Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something


  • This topic is locked This topic is locked
23 replies to this topic

#1 bint

bint

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 06 August 2010 - 06:07 PM

Hi,

I was infected with something that caused redirects of websites. I was able to (hopefully) removed it with Malwarebytes Anti-Malware (no more redirects). However, I still think I am infected with something because my system is really slow. Also, when I tried running Gmer in Safe Mode (I tried running it in Normal first but it just froze), a blue screen popped up with a message saying something like "ulpqdow.sys" is causing an error or something (it was really really fast) and then the system restarted.

Am I infected with something and if so, how do I remove it? Also, did this "thing" came from Azureus ? The Azureus folder was modified this morning but I havent used it in months.

Thank you very much for your help in advance. Here are the requested logs:


DDS (Ver_10-03-17.01) - NTFSx86
Run by bin at 11:53:02.30 on Fri 08/06/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.2038.880 [GMT -7:00]

SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\LeapFrog\FlyWorld\bin\FLYMonitor.exe
C:\Program Files\NETGEAR\PS121v2\PS121v2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Windows\system32\taskeng.exe
C:\Program Files\Orb Networks\Orb\bin\Orblauncher.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\bin\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~2\MEGAUP~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~2\MEGAUP~1.DLL
TB: Alive Text to Speech: {954f618b-0dec-4d1a-9317-e0fc96f87865} - c:\progra~1\alivem~1\textto~1\IETOOL~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "c:\users\bin\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] "%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [FlyMonitor] "c:\program files\leapfrog\flyworld\bin\FlyMonitor.exe"
mRun: [PS121v2] "c:\program files\netgear\ps121v2\PS121v2.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [ArcSoft Connection Service] "c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IAStorIcon] "c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe"
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\bin\appdata\roaming\mozilla\firefox\profiles\2lxn8dg1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\users\bin\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-24 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 224240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 30112]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-24 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-24 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-24 56816]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-5-31 13336]
R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2010-7-28 45072]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\cyberlink\tv enhance\kernel\tv\TVECapSvc.exe [2010-2-7 386400]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\cyberlink\tv enhance\kernel\tv\TVESched.exe [2010-2-7 202080]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2010-7-28 3858168]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2010-7-19 3019672]
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\drivers\NETGEARUHOST.sys [2008-11-1 10752]
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\drivers\NETGEARUHUB.sys [2008-11-1 37120]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2007-9-5 19456]
S3 MicFxBas;U3100mini DRXUSB Driver;c:\windows\system32\drivers\MicFxBas.sys [2010-2-7 27904]
S3 MicNgCap;U3100mini Audio/Video Capture Driver;c:\windows\system32\drivers\MicNgCap.sys [2010-2-7 74112]
S3 MicNgTun;U3100mini Tuner Driver;c:\windows\system32\drivers\MicNgTun.sys [2010-2-7 311424]
S3 NETGEARUCOMP;NETGEAR Network USB Composite Device;c:\windows\system32\drivers\NETGEARUCOMP.sys [2008-11-1 11648]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-21 42512]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2010-08-06 18:22:42 0 d-----w- c:\program files\Trend Micro
2010-08-06 17:30:18 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-06 17:10:02 98816 ----a-w- c:\windows\sed.exe
2010-08-06 17:10:02 77312 ----a-w- c:\windows\MBR.exe
2010-08-06 17:10:02 256512 ----a-w- c:\windows\PEV.exe
2010-08-06 17:10:02 161792 ----a-w- c:\windows\SWREG.exe
2010-08-06 16:52:57 0 d-----w- c:\program files\CCleaner
2010-08-06 07:16:04 0 d-----w- c:\program files\iPod
2010-08-06 07:16:03 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-06 07:16:03 0 d-----w- c:\program files\iTunes
2010-08-06 07:07:06 0 d-----w- c:\program files\Bonjour
2010-08-05 16:58:27 0 d-----w- c:\programdata\COMODO
2010-08-05 16:54:38 0 d-----w- c:\program files\COMODO
2010-08-05 16:48:28 0 d-----w- c:\programdata\Comodo Downloader
2010-08-05 01:03:41 56320 --sha-r- c:\users\bin\appdata\roaming\igfxrrusd.dll
2010-08-05 01:02:51 0 d-----w- c:\programdata\Update
2010-08-02 22:53:21 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-07-28 20:13:40 45072 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2010-07-28 20:13:40 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2010-07-28 20:13:40 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2010-07-28 20:11:54 0 d-----w- c:\program files\Webroot
2010-07-28 20:11:51 0 dc-h--w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}
2010-07-28 20:11:36 0 d-----w- c:\programdata\Webroot
2010-07-18 16:00:04 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-18 16:00:04 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-18 16:00:04 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-18 16:00:04 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-18 16:00:03 1130824 ----a-w- c:\windows\system32\dfshim.dll

