Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Rootkit.Gen2 - Trojan


  • This topic is locked This topic is locked
1 reply to this topic

#1 Bultaco

Bultaco

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 27 July 2010 - 08:13 AM

Pasting in context from other post. ~ OB

This WARNING seems to come up only when I'm trying to install Vista SP1 (I know it's an old SP, but my Vista/HP Laptop crashed two weeks ago and I'm just now getting the advisory from Microsoft that the SP1 update is available for installation.)

Also, the SP1 installation is erroring out with a message referring to an 80070005 error. Don't know if this is related to the rootkit thingy or not. (perhaps it's two, unrelated problems requiring two posts.......but thought I'd mention them both here in case they're connected.)

I stumbled on a combofix site just prior to getting here.......and installed and ran it....and got the log report.......and only then noticed that I wasn't supposed to run it until someone instructed me to...........DOH!! Anyway, I have it for posting if it's needed.

Any help, greatly appreciated.
Michael
P.S. Avira doesn't seem to be able to do anything with the trojan.

End of added content. ~ OB

Here are my logs/reports as requested. Thanks, Michael

DDS (Ver_10-03-17.01) - NTFSx86
Run by Mike at 0:34:18.57 on 27/07/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.2.1033.18.2037.850 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\WINDOWS\System32\mstsc.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Users\Mike\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Mike\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=laptop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpconn~1.lnk - c:\program files\hp connections\6811507\program\HP Connections.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {8D43A907-C454-46AF-9F65-C8B9ECEBC41E} = 4.2.2.1,4.2.2.2
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\6sic4qmw.default\
FF - prefs.js: browser.startup.homepage - igoogle.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-17 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-17 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-17 60936]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-7-20 1153368]

