Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    World's Largest Spam Botnet Finds a New Way to Avoid Detection... For Now

Featured Deal: Pay What You Want: The 2018 Machine Learning Bundle Deal

Photo

Google redirects, IE blocked, missing program associations, Malware Bytes and various other scanners not working

Started by KyleJS , Jun 30 2010 03:39 PM

  • This topic is locked This topic is locked
14 replies to this topic

#1 KyleJS

KyleJS

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Local time:02:30 AM

Posted 30 June 2010 - 03:39 PM

Google redirects, IE blocked, missing program associations, Malware Bytes and various other scanners not working

Referred from here: http://www.bleepingcomputer.com/forums/t/326343/google-redirects-ie-blocked-missing-program-associations/ ~ OB

Here are my logs.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Kyle at 15:46:11.97 on Wed 06/30/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.1858 [GMT -4:00]

AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Sophos Anti-Virus *disabled* (Outdated) {A8CA403D-C4B1-4BBA-9FA7-B73C144CBC5C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\locator.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkASv2K.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Users\Kyle\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
uRun: [{E76424D3-128B-B9C5-09AB-0721A2F04D1D}] c:\users\kyle\appdata\roaming\vutuaw\gima.exe
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} - file:///D:/win/setup/iaieplay.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///D:/win/setup/iamce.dll
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\tibxncwe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\tibxncwe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nbc direct\npDirectPlayerMozilla.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\kyle\appdata\local\yahoo!\browserplus\2.8.1\plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\users\kyle\appdata\roaming\idm\bin\flash\platform\winnt\plugins\npidmdcp.dll
FF - plugin: c:\users\kyle\appdata\roaming\move networks\plugins\npqmp071504000001.dll
FF - plugin: c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\tibxncwe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {76A4F2EE-ADB2-4CAD-AB17-268A1D500418} - c:\users\kyle\appdata\local\{76A4F2EE-ADB2-4CAD-AB17-268A1D500418}
FF - HiddenExtension: XULRunner: {A7BBA996-A56C-4EF9-B59B-90CA2E69DC89} - c:\windows\system32\config\systemprofile\appdata\local\{A7BBA996-A56C-4EF9-B59B-90CA2E69DC89}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-12-24 99344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-12-24 25104]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-6-23 85312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-14 172032]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1228208]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2008-12-9 69632]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-12-9 98304]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2008-6-26 172032]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2008-9-5 14848]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-10 21504]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2008-7-10 24944]
S3 MarkFun_NT;MarkFun_NT;c:\program files\gigabyte\et5pro\MARKFUN.W32 [2008-7-10 17912]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-6-23 20288]

============== File Associations ===============

regedit=???
regfile=???

=============== Created Last 30 ================

2010-06-30 03:52:07 380928 ----a-w- c:\windows\system32\ac3filter.acm
2010-06-30 03:52:06 0 d-----w- c:\program files\AC3Filter
2010-06-30 00:53:08 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-30 00:53:08 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-30 00:53:08 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-30 00:53:08 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-30 00:53:08 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-28 22:12:57 0 d-----w- c:\program files\AutoHotkey
2010-06-28 17:41:00 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-28 03:26:20 0 d-----w- c:\users\kyle\appdata\roaming\QuickScan
2010-06-28 03:11:14 0 d-----w- c:\programdata\Sun
2010-06-28 03:10:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-27 21:33:25 334 ---ha-w- C:\IPH.PH
2010-06-26 18:20:41 0 d-----w- c:\programdata\McAfee Security Scan
2010-06-26 18:20:41 0 d-----w- c:\programdata\McAfee
2010-06-26 18:20:40 0 d-----w- c:\program files\McAfee Security Scan
2010-06-25 16:31:03 0 d-----w- c:\program files\Titan Network
2010-06-24 23:33:02 0 d-----w- c:\program files\Combined Community Codec Pack
2010-06-23 17:43:38 130088 ----a-w- c:\windows\system32\sdccoinstaller.dll
2010-06-23 17:43:25 0 d-----w- c:\program files\common files\Cisco Systems
2010-06-23 17:43:24 23552 ----a-w- c:\windows\system32\SophosBootTasks.exe
2010-06-23 17:43:13 0 d-----w- c:\programdata\Sophos
2010-06-23 17:43:13 0 d-----w- c:\program files\Sophos
2010-06-23 17:42:20 85312 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2010-06-23 17:42:20 20288 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2010-06-23 17:42:17 0 d-----w- C:\stdtsa
2010-06-23 17:23:02 0 d-----w- c:\program files\CodeStuff
2010-06-23 16:45:52 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-23 16:33:31 0 d-----w- c:\program files\ESET
2010-06-23 16:07:25 0 ---ha-w- C:\ProgramData.LOG2
2010-06-23 16:07:25 0 ---ha-w- C:\ProgramData.LOG1
2010-06-22 23:19:01 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-22 23:18:56 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-22 17:48:43 139333700 ----a-w- c:\windows\MEMORY.DMP
2010-06-19 22:40:23 0 d-----w- c:\programdata\DivX
2010-06-10 19:34:12 0 d-----w- c:\users\kyle\appdata\roaming\AVS4YOU
2010-06-10 19:30:37 0 d-----w- c:\program files\common files\AVSMedia
2010-06-10 19:30:33 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-06-10 19:30:33 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-06-10 19:30:33 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-06-10 19:30:32 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-06-10 19:30:32 0 d-----w- c:\programdata\AVS4YOU
2010-06-10 19:30:32 0 d-----w- c:\program files\AVS4YOU
2010-06-10 19:25:56 0 d-----w- c:\users\kyle\appdata\roaming\FLV Extract
2010-06-02 02:46:29 69 ----a-w- c:\windows\NeroDigital.ini
2010-06-02 02:44:57 0 d-----w- c:\programdata\LightScribe
2010-06-02 02:32:37 0 d-----w- c:\programdata\Ahead
2010-06-02 02:29:49 0 d-----w- c:\programdata\Nero
2010-06-02 02:29:49 0 d-----w- c:\program files\Nero
2010-06-02 02:27:22 0 d-----w- c:\program files\MSSOAP
2010-06-02 02:27:22 0 d-----w- c:\program files\common files\MSSoap
2010-06-02 02:26:56 0 d-----w- c:\program files\Webroot
2010-06-02 02:21:34 164 ----a-w- c:\windows\install.dat
2010-06-01 20:08:04 12 ----a-w- c:\users\kyle\appdata\roaming\czyiwa.dat

==================== Find3M ====================

2010-06-30 19:41:20 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-28 03:51:33 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-15 20:57:26 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-15 20:57:26 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-15 20:57:26 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-12 15:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 19:15:20 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:45:56 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 18:45:56 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43:35 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-16 14:39:07 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-02 21:17:52 15426200 ----a-w- c:\windows\system32\xlive.dll
2010-04-02 21:17:52 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-17 19:48:50 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-07-10 15:44:04 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-21 15:33:15 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-21 15:33:15 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-21 15:33:38 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-03-20 23:13:39 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2010-03-20 23:13:39 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-20 23:13:55 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-10-16 21:41:27 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 15:47:38.13 ===============

Attached Files

  • Attached File  ark.txt   151.39KB   4 downloads

Edited by Orange Blossom, 30 June 2010 - 09:22 PM.

BC AdBot (Login to Remove)

 

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:30 AM

Posted 04 July 2010 - 02:04 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

information and logs:
    In your next post I need the following
      1.logs from DDS
      2.RKUnHooker
      3.let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 KyleJS

KyleJS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Local time:02:30 AM

Posted 05 July 2010 - 10:35 AM

Only "problem" is that scr only generates one log, the dds.txt. Here are the requested logs though.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Kyle at 11:30:15.13 on Mon 07/05/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.1825 [GMT -4:00]

AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Sophos Anti-Virus *disabled* (Outdated) {A8CA403D-C4B1-4BBA-9FA7-B73C144CBC5C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\locator.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkASv2K.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Kyle\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"
uRun: [{E76424D3-128B-B9C5-09AB-0721A2F04D1D}] c:\users\kyle\appdata\roaming\vutuaw\gima.exe
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Kernel and Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NeroFilterCheck] "c:\program files\common files\ahead\lib\NeroCheck.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} - file:///D:/win/setup/iaieplay.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///D:/win/setup/iamce.dll
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\tibxncwe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\tibxncwe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nbc direct\npDirectPlayerMozilla.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\kyle\appdata\local\yahoo!\browserplus\2.8.1\plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\users\kyle\appdata\roaming\idm\bin\flash\platform\winnt\plugins\npidmdcp.dll
FF - plugin: c:\users\kyle\appdata\roaming\move networks\plugins\npqmp071504000001.dll
FF - plugin: c:\users\kyle\appdata\roaming\mozilla\firefox\profiles\tibxncwe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {76A4F2EE-ADB2-4CAD-AB17-268A1D500418} - c:\users\kyle\appdata\local\{76A4F2EE-ADB2-4CAD-AB17-268A1D500418}
FF - HiddenExtension: XULRunner: {A7BBA996-A56C-4EF9-B59B-90CA2E69DC89} - c:\windows\system32\config\systemprofile\appdata\local\{A7BBA996-A56C-4EF9-B59B-90CA2E69DC89}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-12-24 99344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-12-24 25104]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\drivers\savonaccess.sys [2010-6-23 85312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-14 172032]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2008-12-9 69632]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2008-12-9 98304]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2008-6-26 172032]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2008-9-5 14848]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-10 21504]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2008-7-10 24944]
S3 MarkFun_NT;MarkFun_NT;c:\program files\gigabyte\et5pro\MARKFUN.W32 [2008-7-10 17912]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-6-23 20288]

============== File Associations ===============

regedit=???
regfile=???

