F4-FA91-BB29-3D987008BA49}" = TweetDeck
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8702416E-5CFD-4D48-9674-F0ED6AAC13BF}" = Serif WebPlus 7.0
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{E1C33B03-3FE9-45BF-91E4-0266F38618C6}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F0810-3619-4E86-9072-973FBE1679C5}" = QuickBooks Simple Start 2009
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"{A10F7877-4276-416C-9F22-CB56C0CB2700}" = Medieval - Total War - Gold Edition
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A88A583F-C329-4D7B-AEC4-FF391AA83797}" = Xcelsius 2008
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1B88D34-BC32-4F88-96F4-39CA6B579AC0}" = Global Trading System Pro
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BCFACF6D-86EC-4DB6-820B-F4916EB6B1CE}" = Rising Eagle
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C711E88C-9DC2-4254-A989-D6E017844DDF}" = Frontlines: Fuel of War
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D24DDB61-8868-46CF-BC36-BECC1674F0C1}" = Creative ZEN
"{D2A697A7-D95C-43C1-8A8D-647FC7186A15}" = WinEcon 7.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D740DD9E-F1A1-11D7-8756-00036D1A98A9}" = Weather Exchange
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E7394983-3869-46F4-A117-EB148F104D79}" = World Community Grid - BOINC for Windows
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}" = Microsoft WorldWide Telescope
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Akamai" = Akamai NetSession Interface
"a-squared Free_is1" = a-squared Free 4.5
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Digsby" = Digsby
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.50
"FastStone Image Viewer" = FastStone Image Viewer 3.6
"FLV Player" = FLV Player 2.0 (build 25)
"Football Manager 2010" = Football Manager 2010
"ForecastX Wizard (Book Version) V6.0a" = ForecastX Wizard (Book Version) V6.0a
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreshDevices - FreshDiagnose_is1" = FreshDiagnose
"GIMPshop" = GIMPshop 2.2.8
"Glary Utilities_is1" = Glary Utilities 2.6.1
"Google Updater" = Google Updater
"Graph_is1" = Graph 4.3
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HTMLKit_is1" = HTML-Kit
"Huawei Modems" = Huawei modem
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty® - World at War™ 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"IObit Security 360_is1" = IObit Security 360
"IrfanView" = IrfanView (remove only)
"Kivi's Underworld Demo_is1" = Kivi's Underworld Demo 1.002
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire 5.3.6
"LogoSmartz 5.0 Trial" = LogoSmartz 5.0 Trial
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mario Forever" = Mario Forever 4.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Mozilla Thunderbird (2.0.0.14)" = Mozilla Thunderbird (2.0.0.14)
"Multi-Edit Lite for SAS 2008 (v11.04.00)" = Multi-Edit Lite for SAS 2008 (v11.04.00)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ObjectDock" = ObjectDock
"OpenAL" = OpenAL
"PC Pitstop Driver Alert2_is1" = PC Pitstop Driver Alert2 2.0.0.0
"PictureGear 4.1Lite" = PictureGear 4.1Lite
"ProcessScanner_is1" = Uniblue ProcessScanner
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"Rise And Fall" = Rise And Fall (remove only)
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SecondLife" = SecondLife (remove only)
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Spotify" = Spotify
"ST6UNST #1" = Grau Software CountDown 8.01
"ST6UNST #2" = Karen's Alarm Clock
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
"TIMELEFT3_is1" = TimeLeft
"TridentSoftwareRapid-Pi_is1" = Rapid-Pi 2.01
"TVP3XDrv" = Peak DVB-T Hybrid BDA Driver
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"twkmastr1_is1" = TweakMASTER
"ULTIMATER" = Microsoft Office Ultimate 2007
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
"VirtualCloneDrive" = VirtualCloneDrive
"WebCEO70_is1" = Web CEO 8.0
"WinGimp-2.0_is1" = Gimp 2.6.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WordWeb" = WordWeb
"Xfire" = Xfire (remove only)
"XobniMain" = Xobni
"XpertVision_is1" = XpertVision 6.1
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Edited by shaamoney, 27 March 2010 - 12:59 PM.


#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:04:56 AM

Posted 27 March 2010 - 04:20 PM

Hi,


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 18.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586.exe and select "Run as an Administrator.")





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt



Please post back with a fresh OTL logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 shaamoney

shaamoney
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 30 March 2010 - 06:14 PM

No problem. I haven't forgotten this, its just its taken nearly 4 hours and has been at 99% for sometime! I will post the complete logs tomorrow (well, later today) if thats ok.

Thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users