=============== Created Last 30 ================

2010-07-27 04:24:06 0 ----a-w- c:\users\mike\defogger_reenable
2010-07-26 18:22:20 0 d-sh--w- C:\$RECYCLE.BIN
2010-07-26 18:12:35 98816 ----a-w- c:\windows\sed.exe
2010-07-26 18:12:35 77312 ----a-w- c:\windows\MBR.exe
2010-07-26 18:12:35 256512 ----a-w- c:\windows\PEV.exe
2010-07-26 18:12:35 161792 ----a-w- c:\windows\SWREG.exe
2010-07-26 18:12:29 0 d-----w- C:\ComboFix
2010-07-26 18:05:55 0 d-----w- c:\users\mike\appdata\roaming\Avira
2010-07-26 16:35:04 0 d-----w- c:\users\mike\appdata\roaming\ComodoGroup
2010-07-26 16:31:36 0 d-----w- c:\program files\COMODO
2010-07-26 15:51:09 0 d-----w- c:\users\mike\appdata\roaming\Malwarebytes
2010-07-26 15:50:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 15:50:55 0 d-----w- c:\programdata\Malwarebytes
2010-07-26 15:50:54 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 15:50:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 04:29:37 0 d-----w- c:\programdata\Sun
2010-07-26 04:29:08 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-25 12:31:38 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-07-21 10:00:56 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-07-21 07:15:01 0 dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-21 07:14:54 0 d-----w- c:\programdata\Lavasoft
2010-07-21 07:14:54 0 d-----w- c:\program files\Lavasoft
2010-07-21 01:17:35 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-21 01:17:35 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-20 10:01:05 268800 ----a-w- c:\windows\system32\es.dll
2010-07-20 10:00:32 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-07-20 10:00:31 272384 ----a-w- c:\windows\system32\schannel.dll
2010-07-18 22:07:08 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-07-18 22:07:07 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-07-18 22:07:07 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-07-18 22:07:07 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-07-18 22:07:07 24064 ----a-w- c:\windows\system32\lpk.dll
2010-07-18 22:07:07 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-07-18 22:02:29 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-07-18 22:02:29 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-07-18 22:02:29 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-07-18 22:02:29 272896 ----a-w- c:\windows\system32\polstore.dll
2010-07-18 21:59:46 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-07-18 21:59:46 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-07-18 21:58:31 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-07-18 21:58:31 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-07-18 21:58:31 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-07-18 21:57:14 87040 ----a-w- c:\windows\system32\msoert2.dll
2010-07-18 21:57:14 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2010-07-18 21:57:14 205824 ----a-w- c:\windows\system32\msoeacct.dll
2010-07-18 21:55:38 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-07-18 21:55:38 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-07-18 21:55:38 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-07-18 21:55:38 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-07-18 21:55:38 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-07-18 21:55:38 15360 ----a-w- c:\windows\system32\netevent.dll
2010-07-18 21:55:38 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-07-18 21:55:38 103936 ----a-w- c:\windows\system32\netiohlp.dll
2010-07-18 21:55:38 10240 ----a-w- c:\windows\system32\finger.exe
2010-07-18 21:53:56 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-07-18 21:53:55 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2010-07-18 21:53:54 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2010-07-18 21:53:53 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2010-07-18 21:53:53 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-07-18 21:53:53 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2010-07-18 21:53:52 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2010-07-18 21:53:52 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2010-07-18 21:53:50 542720 ----a-w- c:\windows\system32\sysmain.dll
2010-07-18 21:52:37 194560 ----a-w- c:\windows\system32\WebClnt.dll
2010-07-18 21:52:37 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2010-07-18 21:51:26 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2010-07-18 21:51:25 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2010-07-18 21:51:25 502272 ----a-w- c:\windows\system32\wlansvc.dll
2010-07-18 21:51:25 47104 ----a-w- c:\windows\system32\wlanapi.dll
2010-07-18 21:51:25 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2010-07-18 21:51:25 1657350 ----a-w- c:\windows\system32\wlan.tmf
2010-07-18 21:51:25 12876 ----a-w- c:\windows\system32\wbem\wlan.mof
2010-07-18 21:51:24 297984 ----a-w- c:\windows\system32\wlansec.dll
2010-07-18 21:50:01 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-07-18 21:50:01 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-07-18 21:50:00 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-07-18 21:50:00 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-07-18 21:48:37 7680 ----a-w- c:\windows\system32\lsass.exe
2010-07-18 21:48:37 72704 ----a-w- c:\windows\system32\secur32.dll
2010-07-18 21:48:37 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-07-18 21:48:37 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-07-18 21:48:37 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-07-18 21:48:37 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2010-07-18 21:47:18 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-07-18 21:47:18 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-07-18 21:47:18 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-07-18 21:46:07 49664 ----a-w- c:\windows\system32\csrsrv.dll
2010-07-18 21:46:07 376320 ----a-w- c:\windows\system32\winsrv.dll
2010-07-18 21:44:58 2855424 ----a-w- c:\windows\system32\mf.dll
2010-07-18 21:44:57 98816 ----a-w- c:\windows\system32\mfps.dll
2010-07-18 21:44:57 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-07-18 21:44:57 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-07-18 21:44:57 2048 ----a-w- c:\windows\system32\mferror.dll
2010-07-18 21:43:34 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-07-18 21:43:34 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-18 21:37:39 71680 ----a-w- c:\windows\system32\atl.dll
2010-07-18 21:35:25 297472 ----a-w- c:\windows\system32\gdi32.dll