=============== Created Last 30 ================

2010-07-05 15:29:24 0 ----a-w- c:\users\kyle\defogger_reenable
2010-07-01 07:40:01 0 d-----w- c:\program files\DominateGame
2010-06-30 03:52:07 380928 ----a-w- c:\windows\system32\ac3filter.acm
2010-06-30 03:52:06 0 d-----w- c:\program files\AC3Filter
2010-06-30 00:53:08 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-30 00:53:08 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-30 00:53:08 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-30 00:53:08 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-30 00:53:08 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-28 22:12:57 0 d-----w- c:\program files\AutoHotkey
2010-06-28 17:41:00 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-28 03:26:20 0 d-----w- c:\users\kyle\appdata\roaming\QuickScan
2010-06-28 03:11:14 0 d-----w- c:\programdata\Sun
2010-06-28 03:10:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-27 21:33:25 334 ---ha-w- C:\IPH.PH
2010-06-26 18:20:41 0 d-----w- c:\programdata\McAfee Security Scan
2010-06-26 18:20:41 0 d-----w- c:\programdata\McAfee
2010-06-26 18:20:40 0 d-----w- c:\program files\McAfee Security Scan
2010-06-25 16:31:03 0 d-----w- c:\program files\Titan Network
2010-06-24 23:33:02 0 d-----w- c:\program files\Combined Community Codec Pack
2010-06-23 17:43:38 130088 ----a-w- c:\windows\system32\sdccoinstaller.dll
2010-06-23 17:43:25 0 d-----w- c:\program files\common files\Cisco Systems
2010-06-23 17:43:24 23552 ----a-w- c:\windows\system32\SophosBootTasks.exe
2010-06-23 17:43:13 0 d-----w- c:\programdata\Sophos
2010-06-23 17:43:13 0 d-----w- c:\program files\Sophos
2010-06-23 17:42:20 85312 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2010-06-23 17:42:20 20288 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2010-06-23 17:42:17 0 d-----w- C:\stdtsa
2010-06-23 17:23:02 0 d-----w- c:\program files\CodeStuff
2010-06-23 16:45:52 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-23 16:33:31 0 d-----w- c:\program files\ESET
2010-06-23 16:07:25 0 ---ha-w- C:\ProgramData.LOG2
2010-06-23 16:07:25 0 ---ha-w- C:\ProgramData.LOG1
2010-06-22 23:19:01 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-22 23:18:56 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-22 17:48:43 139333700 ----a-w- c:\windows\MEMORY.DMP
2010-06-19 22:40:23 0 d-----w- c:\programdata\DivX
2010-06-10 19:34:12 0 d-----w- c:\users\kyle\appdata\roaming\AVS4YOU
2010-06-10 19:30:37 0 d-----w- c:\program files\common files\AVSMedia
2010-06-10 19:30:33 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-06-10 19:30:33 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-06-10 19:30:33 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-06-10 19:30:32 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-06-10 19:30:32 0 d-----w- c:\programdata\AVS4YOU
2010-06-10 19:30:32 0 d-----w- c:\program files\AVS4YOU
2010-06-10 19:25:56 0 d-----w- c:\users\kyle\appdata\roaming\FLV Extract

==================== Find3M ====================

2010-07-05 15:26:46 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-06-28 03:51:33 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-06-01 20:08:04 12 ----a-w- c:\users\kyle\appdata\roaming\czyiwa.dat
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-15 20:57:26 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-15 20:57:26 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-15 20:57:26 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-12 15:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 19:15:20 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-27 18:45:56 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 18:45:56 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43:35 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-16 14:39:07 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-11-17 19:48:50 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-07-10 15:44:04 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-21 15:33:15 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-21 15:33:15 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-21 15:33:38 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-03-20 23:13:39 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2010-03-20 23:13:39 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-20 23:13:55 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-10-16 21:41:27 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 11:31:48.52 ===============