==================== Find3M ====================

2010-08-06 07:09:07 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-06 07:09:07 143360 ----a-w- c:\windows\inf\infstor.dat
2010-08-06 07:09:06 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-02 02:00:52 278288 ----a-w- c:\windows\system32\guard32.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-08-17 15:11:53 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-06-13 05:03:19 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 11:55:06.79 ===============

Attached File  ark.log   8.5KB   4 downloads
Attached File  Attach.txt   7.85KB   1 downloads

Edited by bint, 06 August 2010 - 06:21 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:44 AM

Posted 14 August 2010 - 08:30 AM

Hello bint

Welcome to BleepingComputer smile.gif

What are the symptoms that you are having?
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 bint

bint
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 14 August 2010 - 07:40 PM

Hi, thanks for the response.

The problem I was having were redirects of webpages - links in google would redirect to weird sites. Also the computer seems to be operating really slow.
Here are the requested logs.

Thanks again !

OTL Extras logfile created on: 8/14/2010 5:14:14 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\bin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.86 Gb Total Space | 34.90 Gb Free Space | 24.78% Space Free | Partition Type: NTFS
Drive D: | 8.19 Gb Total Space | 1.85 Gb Free Space | 22.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIN-PC
Current User Name: bin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{59A19E1F-CB57-456A-A924-BE18E5EFC3D9}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{DEF74DD8-7DC1-4625-B638-BC7C66A521B8}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8D0F08-7DB2-496E-A59F-5388926C4B0D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{14D7102A-98A3-4D30-86C8-2EC2E0843188}" = protocol=17 | dir=in | app=c:\program files\cyberlink\tv enhance\tveservice.exe |
"{178F56D7-3A8C-4058-AB32-4B14E7FE87F7}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orb.exe |
"{28385593-A193-449C-8D17-8F17E052F9B4}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbstreamerclient.exe |
"{2886A29B-0036-40F8-9C21-1E79F5FBA225}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{30C66516-91EF-44BD-AB98-9F84E6E173D1}" = protocol=6 | dir=in | app=c:\program files\cyberlink\tv enhance\tvenhance.exe |
"{4445A046-CBAE-4114-8EFC-082208676839}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{46966CBD-76B7-437A-B087-DC68CC8B6F34}" = protocol=6 | dir=in | app=c:\program files\cyberlink\tv enhance\tvenhance.exe |
"{47E6ED47-C143-44E1-9490-315B21496117}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbir.exe |
"{49C6F30B-1CDE-43F5-B556-10D8FFFC33C8}" = protocol=17 | dir=in | app=c:\program files\cyberlink\tv enhance\tveservice.exe |
"{51A7BDC7-FD8D-4A47-983F-8FAEBCE750D2}" = protocol=17 | dir=in | app=c:\program files\leapfrog\flyworld\bin\flyworld.exe |
"{57F176E1-3682-4208-96A8-9E63BEF85248}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{7B5ED5F4-4F7B-4A02-824E-D500953DFC40}" = protocol=6 | dir=in | app=c:\program files\cyberlink\tv enhance\tveservice.exe |
"{81126C58-24A6-4121-861E-9ACA9C828E8B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{84CA7721-D786-4C7D-B10C-4E2B1C4BB47B}" = protocol=17 | dir=in | app=c:\program files\cyberlink\tv enhance\tvenhance.exe |
"{8582F25C-AF94-4EFB-A6AA-72E742406F4F}" = protocol=6 | dir=in | app=c:\program files\leapfrog\flyworld\bin\flyworld.exe |
"{95C35857-2F38-4EF1-9E83-EEB3C5C0E686}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orblauncher.exe |
"{96BA7A6B-611E-45EF-A783-134B9C8ED2A5}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{97D79CD5-5FE8-4027-875B-CB86DBF054BA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9840D521-7935-4F05-84EC-7308F20D0452}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{98A1A5BC-3266-4818-9F8C-A92C48AE3FA4}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{9C793D56-A4D5-46AA-9957-42BA977E15AB}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbsetupwizard.exe |
"{9E43EEC8-362C-4E9C-B6DB-E51C8A2AFBE5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A166717A-C680-432E-B3EC-EA11E30BC38F}" = protocol=17 | dir=in | app=c:\program files\leapfrog\flyworld\bin\flymonitor.exe |
"{A2EE41DD-A3A6-4BE8-BAD7-5E3583B795C0}" = protocol=6 | dir=in | app=c:\program files\leapfrog\flyworld\bin\flymonitor.exe |
"{A4418F99-14EC-47F2-9796-3640B89DB244}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orblauncher.exe |
"{AAAD0592-E274-40FA-9252-1C963E13AADC}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbsetupwizard.exe |
"{AADF8160-3B60-435E-AEDF-8A00EF7B45C6}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbir.exe |