2010-07-18 21:34:15 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2010-07-18 21:34:15 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2010-07-18 21:31:42 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2010-07-18 21:30:39 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2010-07-18 21:30:38 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-07-18 21:29:28 156160 ----a-w- c:\windows\system32\wkssvc.dll
2010-07-18 21:28:08 36352 ----a-w- c:\windows\system32\tsgqec.dll
2010-07-18 21:28:08 1871872 ----a-w- c:\windows\system32\mstscax.dll
2010-07-18 21:28:08 116736 ----a-w- c:\windows\system32\aaclient.dll
2010-07-18 21:26:42 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-07-18 21:24:21 414208 ----a-w- c:\windows\system32\msscp.dll
2010-07-18 21:23:13 713728 ----a-w- c:\windows\system32\timedate.cpl
2010-07-18 21:22:00 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2010-07-18 21:20:51 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2010-07-18 21:20:50 86016 ----a-w- c:\windows\system32\icfupgd.dll
2010-07-18 21:20:50 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2010-07-18 21:20:50 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2010-07-18 21:20:50 16896 ----a-w- c:\windows\system32\wfapigp.dll
2010-07-18 21:20:49 61952 ----a-w- c:\windows\system32\cmifw.dll
2010-07-18 21:15:54 1244672 ----a-w- c:\windows\system32\mcmde.dll
2010-07-18 21:15:53 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-07-18 21:15:53 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-07-18 21:15:53 428032 ----a-w- c:\windows\system32\EncDec.dll
2010-07-18 21:15:53 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-07-18 21:15:53 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-07-18 21:15:53 177152 ----a-w- c:\windows\system32\mpg2splt.ax
2010-07-18 21:15:52 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-07-18 21:12:25 2048 ----a-w- c:\windows\system32\tzres.dll
2010-07-18 21:11:08 696832 ----a-w- c:\windows\system32\localspl.dll
2010-07-18 21:08:56 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-07-18 21:08:56 25656 ----a-w- c:\windows\system32\drivers\msahci.sys
2010-07-18 21:08:56 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-07-18 21:08:56 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2010-07-18 21:08:55 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-07-18 21:08:55 17464 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-07-18 21:08:54 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-07-18 21:07:57 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2010-07-18 21:06:59 2923520 ----a-w- c:\windows\explorer.exe
2010-07-18 21:05:59 8704 ----a-w- c:\windows\system32\hcrstco.dll
2010-07-18 21:05:59 8704 ----a-w- c:\windows\system32\hccoin.dll
2010-07-18 21:05:59 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2010-07-18 21:05:59 38400 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-07-18 21:05:59 23040 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2010-07-18 21:05:59 224768 ----a-w- c:\windows\system32\drivers\usbport.sys
2010-07-18 21:05:59 192000 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-07-18 21:05:58 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-07-18 21:04:00 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-07-18 21:03:02 24064 ----a-w- c:\windows\system32\netcfg.exe
2010-07-18 20:57:09 1585664 ----a-w- c:\windows\system32\setupapi.dll
2010-07-18 20:54:50 549888 ----a-w- c:\windows\system32\rpcss.dll
2010-07-18 20:54:49 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-07-18 20:54:48 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-07-18 20:54:48 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-07-18 20:54:48 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-07-18 20:54:48 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-07-18 20:54:47 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-07-18 20:54:47 53248 ----a-w- c:\windows\system32\iasads.dll
2010-07-18 20:54:47 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2010-07-18 20:54:46 97280 ----a-w- c:\windows\system32\iasrecst.dll
2010-07-18 20:54:46 158720 ----a-w- c:\windows\system32\sdohlp.dll
2010-07-18 20:53:39 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-07-18 20:53:39 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-07-18 20:51:37 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-07-18 20:51:37 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-07-18 20:51:37 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-07-18 20:51:36 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-07-18 20:51:36 22016 ----a-w- c:\windows\system32\netiougc.exe
2010-07-18 20:51:36 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2010-07-18 20:51:36 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-07-18 20:50:32 82432 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-07-18 20:50:32 13312 ----a-w- c:\windows\system32\drivers\sffdisk.sys
2010-07-18 20:50:32 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-07-18 20:48:35 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2010-07-18 20:48:35 223232 ----a-w- c:\windows\system32\WMASF.DLL
2010-07-18 20:48:35 2048 ----a-w- c:\windows\system32\asferror.dll
2010-07-18 20:47:39 25600 ----a-w- c:\windows\system32\amxread.dll
2010-07-18 20:47:39 14848 ----a-w- c:\windows\system32\apilogen.dll
2010-07-18 20:46:37 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2010-07-18 20:46:37 223232 ----a-w- c:\windows\system32\SLC.dll
2010-07-18 20:46:36 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2010-07-18 20:46:36 33280 ----a-w- c:\windows\system32\slwmi.dll
2010-07-18 20:46:35 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2010-07-18 20:46:35 351232 ----a-w- c:\windows\system32\SLUI.exe
2010-07-18 20:46:35 186368 ----a-w- c:\windows\system32\SLLUA.exe
2010-07-18 20:46:34 39936 ----a-w- c:\windows\system32\slcinst.dll
2010-07-18 20:46:34 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2010-07-18 20:45:31 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-07-18 20:45:31 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2010-07-18 20:45:30 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2010-07-18 20:44:26 97792 ----a-w- c:\windows\system32\cabview.dll
2010-07-18 20:42:51 61440 ----a-w- c:\windows\system32\ntprint.exe
2010-07-18 20:42:51 220160 ----a-w- c:\windows\system32\ntprint.dll
2010-07-18 20:42:49 1984512 ----a-w- c:\windows\system32\authui.dll
2010-07-18 20:42:49 120320 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2010-07-18 20:42:49 10240 ----a-w- c:\windows\system32\dhcpcmonitor.dll
2010-07-18 20:42:47 69632 ----a-w- c:\windows\system32\sendmail.dll