***************************************************************************************************************





RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x9D00E000 C:\Windows\system32\DRIVERS\lvuvc.sys 6361088 bytes (Logitech Inc., Logitech USB Video Class Driver)
0x93608000 C:\Windows\system32\DRIVERS\atikmdag.sys 5406720 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82808000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82808000 PnpManager 3903488 bytes
0x82808000 RAW 3903488 bytes
0x82808000 WMIxWDM 3903488 bytes
0x9E470000 Win32k 2109440 bytes
0x9E470000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x83A0F000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82E01000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x83800000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x80468000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA3256000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9D631000 C:\Windows\system32\DRIVERS\lvrs.sys 761856 bytes (Logitech Inc., Logitech Kernel Audio Improvement Filter Driver)
0x9E810000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x93B30000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x93C00000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80548000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x80777000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9E8C0000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83905000 C:\Windows\system32\DRIVERS\timntr.sys 438272 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0x83B58000 C:\Windows\system32\DRIVERS\tdrpman.sys 364544 bytes (Acronis, Acronis Try&Decide and Restore Points Volume Filter Driver)
0xA3201000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x806A0000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x94454000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80604000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80427000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x93DBE000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x94146000 C:\Windows\system32\drivers\HdAudio.sys 258048 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0x93CDD000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x94565000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82F37000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9E96D000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x83B1F000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x94505000 C:\Windows\System32\drivers\truecrypt.sys 229376 bytes (TrueCrypt Foundation, TrueCrypt Driver)
0x94074000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82BC1000 ACPI_HAL 208896 bytes
0x82BC1000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xA3366000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x80735000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9449C000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x93D8F000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x940E9000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82F0C000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x93C8D000 C:\Windows\system32\DRIVERS\Rtlh86.sys 176128 bytes (Realtek , Realtek 8136/8168/8169 NDIS6 32-bit Driver )
0x94033000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x83970000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8065B000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x9E9BE000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x9400B000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x9D726000 C:\Windows\system32\DRIVERS\Dot4.sys 151552 bytes (Microsoft Corporation, IEEE-1284.4-1999 Driver)
0x94116000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x82F8D000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9453D000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x83997000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9E92D000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x805DC000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9E94E000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x83BBB000 C:\Windows\system32\DRIVERS\snapman.sys 126976 bytes (Acronis, Acronis Snapshot API)
0x80717000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x941A0000 C:\Windows\System32\DRIVERS\cmdguard.sys 118784 bytes (COMODO, COMODO Internet Security Sandbox Driver)
0x9D7AD000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x838EA000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9D754000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x94185000 C:\Windows\system32\DRIVERS\savonaccess.sys 110592 bytes (Sophos Plc, SAV On-Access and HIPS for Windows Vista (x86))
0x940CF000 C:\Windows\system32\drivers\AtiHdmi.sys 106496 bytes (ATI Research Inc., Ati High Definition Audio Function Driver)
0x93D53000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x9D7CA000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x93CB8000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9E9A6000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x93D77000 C:\Windows\system32\DRIVERS\parport.sys 98304 bytes (Microsoft Corporation, Parallel Port Driver)
0x945B0000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x93BE8000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x945E7000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA3399000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x944CE000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x94421000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9D7E3000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x82FD3000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x82FBF000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x94440000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x9D79A000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x944F2000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9D61F000 C:\Windows\system32\drivers\usbaudio.sys 73728 bytes (Microsoft Corporation, USB Audio Class Driver)
0x83BEA000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x940B3000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8040E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82F72000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x80767000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x839C1000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9D78A000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x806FF000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x93D2A000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x82FE8000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x9D6EB000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x83BDA000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80682000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x82FB0000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x93D1B000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80691000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x93D3A000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x9E6B0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x944E4000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9440A000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x806F1000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x945C7000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x9D719000 C:\Windows\system32\DRIVERS\dot4usb.sys 53248 bytes (Microsoft Corporation, DOT4USB filter driver)
0x94067000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x805C4000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA333E000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xA3355000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x941D4000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x93BD1000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x945D4000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x93D48000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x807E8000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x807F3000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x94000000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x82F82000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9D704000 C:\Windows\system32\drivers\SiLib.sys 45056 bytes (Silicon Laboratories, SiLib WDM Support Driver)
0x93BDD000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xA334A000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x839E1000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x805D1000 C:\Windows\system32\DRIVERS\VClone.sys 45056 bytes (Elaborate Bytes AG, VirtualCloneCD Driver)
0x9E806000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x940A9000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
0x9405D000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x945A1000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA3334000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x93D6D000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x9D6FA000 C:\Windows\system32\drivers\SiUSBXp.sys 40960 bytes (Silicon Laboratories, SiUSBXp.sys)
0x9D76F000 C:\Windows\system32\DRIVERS\tifsfilt.sys 40960 bytes (Acronis, Acronis True Image File System Filter)
0x93CD3000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x9D70F000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0x9D781000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x94437000 C:\Windows\System32\DRIVERS\cmdhlp.sys 36864 bytes (COMODO, COMODO Internet Security Helper Driver)
0x839B8000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x9D74B000 C:\Windows\system32\DRIVERS\Dot4Prt.sys 36864 bytes (Microsoft Corporation, IEEE-1284.4 Print Class Driver)
0x941BD000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x94400000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x940C4000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x839D1000 C:\Windows\system32\drivers\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0xA33AF000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x94418000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9E690000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x839EC000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x839F5000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8064A000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8070F000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x83A00000 C:\Windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (ATI Technologies Inc., ATI PCIE Driver for ATI PCIE chipset)
0x8041F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x945DF000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x93600000 C:\Windows\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0x941F7000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x80653000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x941E0000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x941E8000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x83BB1000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x941CD000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x941F0000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80407000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x9413B000 C:\Windows\system32\DRIVERS\LHidFilt.Sys 28672 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0x941C6000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0xA324F000 C:\Windows\system32\DRIVERS\parvdm.sys 28672 bytes (Microsoft Corporation, VDM Parallel Driver)
0x806EA000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x9455F000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x945AB000 C:\Windows\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xA3361000 C:\Windows\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0x93CD0000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0x83BB9000 C:\Windows\system32\speedfan.sys 8192 bytes (Windows ® 2000 DDK provider, SpeedFan Device Driver)
0x94031000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x945FE000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x83BE9000 C:\Windows\system32\giveio.sys 4096 bytes
==============================================
>Stealth
==============================================
0x01010000 Hidden Image-->CLI.Foundation.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 102400 bytes
0x07890000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 102400 bytes
0x07A50000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 102400 bytes
0x04E40000 Hidden Image-->CLI.Caste.Graphics.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 110592 bytes
0x00AE0000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x8735AD90 ] PID: 2780, 118784 bytes
0x03E00000 Hidden Image-->MOM.Implementation.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 118784 bytes
0x08450000 Hidden Image-->CLI.Component.Dashboard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 1224704 bytes
0x081F0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 1740800 bytes
0x07600000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 208896 bytes
0x07920000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 217088 bytes
0x07640000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 282624 bytes
0x01C50000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x8735AD90 ] PID: 2780, 28672 bytes
0x01CC0000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x8735AD90 ] PID: 2780, 28672 bytes
0x02B30000 Hidden Image-->NetLib.dll [ EPROCESS 0x885597D8 ] PID: 3576, 28672 bytes
0x02BD0000 Hidden Image-->SpeedfanReader.dll [ EPROCESS 0x885597D8 ] PID: 3576, 28672 bytes
0x00C50000 Hidden Image-->LOG.Foundation.Implementation.Private.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x00C40000 Hidden Image-->MOM.Foundation.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x04160000 Hidden Image-->CLI.Component.Runtime.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x041D0000 Hidden Image-->AEM.Server.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x04940000 Hidden Image-->AEM.Plugin.DPPE.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x04970000 Hidden Image-->AEM.Plugin.WinMessages.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x04960000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x049B0000 Hidden Image-->DEM.Foundation.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x049C0000 Hidden Image-->DEM.Graphics.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x04E30000 Hidden Image-->AEM.Actions.CCAA.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x04E10000 Hidden Image-->CLI.Caste.HydraVision.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x04EA0000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x05100000 Hidden Image-->ResourceManagement.Foundation.Private.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x05110000 Hidden Image-->AEM.Plugin.GD.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x057A0000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x05910000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x05FD0000 Hidden Image-->DEM.Graphics.I0706.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x05BA0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x05B90000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x05FC0000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x060E0000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x060A0000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x060F0000 Hidden Image-->DEM.Graphics.I0703.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x06900000 Hidden Image-->APM.Foundation.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x06A60000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x06D40000 Hidden Image-->AEM.Plugin.REG.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x06D50000 Hidden Image-->AEM.Plugin.EEU.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x06E10000 Hidden Image-->Branding.dll [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x074D0000 Hidden Image-->CLI.Component.Wizard.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x074C0000 Hidden Image-->CLI.Component.Client.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x074F0000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x075A0000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x075E0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x07CA0000 Hidden Image-->atixclib.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x07CC0000 Hidden Image-->CLI.Caste.HydraVision.Wizard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x08030000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 28672 bytes
0x07B00000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 339968 bytes
0x05720000 Hidden Image-->CLI.Caste.Graphics.Runtime.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 348160 bytes
0x01D70000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x8735AD90 ] PID: 2780, 36864 bytes
0x03E50000 Hidden Image-->CLI.Foundation.XManifest.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 36864 bytes
0x041C0000 Hidden Image-->NEWAEM.Foundation.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 36864 bytes
0x04DF0000 Hidden Image-->CLI.Caste.HydraVision.Runtime.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 36864 bytes
0x05B30000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 36864 bytes
0x05BE0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 36864 bytes
0x05BC0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 36864 bytes
0x05D30000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 36864 bytes
0x074E0000 Hidden Image-->CLI.Component.Wizard.Shared.Private.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 36864 bytes
0x07590000 Hidden Image-->CLI.Component.Dashboard.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 36864 bytes
0x07B60000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Wizard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 372736 bytes
0x07A70000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 405504 bytes
0x07250000 Hidden Image-->CLI.Component.Wizard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 413696 bytes
0x078B0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 421888 bytes
0x00B10000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x8735AD90 ] PID: 2780, 45056 bytes
0x01C20000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x8735AD90 ] PID: 2780, 45056 bytes
0x01D60000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x8735AD90 ] PID: 2780, 45056 bytes
0x00C30000 Hidden Image-->LOG.Foundation.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 45056 bytes
0x00C10000 Hidden Image-->CCC.Implementation.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 45056 bytes
0x01150000 Hidden Image-->LOG.Foundation.Private.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 45056 bytes
0x04180000 Hidden Image-->ATICCCom.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 45056 bytes
0x05BD0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 45056 bytes
0x05D10000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 45056 bytes
0x05FE0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 45056 bytes
0x06070000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 45056 bytes
0x07500000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Wizard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 503808 bytes
0x03E60000 Hidden Image-->CLI.Component.Runtime.Shared.Private.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 53248 bytes
0x04090000 Hidden Image-->CLI.Foundation.Private.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 53248 bytes
0x041B0000 Hidden Image-->AEM.Server.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 53248 bytes
0x041F0000 Hidden Image-->AEM.Plugin.Source.Kit.Server.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 53248 bytes
0x049A0000 Hidden Image-->DEM.Graphics.I0601.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 53248 bytes
0x05B20000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 53248 bytes
0x05BB0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 53248 bytes
0x05BF0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 53248 bytes
0x06C80000 Hidden Image-->CLI.Component.Client.Shared.Private.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 53248 bytes
0x07130000 Hidden Image-->CLI.Caste.Graphics.Wizard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 53248 bytes
0x075F0000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 53248 bytes
0x07C80000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 53248 bytes
0x06CB0000 Hidden Image-->CLI.Component.Systemtray.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 561152 bytes
0x08AF0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 585728 bytes
0x05C00000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 61440 bytes
0x05D60000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 61440 bytes
0x06030000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 61440 bytes
0x06060000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 61440 bytes
0x087A0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 643072 bytes
0x08D20000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 651264 bytes
0x06D60000 Hidden Image-->ResourceManagement.Foundation.Implementation.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 659456 bytes
0x03E30000 Hidden Image-->CLI.Component.SkinFactory.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 69632 bytes
0x04070000 Hidden Image-->CLI.Component.Runtime.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 69632 bytes
0x04190000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x87D71D28 ] PID: 4780, 69632 bytes
0x05D40000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 69632 bytes
0x05FA0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 69632 bytes
0x06010000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 69632 bytes
0x068E0000 Hidden Image-->APM.Server.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 69632 bytes
0x083A0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Wizard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 700416 bytes
0x08A30000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 757760 bytes
0x01C30000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x8735AD90 ] PID: 2780, 77824 bytes
0x01130000 Hidden Image-->LOG.Foundation.Implementation.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 77824 bytes
0x058F0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 77824 bytes
0x05B70000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 77824 bytes
0x08C50000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 790528 bytes
0x05B40000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 86016 bytes
0x05E70000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 86016 bytes
0x075B0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 86016 bytes
0x06040000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 94208 bytes
0x07960000 Hidden Image-->CLI.Aspect.DisplaysManager2.Graphics.Dashboard.DLL [ EPROCESS 0x87D71D28 ] PID: 4780, 962560 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:30 AM