2010-07-18 20:42:46 8138240 ----a-w- c:\windows\system32\ssBranded.scr
2010-07-18 20:41:48 441856 ----a-w- c:\windows\system32\win32spl.dll
2010-07-18 20:41:48 37376 ----a-w- c:\windows\system32\printcom.dll
2010-07-18 20:40:58 2031104 ----a-w- c:\windows\system32\win32k.sys
2010-07-18 20:39:12 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-07-18 20:39:12 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-07-18 20:38:16 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-07-18 20:38:16 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-07-18 20:38:16 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-07-18 20:37:07 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-07-18 20:37:07 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-07-18 20:37:07 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-07-18 20:37:07 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-07-18 20:37:07 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-07-18 20:37:06 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-07-18 20:37:06 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-07-18 20:37:06 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-07-18 20:37:06 472576 ----a-w- c:\windows\system32\secproc.dll
2010-07-18 20:36:10 11776 ----a-w- c:\windows\system32\sbunattend.exe
2010-07-18 20:34:41 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2010-07-18 20:34:41 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2010-07-18 20:34:02 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2010-07-18 20:29:47 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-07-18 20:29:47 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-07-18 20:29:47 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-07-18 20:29:47 11264 ----a-w- c:\windows\system32\icardres.dll
2010-07-18 20:29:43 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-07-18 20:29:42 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-18 20:29:41 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-07-18 20:29:41 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-18 20:16:36 65536 ----a-w- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2010-07-18 20:16:36 27590656 ----a-w- c:\windows\ocsetup_install_NetFx3.etl
2010-07-18 20:16:36 196608 ----a-w- c:\windows\ocsetup_cbs_install_NetFx3.perf
2010-07-18 20:14:06 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-07-18 20:14:06 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-18 20:14:05 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-07-18 20:14:04 83968 ----a-w- c:\windows\system32\mscories.dll
2010-07-18 20:14:04 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-07-18 20:01:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-07-18 20:01:05 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-07-18 20:01:05 1686528 ----a-w- c:\windows\system32\gameux.dll
2010-07-18 20:00:32 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-07-18 20:00:32 94720 ----a-w- c:\windows\system32\logagent.exe
2010-07-18 19:59:50 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-07-18 19:59:50 737792 ----a-w- c:\windows\system32\inetcomm.dll
2010-07-18 19:59:32 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-07-18 19:59:13 1645568 ----a-w- c:\windows\system32\connect.dll
2010-07-18 19:58:57 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2010-07-18 19:58:56 5120 ----a-w- c:\windows\system32\wmi.dll
2010-07-18 19:58:56 152576 ----a-w- c:\windows\system32\imagehlp.dll
2010-07-18 19:58:42 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-18 19:58:11 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-07-18 19:58:11 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-07-18 19:58:11 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-07-18 19:56:54 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-07-18 19:56:43 974336 ----a-w- c:\windows\system32\crypt32.dll
2010-07-18 19:56:14 274432 ----a-w- c:\windows\system32\raschap.dll
2010-07-18 19:56:13 232960 ----a-w- c:\windows\system32\rastls.dll
2010-07-18 19:55:57 321536 ----a-w- c:\windows\system32\WSDApi.dll
2010-07-18 19:55:28 0 d-----w- c:\program files\MSXML 4.0
2010-07-18 19:55:16 633856 ----a-w- c:\windows\system32\user32.dll
2010-07-18 19:54:29 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-07-18 19:54:29 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-07-18 19:54:29 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-07-18 19:54:29 1327616 ----a-w- c:\windows\system32\quartz.dll
2010-07-18 19:54:29 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-07-18 19:54:28 88576 ----a-w- c:\windows\system32\avifil32.dll
2010-07-18 19:54:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-07-18 19:54:28 31232 ----a-w- c:\windows\system32\msvidc32.dll
2010-07-18 19:54:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-07-18 19:54:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-07-18 19:53:57 750080 ----a-w- c:\windows\system32\qmgr.dll
2010-07-18 19:53:48 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-07-18 19:53:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-07-18 19:53:28 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-07-18 19:53:27 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-07-18 19:53:27 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-07-18 19:53:24 311296 ----a-w- c:\windows\system32\unregmp2.exe
2010-07-17 22:57:53 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-07-17 21:12:17 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-07-17 21:12:00 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-07-17 21:11:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-07-17 21:11:50 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-07-17 16:37:41 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-17 16:37:40 0 d-----w- c:\programdata\Avira
2010-07-17 16:37:40 0 d-----w- c:\program files\Avira
2010-07-17 08:28:45 0 d-----w- c:\program files\VS Revo Group
2010-07-17 07:52:23 472 ----a-w- c:\windows\system32\request.gzip
2010-07-17 07:52:23 2799 ----a-w- c:\windows\system32\responseBody.xml
2010-07-17 07:52:22 1165 ----a-w- c:\windows\system32\requestBody.xml
2010-07-17 07:21:12 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv6000 (GA127UA#ABL)_Y5335KV_0U_QCNF7140DM0_E436463-DB3_4A_I30BB_SQuanta_V66.42_F.2D_T081126_WV3-0_L409_M2038_J250_7Intel_86F2_91.73_#100717_N80861092;80864222_(GA127UA#ABL)_XMOBILE_CN10_Z.MRK
2010-07-17 07:19:54 44 ----a-w- c:\windows\system\hpsysdrv.dat
2010-07-17 07:05:15 0 d-sh--we c:\programdata\Documents
2010-07-17 07:05:15 0 d-sh--we C:\Documents and Settings