Posted 05 July 2010 - 01:35 PM

Hello

Please do The following.


It may be helpful for you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully

    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 KyleJS

KyleJS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Local time:02:30 AM

Posted 05 July 2010 - 04:38 PM

Heres the log

ComboFix 10-07-04.04 - Kyle 07/05/2010 17:17:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.1862 [GMT -4:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Sophos Anti-Virus *disabled* (Outdated) {A8CA403D-C4B1-4BBA-9FA7-B73C144CBC5C}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Family\AppData\Local\1221391196.dll
c:\users\Kyle\AppData\Local\{76A4F2EE-ADB2-4CAD-AB17-268A1D500418}
c:\users\Kyle\AppData\Local\{76A4F2EE-ADB2-4CAD-AB17-268A1D500418}\chrome.manifest
c:\users\Kyle\AppData\Local\{76A4F2EE-ADB2-4CAD-AB17-268A1D500418}\chrome\content\_cfg.js
c:\users\Kyle\AppData\Local\{76A4F2EE-ADB2-4CAD-AB17-268A1D500418}\chrome\content\overlay.xul
c:\users\Kyle\AppData\Local\{76A4F2EE-ADB2-4CAD-AB17-268A1D500418}\install.rdf
c:\users\Kyle\AppData\Local\Windows Server
c:\users\Kyle\AppData\Local\Windows Server\flags.ini
c:\users\Kyle\AppData\Local\Windows Server\uses32.dat
c:\users\Kyle\AppData\Roaming\Vutuaw\gima.exe
c:\users\Kyle\AutoHotkey104805_Install.exe
c:\users\Kyle\vlc-1.0.1-win32.exe
c:\windows\system32\%appdata%
c:\windows\system32\autoexec.bat
c:\windows\system32\Drivers\pjci.sys
c:\windows\system32\spool\prtprocs\w32x86\1i9q1w.dll
c:\windows\system32\spool\prtprocs\w32x86\317m317c.dll
c:\windows\system32\spool\prtprocs\w32x86\3kU9mYWS.dll
c:\windows\system32\spool\prtprocs\w32x86\55555.dll
c:\windows\system32\spool\prtprocs\w32x86\5uOCE.dll
c:\windows\system32\spool\prtprocs\w32x86\79q1wSK.dll
c:\windows\system32\spool\prtprocs\w32x86\931793o79.dll
c:\windows\system32\spool\prtprocs\w32x86\9cE79317u.dll
c:\windows\system32\spool\prtprocs\w32x86\A9k1793.dll
c:\windows\system32\spool\prtprocs\w32x86\CE9a1k.dll
c:\windows\system32\spool\prtprocs\w32x86\e5aA5.dll
c:\windows\system32\spool\prtprocs\w32x86\EI5q5.dll
c:\windows\system32\spool\prtprocs\w32x86\G3iQGM179.dll
c:\windows\system32\spool\prtprocs\w32x86\GMY7c3s79.dll
c:\windows\system32\spool\prtprocs\w32x86\KUO93mYW.dll
c:\windows\system32\spool\prtprocs\w32x86\M3gMY3c7s.dll
c:\windows\system32\spool\prtprocs\w32x86\M5g5i.dll
c:\windows\system32\spool\prtprocs\w32x86\o93m7g3.dll
c:\windows\system32\spool\prtprocs\w32x86\sKU55.dll
c:\windows\system32\spool\prtprocs\w32x86\YW9u1m.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 )))))))))))))))))))))))))))))))
.

2010-07-05 21:26 . 2010-07-05 21:26 -------- d-----w- c:\users\Family\AppData\Local\temp
2010-07-05 21:26 . 2010-07-05 21:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-05 16:48 . 2010-07-05 16:48 -------- d-----w- c:\program files\Convert AVI to MP4
2010-07-01 07:40 . 2010-07-01 07:42 -------- d-----w- c:\program files\DominateGame
2010-06-30 03:52 . 2010-06-30 03:52 -------- d-----w- c:\program files\AC3Filter
2010-06-30 00:53 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-30 00:53 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-30 00:53 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-30 00:53 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-30 00:53 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-28 22:12 . 2010-06-28 22:12 -------- d-----w- c:\program files\AutoHotkey
2010-06-28 17:41 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-28 03:26 . 2010-06-28 03:33 -------- d-----w- c:\users\Kyle\AppData\Roaming\QuickScan
2010-06-28 03:10 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-26 18:20 . 2010-06-26 18:20 -------- d-----w- c:\programdata\McAfee Security Scan
2010-06-26 18:20 . 2010-06-26 18:20 -------- d-----w- c:\programdata\McAfee
2010-06-26 18:20 . 2010-06-28 18:43 -------- d-----w- c:\program files\McAfee Security Scan
2010-06-26 01:03 . 2010-06-27 17:33 120 ----a-w- c:\users\Kyle\AppData\Local\Wtalijo.dat
2010-06-26 01:03 . 2010-06-27 04:44 0 ----a-w- c:\users\Kyle\AppData\Local\Fzasofuyi.bin
2010-06-25 16:31 . 2010-06-25 16:31 -------- d-----w- c:\program files\Titan Network
2010-06-24 23:33 . 2010-06-24 23:33 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-06-24 17:25 . 2010-06-25 15:32 -------- d-----w- c:\users\Kyle\AppData\Local\Adobe
2010-06-23 17:46 . 2010-06-23 17:46 -------- d-----w- c:\users\Kyle\AppData\Local\Sophos
2010-06-23 17:43 . 2008-12-10 13:21 130088 ----a-w- c:\windows\system32\sdccoinstaller.dll
2010-06-23 17:43 . 2010-06-23 17:43 -------- d-----w- c:\program files\Common Files\Cisco Systems
2010-06-23 17:43 . 2008-12-09 21:10 23552 ----a-w- c:\windows\system32\SophosBootTasks.exe
2010-06-23 17:43 . 2010-06-23 17:43 -------- d-----w- c:\programdata\Sophos
2010-06-23 17:43 . 2010-06-23 17:43 -------- d-----w- c:\program files\Sophos
2010-06-23 17:42 . 2008-07-18 15:50 85312 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2010-06-23 17:42 . 2008-05-23 12:39 20288 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2010-06-23 17:42 . 2010-06-23 17:42 -------- d-----w- C:\stdtsa
2010-06-23 17:23 . 2010-06-23 17:23 -------- d-----w- c:\program files\CodeStuff
2010-06-23 16:45 . 2010-06-23 16:45 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-23 16:33 . 2010-06-23 16:33 -------- d-----w- c:\program files\ESET
2010-06-22 23:19 . 2010-06-22 23:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-22 23:18 . 2010-06-22 23:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-19 22:40 . 2010-06-19 22:57 -------- d-----w- c:\programdata\DivX
2010-06-16 20:09 . 2010-06-16 20:09 -------- d-----w- c:\program files\Adobe Media Player
2010-06-10 19:34 . 2010-06-10 19:34 -------- d-----w- c:\users\Kyle\AppData\Roaming\AVS4YOU
2010-06-10 19:30 . 2010-06-23 15:00 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-06-10 19:30 . 2008-08-13 15:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-06-10 19:30 . 2008-08-13 15:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-06-10 19:30 . 2008-08-13 15:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-06-10 19:30 . 2010-06-23 15:00 -------- d-----w- c:\program files\AVS4YOU
2010-06-10 19:30 . 2010-06-10 19:34 -------- d-----w- c:\programdata\AVS4YOU
2010-06-10 19:30 . 2008-08-13 15:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-06-10 19:25 . 2010-06-10 19:25 -------- d-----w- c:\users\Kyle\AppData\Roaming\FLV Extract