==================== Find3M ====================

2010-07-18 22:32:57 174 --sha-w- c:\program files\desktop.ini
2010-07-18 22:26:22 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-18 22:26:19 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-07-18 22:26:19 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-18 22:26:19 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-18 21:01:27 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-07-18 20:56:38 40960 ----a-w- c:\windows\system32\srclient.dll
2010-07-18 19:52:24 16710176 ----a-w- c:\windows\fonts\meiryo.ttc
2010-07-18 19:52:23 17159388 ----a-w- c:\windows\fonts\meiryob.ttc
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:35:07.45 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 17/07/2010 4:00:26 AM
System Uptime: 26/07/2010 3:13:39 PM (9 hours ago)

Motherboard: Quanta | | 30BB
Processor: Intel® Core™2 CPU T5300 @ 1.73GHz | U2E1 | 1733/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 226 GiB total, 174.285 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.471 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP47: 22/07/2010 2:18:35 AM - First Manual After Restoration
RP48: 22/07/2010 6:00:22 AM - Windows Update
RP49: 22/07/2010 5:52:18 PM - Windows Update
RP50: 23/07/2010 6:00:20 AM - Windows Update
RP51: 23/07/2010 8:32:15 PM - Windows Modules Installer
RP52: 24/07/2010 10:44:30 AM - Windows Update
RP53: 26/07/2010 12:09:30 AM - Windows Update
RP54: 26/07/2010 12:28:04 AM - Installed Java™ 6 Update 20
RP55: 26/07/2010 10:25:22 AM - Windows Update
RP56: 26/07/2010 10:55:19 AM - Windows Update
RP57: 26/07/2010 12:31:16 PM - [ErrorText_1715]
RP58: 26/07/2010 12:51:35 PM - COMODO System-Cleaner 26-07-10_12-51-35
RP59: 26/07/2010 1:14:37 PM - Installed Java™ 6 Update 21
RP60: 26/07/2010 1:18:13 PM - Windows Update
RP61: 26/07/2010 1:45:36 PM - Windows Update
RP62: 26/07/2010 3:38:38 PM - Windows Backup
RP63: 26/07/2010 8:12:00 PM - Windows Update
RP64: 26/07/2010 10:44:11 PM - Windows Update

==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8
ASL_HS_Installer32
AutoUpdate
Avira AntiVir Personal - Free Antivirus
COMODO System - Cleaner
Conexant HD Audio
DivX
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Connections (remove only)
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Pavilion Webcam Driver for Vista v061.001.00005
HP Quick Launch Buttons 6.10 B9
HP QuickPlay 3.0
HP Total Care Advisor
HP Update
HP User Guide 0048
HP Wireless Assistant
HPNetworkAssistant
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 21
Java™ SE Runtime Environment 6
LightScribe 1.4.124.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
My HP Games
Revo Uninstaller 1.89
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Soft Data Fax Modem with SmartCP
Sonic Activation Module
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01

==== Event Viewer Messages From Past Week ========

26/07/2010 12:16:12 AM, Error: Service Control Manager [7023] -
26/07/2010 12:16:11 AM, Error: Service Control Manager [7022] - The IPsec Policy Agent service hung on starting.
24/07/2010 3:39:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
24/07/2010 3:39:30 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/07/2010 3:36:41 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
22/07/2010 9:06:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

==== End Of File ===========================

ComboFix 10-07-24.06 - Mike 26/07/2010 14:14:08.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6000.0.1252.2.1033.18.2037.1198 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-06-26 to 2010-07-26 )))))))))))))))))))))))))))))))
.