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 21:27 . 2009-08-17 00:27 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-05 19:05 . 2009-01-04 03:49 -------- d-----w- c:\users\Kyle\AppData\Roaming\uTorrent
2010-07-05 17:15 . 2010-06-02 02:32 -------- d-----w- c:\users\Kyle\AppData\Roaming\Ahead
2010-07-05 03:41 . 2009-07-29 01:50 -------- d-----w- c:\users\Kyle\AppData\Roaming\vlc
2010-07-01 07:27 . 2009-08-12 17:00 -------- d-----w- c:\program files\PokerStars
2010-06-30 00:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-30 00:55 . 2009-12-01 00:05 -------- d-----w- c:\programdata\Microsoft Help
2010-06-28 22:18 . 2008-07-09 02:39 2032 ----a-w- c:\users\Kyle\AppData\Local\d3d9caps.dat
2010-06-28 03:59 . 2010-03-18 23:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-28 03:51 . 2009-08-19 17:19 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-06-28 03:11 . 2008-08-07 23:33 -------- d-----w- c:\program files\Common Files\Java
2010-06-28 03:10 . 2008-08-07 23:35 -------- d-----w- c:\program files\Java
2010-06-28 02:59 . 2009-07-30 06:45 -------- d-----w- c:\users\Kyle\AppData\Roaming\Skype
2010-06-28 02:48 . 2009-07-30 06:47 -------- d-----w- c:\users\Kyle\AppData\Roaming\skypePM
2010-06-24 19:33 . 2008-07-31 14:46 -------- d-----w- c:\program files\City of Heroes
2010-06-23 22:54 . 2009-11-14 17:40 -------- d-----w- c:\program files\XIM 360
2010-06-23 16:45 . 2010-04-04 03:05 -------- d-----w- c:\programdata\Lavasoft
2010-06-23 16:45 . 2010-04-04 03:05 -------- d-----w- c:\program files\Lavasoft
2010-06-23 16:04 . 2010-04-01 05:34 -------- d-----w- c:\program files\GRETECH
2010-06-22 23:19 . 2010-06-22 23:19 63488 ----a-w- c:\users\Kyle\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-22 23:19 . 2010-06-22 23:19 52224 ----a-w- c:\users\Kyle\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-22 23:19 . 2010-06-22 23:19 117760 ----a-w- c:\users\Kyle\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-22 21:51 . 2010-02-12 17:22 -------- d-----w- c:\users\Kyle\AppData\Roaming\SUPERAntiSpyware.com
2010-06-21 16:41 . 2008-09-02 10:46 -------- d-----w- c:\users\Kyle\AppData\Roaming\Ceerk
2010-06-16 20:11 . 2010-01-24 17:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-10 23:57 . 2010-04-17 01:17 -------- d-----w- c:\program files\Steam
2010-06-09 23:53 . 2009-05-14 21:50 1 ----a-w- c:\users\Kyle\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\4671\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\4671\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\4671\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\4671\AcrobatUpdater.exe
2010-06-05 00:32 . 2010-04-03 19:51 -------- d-----w- c:\program files\a-squared Anti-Malware
2010-06-04 19:30 . 2010-04-03 20:17 -------- d-----w- c:\programdata\Alwil Software
2010-06-04 00:30 . 2009-04-21 01:46 -------- d-----w- c:\users\Kyle\AppData\Roaming\NBC Direct
2010-06-02 03:20 . 2010-06-02 03:20 15086 ----a-r- c:\users\Kyle\AppData\Roaming\Microsoft\Installer\{D761BBA0-FBDD-4E81-96E1-43B957D91BD8}\ARPPRODUCTICON.exe
2010-06-02 03:18 . 2010-06-02 03:18 15086 ----a-r- c:\users\Kyle\AppData\Roaming\Microsoft\Installer\{84B01A13-F78F-4281-9224-C96FB3530A2C}\ARPPRODUCTICON.exe
2010-06-02 02:44 . 2010-06-02 02:44 -------- d-----w- c:\programdata\LightScribe
2010-06-02 02:33 . 2010-06-02 02:33 -------- d-----w- c:\program files\Common Files\LightScribe
2010-06-02 02:32 . 2010-06-02 02:32 -------- d-----w- c:\programdata\Ahead
2010-06-02 02:32 . 2010-06-02 02:29 -------- d-----w- c:\program files\Common Files\Ahead
2010-06-02 02:29 . 2010-06-02 02:29 -------- d-----w- c:\programdata\Nero
2010-06-02 02:29 . 2010-06-02 02:29 -------- d-----w- c:\program files\Nero
2010-06-02 02:27 . 2010-06-02 02:27 -------- d-----w- c:\program files\MSSOAP
2010-06-02 02:26 . 2010-06-02 02:26 -------- d-----w- c:\program files\Webroot
2010-06-02 02:21 . 2010-06-02 02:21 164 ----a-w- c:\windows\install.dat
2010-06-01 20:08 . 2010-06-01 20:08 12 ----a-w- c:\users\Kyle\AppData\Roaming\czyiwa.dat
2010-05-31 20:34 . 2010-06-28 03:26 702120 ----a-w- c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tibxncwe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-05-31 20:34 . 2010-06-28 03:26 868456 ----a-w- c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tibxncwe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-05-27 22:08 . 2010-05-15 20:59 -------- d-----w- c:\programdata\Ulead Systems
2010-05-27 22:08 . 2008-07-09 05:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-26 17:06 . 2010-06-28 17:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-28 17:40 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-23 19:48 . 2010-05-23 19:38 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-05-23 19:01 . 2008-07-12 16:43 -------- d-----w- c:\program files\World of Warcraft
2010-05-23 01:19 . 2010-05-23 01:19 -------- d-----w- c:\programdata\Blizzard
2010-05-15 21:18 . 2010-05-15 21:03 -------- d-----w- c:\users\Kyle\AppData\Roaming\Ulead Systems
2010-05-15 21:02 . 2008-07-09 02:40 76592 ----a-w- c:\users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-15 21:00 . 2010-05-15 21:00 -------- d-----w- c:\programdata\InstallShield
2010-05-15 21:00 . 2010-05-15 21:00 -------- d-----w- c:\program files\Windows Media Components
2010-05-15 20:59 . 2008-07-09 05:14 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-15 00:18 . 2008-09-14 13:51 -------- d-----w- c:\program files\uTorrent
2010-05-12 15:21 . 2009-10-02 21:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 19:15 . 2010-06-28 17:40 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-28 17:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-28 17:40 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-03-18 23:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-18 23:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 18:45 . 2010-04-27 18:45 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 18:45 . 2010-04-27 18:45 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-23 14:13 . 2010-06-28 17:40 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-28 17:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-16 16:43 . 2010-06-28 17:40 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-28 17:40 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-28 17:40 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-28 17:40 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-16 14:39 . 2010-06-28 17:40 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2006-05-06 16:42 . 2009-01-12 02:57 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2007-6-21 245760]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-17 805392]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-11-07 19:16 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro]
2007-07-26 19:05 20480 ----a-w- c:\program files\Gigabyte\ET5Pro\ETcall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 18:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:0e,ab,91,e2,ce,21,ca,01

R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2009-12-11 24944]
R3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\ET5Pro\markfun.w32 [2007-08-21 17912]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2008-05-23 20288]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-12-24 99344]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-12-24 25104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2008-07-18 85312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 172032]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-03 1352832]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2008-12-09 69632]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2008-12-09 98304]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2008-06-24 431384]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2008-09-05 14848]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 21:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2050662660-2346740637-1860091718-1002Core.job
- c:\users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-29 00:16]

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2050662660-2346740637-1860091718-1002UA.job
- c:\users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-29 00:16]

2010-07-05 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-01-08 16:21]

2010-06-14 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-29 13:22]