2010-07-26 18:11 . 2010-07-26 18:12 -------- d-----w- C:\32788R22FWJFW
2010-07-26 18:05 . 2010-07-26 18:05 -------- d-----w- c:\users\Mike\AppData\Roaming\Avira
2010-07-26 16:35 . 2010-07-26 16:35 -------- d-----w- c:\users\Mike\AppData\Roaming\ComodoGroup
2010-07-26 16:31 . 2010-07-26 16:31 -------- d-----w- c:\program files\COMODO
2010-07-26 15:51 . 2010-07-26 15:51 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2010-07-26 15:50 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-26 15:50 . 2010-07-26 15:50 -------- d-----w- c:\programdata\Malwarebytes
2010-07-26 15:50 . 2010-07-26 16:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 15:50 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-26 04:29 . 2010-06-22 08:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-25 12:31 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-07-22 16:49 . 2010-07-22 16:50 -------- d-----w- c:\users\Mike\AppData\Local\Adobe
2010-07-22 07:00 . 2010-07-22 07:00 -------- d-----w- c:\users\Mike\AppData\Local\Apps
2010-07-22 01:26 . 2010-07-22 01:26 0 ----a-w- c:\windows\nsreg.dat
2010-07-21 10:00 . 2010-07-21 10:00 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-07-21 07:15 . 2010-07-21 19:45 -------- dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-21 07:15 . 2010-07-12 08:56 2979280 -c--a-w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-21 07:14 . 2010-07-21 07:14 -------- d-----w- c:\programdata\Lavasoft
2010-07-21 07:14 . 2010-07-21 07:14 -------- d-----w- c:\program files\Lavasoft
2010-07-21 01:17 . 2010-07-22 06:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-21 01:17 . 2010-07-21 01:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-20 10:01 . 2010-07-20 10:01 268800 ----a-w- c:\windows\system32\es.dll
2010-07-20 10:00 . 2010-07-20 10:00 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-07-20 10:00 . 2010-07-20 10:00 272384 ----a-w- c:\windows\system32\schannel.dll
2010-07-18 22:07 . 2010-07-18 22:07 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-07-18 22:07 . 2010-07-18 22:07 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-07-18 22:07 . 2010-07-18 22:07 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-07-18 22:07 . 2010-07-18 22:07 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-07-18 22:07 . 2010-07-18 22:07 24064 ----a-w- c:\windows\system32\lpk.dll
2010-07-18 22:07 . 2010-07-18 22:07 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-07-18 22:02 . 2010-07-18 22:02 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-07-18 22:02 . 2010-07-18 22:02 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-07-18 22:02 . 2010-07-18 22:02 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-07-18 22:02 . 2010-07-18 22:02 272896 ----a-w- c:\windows\system32\polstore.dll
2010-07-18 21:59 . 2010-07-18 21:59 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-07-18 21:59 . 2010-07-18 21:59 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2010-07-18 21:58 . 2010-07-18 21:58 95232 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-07-18 21:58 . 2010-07-18 21:58 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-07-18 21:58 . 2010-07-18 21:58 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-07-18 21:57 . 2010-07-18 21:57 87040 ----a-w- c:\windows\system32\msoert2.dll
2010-07-18 21:57 . 2010-07-18 21:57 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2010-07-18 21:57 . 2010-07-18 21:57 205824 ----a-w- c:\windows\system32\msoeacct.dll
2010-07-18 21:55 . 2010-07-18 21:55 15360 ----a-w- c:\windows\system32\netevent.dll
2010-07-18 21:55 . 2010-07-18 21:55 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-07-18 21:55 . 2010-07-18 21:55 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-07-18 21:55 . 2010-07-18 21:55 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-07-18 21:55 . 2010-07-18 21:55 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-07-18 21:55 . 2010-07-18 21:55 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-07-18 21:55 . 2010-07-18 21:55 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-07-18 21:55 . 2010-07-18 21:55 103936 ----a-w- c:\windows\system32\netiohlp.dll
2010-07-18 21:55 . 2010-07-18 21:55 10240 ----a-w- c:\windows\system32\finger.exe
2010-07-18 21:53 . 2010-07-18 21:53 704000 ----a-w- c:\windows\system32\PhotoScreensaver.scr
2010-07-18 21:53 . 2010-07-18 21:53 356352 ----a-w- c:\windows\system32\wbem\wbemcomn.dll
2010-07-18 21:53 . 2010-07-18 21:53 24064 ----a-w- c:\windows\system32\wtsapi32.dll
2010-07-18 21:53 . 2010-07-18 21:53 258232 ----a-w- c:\windows\system32\drivers\acpi.sys
2010-07-18 21:53 . 2010-07-18 21:53 20920 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-07-18 21:53 . 2010-07-18 21:53 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2010-07-18 21:53 . 2010-07-18 21:53 28344 ----a-w- c:\windows\system32\drivers\battc.sys
2010-07-18 21:53 . 2010-07-18 21:53 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2010-07-18 21:53 . 2010-07-18 21:53 542720 ----a-w- c:\windows\system32\sysmain.dll
2010-07-18 21:52 . 2010-07-18 21:52 194560 ----a-w- c:\windows\system32\WebClnt.dll
2010-07-18 21:52 . 2010-07-18 21:52 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2010-07-18 21:51 . 2010-07-18 21:51 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2010-07-18 21:51 . 2010-07-18 21:51 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2010-07-18 21:51 . 2010-07-18 21:51 502272 ----a-w- c:\windows\system32\wlansvc.dll
2010-07-18 21:51 . 2010-07-18 21:51 47104 ----a-w- c:\windows\system32\wlanapi.dll
2010-07-18 21:51 . 2010-07-18 21:51 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2010-07-18 21:51 . 2010-07-18 21:51 297984 ----a-w- c:\windows\system32\wlansec.dll
2010-07-18 21:50 . 2010-07-18 21:50 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-07-18 21:50 . 2010-07-18 21:50 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-07-18 21:50 . 2010-07-18 21:50 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-07-18 21:50 . 2010-07-18 21:50 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-07-18 21:48 . 2010-07-18 21:48 7680 ----a-w- c:\windows\system32\lsass.exe
2010-07-18 21:48 . 2010-07-18 21:48 72704 ----a-w- c:\windows\system32\secur32.dll
2010-07-18 21:48 . 2010-07-18 21:48 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-07-18 21:48 . 2010-07-18 21:48 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-07-18 21:48 . 2010-07-18 21:48 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-07-18 21:48 . 2010-07-18 21:48 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2010-07-18 21:47 . 2010-07-18 21:47 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-07-18 21:47 . 2010-07-18 21:47 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-07-18 21:47 . 2010-07-18 21:47 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-07-18 21:46 . 2010-07-18 21:46 49664 ----a-w- c:\windows\system32\csrsrv.dll
2010-07-18 21:46 . 2010-07-18 21:46 376320 ----a-w- c:\windows\system32\winsrv.dll
2010-07-18 21:44 . 2010-07-18 21:44 2855424 ----a-w- c:\windows\system32\mf.dll
2010-07-18 21:44 . 2010-07-18 21:44 98816 ----a-w- c:\windows\system32\mfps.dll
2010-07-18 21:44 . 2010-07-18 21:44 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-07-18 21:44 . 2010-07-18 21:44 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-07-18 21:44 . 2010-07-18 21:44 2048 ----a-w- c:\windows\system32\mferror.dll
2010-07-18 21:43 . 2010-07-18 21:43 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-07-18 21:43 . 2010-07-18 21:43 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-07-18 21:37 . 2010-07-18 21:37 71680 ----a-w- c:\windows\system32\atl.dll
2010-07-18 21:35 . 2010-07-18 21:35 297472 ----a-w- c:\windows\system32\gdi32.dll
2010-07-18 21:34 . 2010-07-18 21:34 41984 ----a-w- c:\windows\system32\drivers\monitor.sys
2010-07-18 21:34 . 2010-07-18 21:34 1060920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2010-07-18 21:31 . 2010-07-18 21:31 374456 ----a-w- c:\windows\system32\mcupdate_GenuineIntel.dll
2010-07-18 21:30 . 2010-07-18 21:30 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2010-07-18 21:30 . 2010-07-18 21:30 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-07-18 21:29 . 2010-07-18 21:29 156160 ----a-w- c:\windows\system32\wkssvc.dll
2010-07-18 21:28 . 2010-07-18 21:28 36352 ----a-w- c:\windows\system32\tsgqec.dll
2010-07-18 21:28 . 2010-07-18 21:28 1871872 ----a-w- c:\windows\system32\mstscax.dll
2010-07-18 21:28 . 2010-07-18 21:28 116736 ----a-w- c:\windows\system32\aaclient.dll
2010-07-18 21:27 . 2010-07-18 21:27 -------- d-----w- c:\users\Mike\AppData\Local\MigWiz
2010-07-18 21:26 . 2010-07-18 21:26 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-07-18 21:24 . 2010-07-18 21:24 414208 ----a-w- c:\windows\system32\msscp.dll
2010-07-18 21:22 . 2010-07-18 21:22 356864 ----a-w- c:\windows\system32\MediaMetadataHandler.dll
2010-07-18 21:20 . 2010-07-18 21:20 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2010-07-18 21:20 . 2010-07-18 21:20 86016 ----a-w- c:\windows\system32\icfupgd.dll
2010-07-18 21:20 . 2010-07-18 21:20 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2010-07-18 21:20 . 2010-07-18 21:20 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2010-07-18 21:20 . 2010-07-18 21:20 16896 ----a-w- c:\windows\system32\wfapigp.dll
2010-07-18 21:20 . 2010-07-18 21:20 61952 ----a-w- c:\windows\system32\cmifw.dll
2010-07-18 21:15 . 2010-07-18 21:15 1244672 ----a-w- c:\windows\system32\mcmde.dll
2010-07-18 21:15 . 2010-07-18 21:15 428032 ----a-w- c:\windows\system32\EncDec.dll
2010-07-18 21:15 . 2010-07-18 21:15 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-07-18 21:12 . 2010-07-18 21:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-07-18 21:11 . 2010-07-18 21:11 696832 ----a-w- c:\windows\system32\localspl.dll
2010-07-18 21:08 . 2010-07-18 21:08 45112 ----a-w- c:\windows\system32\drivers\pciidex.sys