2010-07-05 c:\windows\Tasks\User_Feed_Synchronization-{EFCDE385-03A3-459E-AB6C-0BB40F9FD392}.job
- c:\windows\system32\msfeedssync.exe [2008-07-10 07:33]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///D:/win/setup/iamce.dll
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tibxncwe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tibxncwe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\NBC Direct\npDirectPlayerMozilla.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Kyle\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\users\Kyle\AppData\Roaming\IDM\bin\flash\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: c:\users\Kyle\AppData\Roaming\Move Networks\plugins\npqmp071504000001.dll
FF - plugin: c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tibxncwe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {A7BBA996-A56C-4EF9-B59B-90CA2E69DC89} - c:\windows\system32\config\systemprofile\AppData\Local\{A7BBA996-A56C-4EF9-B59B-90CA2E69DC89}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-{E76424D3-128B-B9C5-09AB-0721A2F04D1D} - c:\users\Kyle\AppData\Roaming\Vutuaw\gima.exe
SafeBoot-klmdb.sys
AddRemove-XIM360&10C4&EA61 - c:\windows\system32\Silabs\DriverUninstaller.exe USBXpress\XIM360&10C4&EA61



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 17:28
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\ET5Pro\markfun.w32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2050662660-2346740637-1860091718-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cd,15,cc,cb,69,f4,1a,15,0f,1c,df,7c,ef,e1,f5,3f,df,04,15,6c,1e,53,d0,
23,f3,ab,68,26,32,e6,60,d2,6e,df,53,b8,30,51,75,dd,01,83,11,ff,d4,b1,cf,c9,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-2050662660-2346740637-1860091718-1000\Software\SecuROM\License information*]
"datasecu"=hex:16,cf,06,45,ff,5f,73,48,b6,55,23,5b,f3,2d,97,4d,e4,7f,41,85,52,
0e,53,7c,74,d0,97,b9,c2,97,ca,d1,bf,43,63,7f,e6,53,06,54,5d,06,55,d2,c7,b5,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'Explorer.exe'(2312)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\locator.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\windows\System32\StkASv2K.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2010-07-05 17:35:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-05 21:35

Pre-Run: 70,673,313,792 bytes free
Post-Run: 71,515,291,648 bytes free

- - End Of File - - CEC9DE057E0615F152A04B9D5B7BF18C


Seems to have fixed multiple problems that I suspected were virus related but wasnt sure. For example I couldnt re-activate the volume control icon and network control icon in the task bar (the boxes were grayed out) and now I can. Also Alt+Tabbing wouldnt show the boxes in the fancy vista mode but it would look like an ugly vista basic mode.

Ran scans with a moderator before this that seemed to take care of almost everything, and prior to making this post I would only get redirected in google searches like 1 out of 30 or so, so even though everything appears perfect it might take a while to truely tell.

Edit: YEa just got first redirect- again its really random and barely happens

Edited by KyleJS, 05 July 2010 - 04:43 PM.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:30 AM

Posted 05 July 2010 - 04:55 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
File::
c:\users\Kyle\AppData\Local\Wtalijo.dat
c:\users\Kyle\AppData\Local\Fzasofuyi.bin

FireFox::
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tibxncwe.default\
FF - HiddenExtension: XULRunner: {A7BBA996-A56C-4EF9-B59B-90CA2E69DC89} - c:\windows\system32\config\systemprofile\AppData\Local\{A7BBA996-A56C-4EF9-B59B-90CA2E69DC89}


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 KyleJS

KyleJS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Local time:02:30 AM

Posted 05 July 2010 - 06:09 PM

ComboFix 10-07-04.04 - Kyle 07/05/2010 18:56:36.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.1855 [GMT -4:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
Command switches used :: c:\users\Kyle\Desktop\CFScript.txt
AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Sophos Anti-Virus *disabled* (Outdated) {A8CA403D-C4B1-4BBA-9FA7-B73C144CBC5C}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

FILE ::
"c:\users\Kyle\AppData\Local\Fzasofuyi.bin"
"c:\users\Kyle\AppData\Local\Wtalijo.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Kyle\AppData\Local\Fzasofuyi.bin
c:\users\Kyle\AppData\Local\Wtalijo.dat
c:\windows\system32\config\systemprofile\AppData\Local\{A7BBA996-A56C-4EF9-B59B-90CA2E69DC89}
c:\windows\system32\config\systemprofile\AppData\Local\{A7BBA996-A56C-4EF9-B59B-90CA2E69DC89}\chrome.manifest
c:\windows\system32\config\systemprofile\AppData\Local\{A7BBA996-A56C-4EF9-B59B-90CA2E69DC89}\chrome\content\_cfg.js
c:\windows\system32\config\systemprofile\AppData\Local\{A7BBA996-A56C-4EF9-B59B-90CA2E69DC89}\chrome\content\overlay.xul
c:\windows\system32\config\systemprofile\AppData\Local\{A7BBA996-A56C-4EF9-B59B-90CA2E69DC89}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 )))))))))))))))))))))))))))))))
.

2010-07-05 23:03 . 2010-07-05 23:03 -------- d-----w- c:\users\Kyle\AppData\Local\temp
2010-07-05 23:03 . 2010-07-05 23:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-05 23:03 . 2010-07-05 23:03 -------- d-----w- c:\users\Family\AppData\Local\temp
2010-07-05 23:03 . 2010-07-05 23:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-05 16:48 . 2010-07-05 16:48 -------- d-----w- c:\program files\Convert AVI to MP4
2010-07-01 07:40 . 2010-07-01 07:42 -------- d-----w- c:\program files\DominateGame
2010-06-30 03:52 . 2010-06-30 03:52 -------- d-----w- c:\program files\AC3Filter
2010-06-30 00:53 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-30 00:53 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-30 00:53 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-30 00:53 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-30 00:53 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-28 22:12 . 2010-06-28 22:12 -------- d-----w- c:\program files\AutoHotkey
2010-06-28 17:41 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-28 03:26 . 2010-06-28 03:33 -------- d-----w- c:\users\Kyle\AppData\Roaming\QuickScan
2010-06-28 03:26 . 2010-05-31 20:34 702120 ----a-w- c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tibxncwe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-06-28 03:26 . 2010-05-31 20:34 868456 ----a-w- c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tibxncwe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-06-28 03:10 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-26 18:20 . 2010-06-26 18:20 -------- d-----w- c:\programdata\McAfee Security Scan
2010-06-26 18:20 . 2010-06-26 18:20 -------- d-----w- c:\programdata\McAfee
2010-06-26 18:20 . 2010-06-28 18:43 -------- d-----w- c:\program files\McAfee Security Scan
2010-06-25 16:31 . 2010-06-25 16:31 -------- d-----w- c:\program files\Titan Network
2010-06-24 23:33 . 2010-06-24 23:33 -------- d-----w- c:\program files\Combined Community Codec Pack
2010-06-24 17:25 . 2010-06-25 15:32 -------- d-----w- c:\users\Kyle\AppData\Local\Adobe
2010-06-23 17:46 . 2010-06-23 17:46 -------- d-----w- c:\users\Kyle\AppData\Local\Sophos
2010-06-23 17:43 . 2009-10-14 18:26 1809520 ----a-w- c:\programdata\Sophos\AutoUpdate\Cache\savxp\veex.dll
2010-06-23 17:42 . 2008-07-18 15:50 85312 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2010-06-23 17:42 . 2008-05-23 12:39 20288 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2010-06-23 17:42 . 2010-06-23 17:42 -------- d-----w- C:\stdtsa
2010-06-23 17:23 . 2010-06-23 17:23 -------- d-----w- c:\program files\CodeStuff
2010-06-23 16:45 . 2010-06-23 16:45 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-23 16:45 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-23 16:33 . 2010-06-23 16:33 -------- d-----w- c:\program files\ESET
2010-06-22 23:19 . 2010-06-22 23:19 63488 ----a-w- c:\users\Kyle\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-22 23:19 . 2010-06-22 23:19 52224 ----a-w- c:\users\Kyle\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-22 23:19 . 2010-06-22 23:19 117760 ----a-w- c:\users\Kyle\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-22 23:19 . 2010-06-22 23:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-22 23:18 . 2010-06-22 23:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-19 22:40 . 2010-06-19 22:57 -------- d-----w- c:\programdata\DivX
2010-06-16 20:09 . 2010-06-16 20:09 -------- d-----w- c:\program files\Adobe Media Player
2010-06-10 19:34 . 2010-06-10 19:34 -------- d-----w- c:\users\Kyle\AppData\Roaming\AVS4YOU
2010-06-10 19:30 . 2010-06-23 15:00 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-06-10 19:30 . 2008-08-13 15:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-06-10 19:30 . 2008-08-13 15:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-06-10 19:30 . 2008-08-13 15:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-06-10 19:30 . 2010-06-23 15:00 -------- d-----w- c:\program files\AVS4YOU
2010-06-10 19:30 . 2010-06-10 19:34 -------- d-----w- c:\programdata\AVS4YOU
2010-06-10 19:30 . 2008-08-13 15:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-06-10 19:25 . 2010-06-10 19:25 -------- d-----w- c:\users\Kyle\AppData\Roaming\FLV Extract
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\4671\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\4671\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\4671\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\4671\AcrobatUpdater.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 23:04 . 2009-01-04 03:49 -------- d-----w- c:\users\Kyle\AppData\Roaming\uTorrent
2010-07-05 21:27 . 2009-08-17 00:27 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-05 17:15 . 2010-06-02 02:32 -------- d-----w- c:\users\Kyle\AppData\Roaming\Ahead
2010-07-05 03:41 . 2009-07-29 01:50 -------- d-----w- c:\users\Kyle\AppData\Roaming\vlc
2010-07-01 07:27 . 2009-08-12 17:00 -------- d-----w- c:\program files\PokerStars
2010-06-30 00:57 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-30 00:55 . 2009-12-01 00:05 -------- d-----w- c:\programdata\Microsoft Help
2010-06-28 22:18 . 2008-07-09 02:39 2032 ----a-w- c:\users\Kyle\AppData\Local\d3d9caps.dat
2010-06-28 03:59 . 2010-03-18 23:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-28 03:51 . 2009-08-19 17:19 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-06-28 03:11 . 2008-08-07 23:33 -------- d-----w- c:\program files\Common Files\Java
2010-06-28 03:10 . 2008-08-07 23:35 -------- d-----w- c:\program files\Java
2010-06-28 02:59 . 2009-07-30 06:45 -------- d-----w- c:\users\Kyle\AppData\Roaming\Skype
2010-06-28 02:48 . 2009-07-30 06:47 -------- d-----w- c:\users\Kyle\AppData\Roaming\skypePM
2010-06-24 19:33 . 2008-07-31 14:46 -------- d-----w- c:\program files\City of Heroes
2010-06-23 22:54 . 2009-11-14 17:40 -------- d-----w- c:\program files\XIM 360
2010-06-23 17:43 . 2010-06-23 17:43 -------- d-----w- c:\programdata\Sophos
2010-06-23 17:43 . 2010-06-23 17:43 -------- d-----w- c:\program files\Sophos
2010-06-23 17:43 . 2010-06-23 17:43 -------- d-----w- c:\program files\Common Files\Cisco Systems
2010-06-23 16:45 . 2010-04-04 03:05 -------- d-----w- c:\programdata\Lavasoft
2010-06-23 16:45 . 2010-04-04 03:05 -------- d-----w- c:\program files\Lavasoft
2010-06-23 16:04 . 2010-04-01 05:34 -------- d-----w- c:\program files\GRETECH
2010-06-22 21:51 . 2010-02-12 17:22 -------- d-----w- c:\users\Kyle\AppData\Roaming\SUPERAntiSpyware.com
2010-06-21 16:41 . 2008-09-02 10:46 -------- d-----w- c:\users\Kyle\AppData\Roaming\Ceerk
2010-06-16 20:11 . 2010-01-24 17:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-10 23:57 . 2010-04-17 01:17 -------- d-----w- c:\program files\Steam
2010-06-09 23:53 . 2009-05-14 21:50 1 ----a-w- c:\users\Kyle\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-05 00:32 . 2010-04-03 19:51 -------- d-----w- c:\program files\a-squared Anti-Malware
2010-06-04 19:30 . 2010-04-03 20:17 -------- d-----w- c:\programdata\Alwil Software
2010-06-04 00:30 . 2009-04-21 01:46 -------- d-----w- c:\users\Kyle\AppData\Roaming\NBC Direct
2010-06-02 03:20 . 2010-06-02 03:20 15086 ----a-r- c:\users\Kyle\AppData\Roaming\Microsoft\Installer\{D761BBA0-FBDD-4E81-96E1-43B957D91BD8}\ARPPRODUCTICON.exe
2010-06-02 03:18 . 2010-06-02 03:18 15086 ----a-r- c:\users\Kyle\AppData\Roaming\Microsoft\Installer\{84B01A13-F78F-4281-9224-C96FB3530A2C}\ARPPRODUCTICON.exe
2010-06-02 02:44 . 2010-06-02 02:44 -------- d-----w- c:\programdata\LightScribe
2010-06-02 02:33 . 2010-06-02 02:33 -------- d-----w- c:\program files\Common Files\LightScribe
2010-06-02 02:32 . 2010-06-02 02:32 -------- d-----w- c:\programdata\Ahead
2010-06-02 02:32 . 2010-06-02 02:29 -------- d-----w- c:\program files\Common Files\Ahead
2010-06-02 02:29 . 2010-06-02 02:29 -------- d-----w- c:\programdata\Nero
2010-06-02 02:29 . 2010-06-02 02:29 -------- d-----w- c:\program files\Nero
2010-06-02 02:27 . 2010-06-02 02:27 -------- d-----w- c:\program files\MSSOAP
2010-06-02 02:26 . 2010-06-02 02:26 -------- d-----w- c:\program files\Webroot
2010-06-02 02:21 . 2010-06-02 02:21 164 ----a-w- c:\windows\install.dat
2010-06-01 20:08 . 2010-06-01 20:08 12 ----a-w- c:\users\Kyle\AppData\Roaming\czyiwa.dat
2010-05-27 22:08 . 2010-05-15 20:59 -------- d-----w- c:\programdata\Ulead Systems
2010-05-27 22:08 . 2008-07-09 05:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-26 17:06 . 2010-06-28 17:40 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-28 17:40 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-23 19:48 . 2010-05-23 19:38 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-05-23 19:01 . 2008-07-12 16:43 -------- d-----w- c:\program files\World of Warcraft
2010-05-23 01:19 . 2010-05-23 01:19 -------- d-----w- c:\programdata\Blizzard
2010-05-15 21:18 . 2010-05-15 21:03 -------- d-----w- c:\users\Kyle\AppData\Roaming\Ulead Systems
2010-05-15 21:02 . 2008-07-09 02:40 76592 ----a-w- c:\users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-15 21:00 . 2010-05-15 21:00 -------- d-----w- c:\programdata\InstallShield
2010-05-15 21:00 . 2010-05-15 21:00 -------- d-----w- c:\program files\Windows Media Components
2010-05-15 20:59 . 2008-07-09 05:14 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-15 00:18 . 2008-09-14 13:51 -------- d-----w- c:\program files\uTorrent
2010-05-12 15:21 . 2009-10-02 21:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 19:15 . 2010-06-28 17:40 834048 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-28 17:40 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-01 14:13 . 2010-06-28 17:40 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-03-18 23:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-03-18 23:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 18:45 . 2010-04-27 18:45 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 18:45 . 2010-04-27 18:45 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-23 14:13 . 2010-06-28 17:40 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-28 17:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-16 16:43 . 2010-06-28 17:40 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-28 17:40 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-28 17:40 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-28 17:40 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-16 14:39 . 2010-06-28 17:40 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2006-05-06 16:42 . 2009-01-12 02:57 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2007-6-21 245760]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-17 805392]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux8"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-11-07 19:16 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro]
2007-07-26 19:05 20480 ----a-w- c:\program files\Gigabyte\ET5Pro\ETcall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 18:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:0e,ab,91,e2,ce,21,ca,01

R3 GVTDrv;GVTDrv;c:\windows\system32\Drivers\GVTDrv.sys [2009-12-11 24944]
R3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\ET5Pro\markfun.w32 [2007-08-21 17912]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2008-05-23 20288]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-12-24 99344]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-12-24 25104]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2008-07-18 85312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 172032]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-03 1352832]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2008-12-09 69632]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2008-12-09 98304]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2008-06-24 431384]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2008-09-05 14848]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 21:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2050662660-2346740637-1860091718-1002Core.job
- c:\users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-29 00:16]

2010-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2050662660-2346740637-1860091718-1002UA.job
- c:\users\Family\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-29 00:16]

2010-07-05 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2010-01-08 16:21]