2010-07-18 21:08 . 2010-07-18 21:08 25656 ----a-w- c:\windows\system32\drivers\msahci.sys
2010-07-18 21:08 . 2010-07-18 21:08 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-07-18 21:08 . 2010-07-18 21:08 109624 ----a-w- c:\windows\system32\drivers\ataport.sys
2010-07-18 21:08 . 2010-07-18 21:08 211000 ----a-w- c:\windows\system32\drivers\volsnap.sys
2010-07-18 21:08 . 2010-07-18 21:08 17464 ----a-w- c:\windows\system32\drivers\intelide.sys
2010-07-18 21:08 . 2010-07-18 21:08 154624 ----a-w- c:\windows\system32\drivers\nwifi.sys
2010-07-18 21:07 . 2010-07-18 21:07 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2010-07-18 21:06 . 2010-07-18 21:06 2923520 ----a-w- c:\windows\explorer.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 17:16 . 2006-12-21 12:17 -------- d-----w- c:\program files\Common Files\Java
2010-07-26 17:16 . 2006-12-21 12:17 -------- d-----w- c:\program files\Java
2010-07-26 16:58 . 2006-12-21 10:59 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-20 18:43 . 2006-12-21 11:56 -------- d-----w- c:\programdata\WildTangent
2010-07-18 22:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-07-18 22:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-18 22:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-07-18 22:26 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-07-18 22:26 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-18 22:05 . 2010-07-18 22:05 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2010-07-18 21:01 . 2010-07-18 21:01 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll
2010-07-18 20:56 . 2010-07-18 20:56 40960 ----a-w- c:\windows\system32\srclient.dll
2010-07-18 20:47 . 2010-07-18 20:47 40960 ----a-w- c:\windows\AppPatch\apihex86.dll
2010-07-18 20:01 . 2010-07-18 20:01 2560 ----a-w- c:\windows\AppPatch\AcRes.dll
2010-07-18 20:01 . 2010-07-18 20:01 449024 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-07-18 20:01 . 2010-07-18 20:01 2143744 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-07-18 20:01 . 2010-07-18 20:01 537600 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-07-18 20:01 . 2010-07-18 20:01 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-07-17 16:14 . 2006-12-21 12:03 -------- d-----w- c:\program files\Yahoo!
2010-07-17 15:56 . 2006-12-21 11:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-17 08:32 . 2006-12-21 11:31 -------- d-----w- c:\programdata\Symantec
2010-07-17 07:59 . 2006-12-21 11:50 -------- d-----w- c:\programdata\CyberLink
2010-07-17 07:24 . 2006-12-21 12:13 -------- d-----w- c:\programdata\Hewlett-Packard
2010-07-17 07:23 . 2010-07-17 07:15 -------- d-----w- c:\users\Mike\AppData\Roaming\Hewlett-Packard
2010-07-17 07:21 . 2006-12-21 11:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-17 07:21 . 2010-07-17 07:21 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv6000 (GA127UA#ABL)_Y5335KV_0U_QCNF7140DM0_E436463-DB3_4A_I30BB_SQuanta_V66.42_F.2D_T081126_WV3-0_L409_M2038_J250_7Intel_86F2_91.73_#100717_N80861092;80864222_(GA127UA#ABL)_XMOBILE_CN10_Z.MRK
2010-07-17 07:05 . 2010-07-17 07:05 -------- d-sh--we c:\programdata\Templates
2010-07-17 07:05 . 2010-07-17 07:05 -------- d-sh--we c:\programdata\Start Menu
2010-07-17 07:05 . 2010-07-17 07:05 -------- d-sh--we c:\programdata\Favorites
2010-07-17 07:05 . 2010-07-17 07:05 -------- d-sh--we c:\programdata\Documents
2010-07-17 07:05 . 2010-07-17 07:05 -------- d-sh--we c:\programdata\Desktop
2010-05-04 05:59 . 2010-07-24 14:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-07-24 14:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-07-24 14:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-07-24 14:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2010-07-18 1006264]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-03 167936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-21 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 CFRMD;CFRMD;c:\windows\System32\drivers\CFRMD.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-07-26 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 19:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=laptop
TCP: {8D43A907-C454-46AF-9F65-C8B9ECEBC41E} = 4.2.2.1,4.2.2.2
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\6sic4qmw.default\
FF - prefs.js: browser.startup.homepage - igoogle.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-26 14:20
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4384)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2010-07-26 14:23:35
ComboFix-quarantined-files.txt 2010-07-26 18:23

Pre-Run: 191,156,391,936 bytes free
Post-Run: 191,087,050,752 bytes free

- - End Of File - - 0AE4A6D86E904D13A2E3DE57B1F72631

Edited by Orange Blossom, 27 July 2010 - 05:44 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:37 AM

Posted 27 July 2010 - 07:23 PM

Closed as OP has contacted me the PC is reinstalled.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users