2010-07-05 c:\windows\Tasks\User_Feed_Synchronization-{EFCDE385-03A3-459E-AB6C-0BB40F9FD392}.job
- c:\windows\system32\msfeedssync.exe [2008-07-10 07:33]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///D:/win/setup/iamce.dll
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tibxncwe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tibxncwe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\NBC Direct\npDirectPlayerMozilla.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Kyle\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\users\Kyle\AppData\Roaming\IDM\bin\flash\platform\WINNT\plugins\npidmdcp.dll
FF - plugin: c:\users\Kyle\AppData\Roaming\Move Networks\plugins\npqmp071504000001.dll
FF - plugin: c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tibxncwe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 19:03
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\ET5Pro\markfun.w32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2050662660-2346740637-1860091718-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cd,15,cc,cb,69,f4,1a,15,0f,1c,df,7c,ef,e1,f5,3f,df,04,15,6c,1e,53,d0,
23,f3,ab,68,26,32,e6,60,d2,6e,df,53,b8,30,51,75,dd,01,83,11,ff,d4,b1,cf,c9,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-2050662660-2346740637-1860091718-1000\Software\SecuROM\License information*]
"datasecu"=hex:16,cf,06,45,ff,5f,73,48,b6,55,23,5b,f3,2d,97,4d,e4,7f,41,85,52,
0e,53,7c,74,d0,97,b9,c2,97,ca,d1,bf,43,63,7f,e6,53,06,54,5d,06,55,d2,c7,b5,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-07-05 19:08:44
ComboFix-quarantined-files.txt 2010-07-05 23:08
ComboFix2.txt 2010-07-05 21:35

Pre-Run: 71,543,861,248 bytes free
Post-Run: 71,517,990,912 bytes free

- - End Of File - - D202869B9FFD9489A888C504FD9911E7

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:30 AM

Posted 05 July 2010 - 06:42 PM

Greetings

I would like to get an extra report from combofix.

extra combofix report

I need to see one of the extra reports combofix makes
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
CODE
C:\Qoobox\Add-Remove Programs.txt
  • click ok
  • copy and paste the report into this topic for me to review

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

"information and logs"
    In your next post I need the following
    1. extra report from combofix
    2. report From MBAM
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 KyleJS

KyleJS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Local time:02:30 AM

Posted 05 July 2010 - 09:27 PM

Everything seems fine and as it should be. No redirects yet.

MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4251

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

7/5/2010 10:25:15 PM
mbam-log-2010-07-05 (22-25-15).txt

Scan type: Quick scan
Objects scanned: 143659
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



µTorrent
32 Bit HP CIO Components Installer
7-Zip 4.62
AAC Decoder
AC3Filter (remove only)
Acrobat.com
ActivePerl 5.10.1 Build 1006
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Reader 9.3
AGEIA PhysX v7.09.13
Apple Mobile Device Support
ATI Catalyst Install Manager
AutoHotkey 1.0.48.05
AutoUpdate
Battlefield 2142
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner
CDDRV_Installer
City of Villains/City of Heroes (remove only)
CodeStuff Starter
Combined Community Codec Pack 2009-09-09
Command & Conquer 3
Convert AVI to MP4 1.3
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
dj6940
DNA
DominateGame 20050929 (dominate)
EA Download Manager
EA Download Manager UI
EasyTune5Pro
eSupportQFolder
Fraps
GIMP 2.6.8
Google SketchUp 7
H.264 Decoder
Halo 2 for Windows Vista
HD Tune 2.55
HeroStats
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet Printer Driver Software. 8.0.B
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP Product Assistant
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
IDM Flash 4.4.0.468
InterActual Player
iTunes
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 4
Java™ 6 Update 7
KhalInstallWrapper
Left 4 Dead 2
LG USB Modem driver
LightScribe 1.8.15.1
LightScribe Template Designs - Quick and Simple Pack 1
LightScribe Template Designs - Seasonal Pack 1
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint
LP6940_Help
LP6940Trb
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Halo
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XNA Framework Redistributable 3.0
Mids' Hero/Villain Designer
MKV Splitter
MobileMe Control Panel
Move Media Player
Mozilla Firefox (3.6.6)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
NBC Direct
Nero 7 Essentials
neroxml
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.0
PokerStars
PunkBuster Services
QuickTime
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek AC'97 Audio
RivaTuner v2.22
Seagate DiscWizard
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
SF_CDB_ProductContext
SF_CDB_Software
Skype™ 4.1
Smart Defrag 1.20
SmartDraw 2010
SolutionCenter
Sophos Anti-Virus
Sophos AutoUpdate
SpeedFan (remove only)
SPORE™
SPORE™ Galactic Adventures
Status
Steam
SUPERAntiSpyware
The Battle for Middle-earth ™
TI Connect 1.6
Toolbox
TrayApp
TrueCrypt
Unity Web Player
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
USB2.0 Capture Device
VC80CRTRedist - 8.0.50727.4053
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
WebReg
Windows Media Player Firefox Plugin
WinHTTrack Website Copier 3.43-7
Winmx Community 1
WinPatrol 2008
WinRAR archiver
World of Warcraft
xEmulate
Yahoo! BrowserPlus 2.8.1
Yahoo! Install Manager
Yahoo! Toolbar

Edited by KyleJS, 05 July 2010 - 09:27 PM.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:30 AM

Posted 05 July 2010 - 10:23 PM

Hello

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs
    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    Adobe Reader 9.3
    Java™ 6 Update 4
    Java™ 6 Update 7

    and click on remove

Update Adobe Reader
    Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
      If you don't like Adobe Reader (33.5 MB), you can download Foxit PDF Reader(3.5MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. Log From ESET Online Scanner
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 KyleJS

KyleJS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Local time:02:30 AM

Posted 07 July 2010 - 11:57 PM

computer seems to be fine just surfing, but I guess scanners say otherwise

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c648295973620a45b7b2d4455fb60c07
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-08 02:40:46
# local_time=2010-07-07 10:40:46 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 8140466 8140466 0 0
# compatibility_mode=3073 16777213 20 100 47487208 47487568 0 0
# compatibility_mode=5892 16776574 100 100 3295659 115160233 0 0
# compatibility_mode=8192 67108863 100 0 320294 320294 0 0
# compatibility_mode=8449 16775165 100 97 316080 90879339 0 0
# compatibility_mode=9730 16764926 0 4 1933165 1933165 0 0
# scanned=222936
# found=21
# cleaned=0
# scan_time=4140
C:\Qoobox\Quarantine\C\Users\Family\AppData\Local\1221391196.dll.vir a variant of Win32/Kryptik.DVR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\1i9q1w.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\317m317c.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\3kU9mYWS.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\55555.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\5uOCE.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\79q1wSK.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\931793o79.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\9cE79317u.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\A9k1793.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\CE9a1k.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\e5aA5.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\EI5q5.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\G3iQGM179.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\GMY7c3s79.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\KUO93mYW.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\M3gMY3c7s.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\M5g5i.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\o93m7g3.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\sKU55.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Windows\System32\spool\prtprocs\w32x86\YW9u1m.dll.vir a variant of Win32/Kryptik.FGR trojan 00000000000000000000000000000000 I



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4290

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

7/7/2010 9:24:22 PM
mbam-log-2010-07-07 (21-24-22).txt

Scan type: Quick scan
Objects scanned: 145012
Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Mozilla Firefox\o.dat (Trojan.Hiloti) -> Quarantined and deleted successfully.

Edited by KyleJS, 07 July 2010 - 11:58 PM.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:30 AM

Posted 08 July 2010 - 12:09 AM

Greetings

Those scans are perfect!!

C:\Program Files\Mozilla Firefox\o.dat
This is a leftover and everything else is in a backup folder for combofix and will be removed right now

Very well done!! This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are.

The Online scan is only reporting backups created during the course of this fix, and items located in C:\System Volume Information\, which is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be resetting/clearing the cache shortly.

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point.

:DeFogger:
    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes
This will remove all restore points except the new one you just created and clean unneeded files

:Make your Internet Explorer more secure:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

:Make Firefox more secure:

:Turn On Automatic Updates:
    Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and useing often.

please read this great article by miekiemoes How to prevent Malware:
and
this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here:

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 KyleJS

KyleJS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
    •  
  • Local time:02:30 AM

Posted 08 July 2010 - 12:46 PM

Edit: One thing, I had a folder on my desktop that was "invisible" using this method http://www.iambetterthanu.com/2007/10/09/c...visible-folder/ but now its not there. Would it have been deleted in the cleanup you had me do, and is there any way to get it back?

Ah Thank you so much! My faith in humanity is restored after seeing the kind of time and knowledge people like you volunteer to others. Enjoy the small donation smile.gif, and thank you for your time.

Edited by KyleJS, 08 July 2010 - 12:54 PM.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:30 AM

Posted 08 July 2010 - 01:07 PM

Thank you very much and you are welcome



Surf in peace busy.gif


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:30 AM

Posted 11 July 2010 - 03:20 AM

Since the issue is resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.

With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·