"{B6B0EEE8-EA1F-49A2-B3CA-AAF44769532B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C24EE8EC-9F0B-4E1A-9F8A-3FEA35B93EC9}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CD2114FE-8A61-4DD6-A4E7-AC7CB99142B9}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbstreamerclient.exe |
"{D2002F79-1619-484F-893C-8A5D53844B58}" = protocol=6 | dir=in | app=c:\program files\cyberlink\tv enhance\tveservice.exe |
"{D6EAE66F-2447-4105-80A8-41F8A966382F}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orbcontrolpanel.exe |
"{DBADA0C4-806A-4643-A105-4C5236478B2E}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{DCCD2EF6-A8D3-456C-BF64-FDF7EC28C4D6}" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orb.exe |
"{DFB88ED9-54CE-4AFE-BB95-480F0DC5B879}" = protocol=17 | dir=in | app=c:\program files\cyberlink\tv enhance\tvenhance.exe |
"{E100C0A6-FEF4-48D0-9C26-42F5A5BABEEE}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{E4FDCB5C-EFB6-4E63-AEC2-40D457A9681A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FE309A17-AB68-4D18-BD67-C428DF578B75}" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orbcontrolpanel.exe |
"TCP Query User{256B2AB4-76C7-4776-9861-287F6FA7ACA6}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{2AB660BF-7465-4188-8A22-87AF90D2C541}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{463AFFE4-3DD6-4D29-8E96-E9F4F27B69B1}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{5065D673-264D-4CA3-8547-D76EA5F9E0CC}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{561C4DBE-0EE3-4370-ABD6-296FA82563E8}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{71A512CF-7C56-49CB-90A0-6D3FDD660331}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{76E2D4BE-0354-4013-B3FC-D66EF3F5221A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A3F33D98-1120-4551-8E28-592F44DD4FDA}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{C1ACF8F6-F689-4C0D-B8DB-86DB276524D2}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{C1CB425A-972F-4568-A637-0890A688361C}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{C3CF3B70-DF84-406B-93F9-7029BC7DCB50}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{D79D4CB6-5C4A-4976-A820-53288B991A02}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{D88EEA04-E381-4765-AB83-E916D5725EBA}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{E251B6C6-F5C9-418D-AE17-7E8A2C6EEE57}C:\program files\orb networks\orb\bin\orblauncher.exe" = protocol=6 | dir=in | app=c:\program files\orb networks\orb\bin\orblauncher.exe |
"UDP Query User{179E9158-69EA-4B22-80C6-6E1A97E9B4B7}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{4759C857-CC3E-42DB-A8BE-5A505D282E54}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{52FFDA9D-5AD4-4F03-AC39-2AC4F49976B5}C:\program files\orb networks\orb\bin\orblauncher.exe" = protocol=17 | dir=in | app=c:\program files\orb networks\orb\bin\orblauncher.exe |
"UDP Query User{8100C1B5-CCF0-43E6-A106-03C13D777DED}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{92BF9D16-B38B-4C21-BE44-BD9938C6073A}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"UDP Query User{A2944DC8-5DEE-45D7-93F1-8612F46D21CC}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{AE22E7E9-AE4E-4940-9C62-EA94243EDF53}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{BF60C42B-2D68-40C1-9981-466511492F41}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{CEA45C0C-FE31-4939-8D20-84CB9F7F905F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{CEFA7E0C-22D5-4C4D-A75A-7472981BD1B6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CFE22B63-8E8E-415E-BBEE-18637A2BEB3A}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{D44B0C64-9B74-445D-964B-766BAC5264EF}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{F08BE0BA-8C41-4519-B80C-DDFE614691E3}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{F8A8307C-79BB-41C9-ADF0-975A9F343D31}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FF63C7-6D9E-49F4-9018-BD269A1492C9}" = ASUS Popup TV
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1517A7CB-5F00-4A88-8F06-E89B6DB63784}" = ESU for Microsoft Vista
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{262C7F33-8251-432E-88C1-E9F42A53F8F0}" = PDFill PDF Editor with FREE PDF Writer and Tools
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FBC7FAE-14B0-416D-B113-5B1EBA582978}" = ArcSoft MediaImpression for Kodak
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40385AA8-F33A-4E8E-BCAB-DF94A6AF7D51}" = HP User Guides 0060
"{40724630-C95F-449d-B71D-777CFDE9EA21}" = J5700
"{40BA976E-38B8-4C63-990C-50999C8C3521}" = BPD_Scan
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41A96655-19FB-473c-AAB7-429E372527C8}" = ProductContext
"{451B332F-E2A7-4F69-B1ED-99C99BDB9C2F}" = NETGEAR PS121v2
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5D0F0C1F-46B0-4AA2-B8DC-02E5FE777C19}" = 5700_Help
"{5D235030-8E60-42A0-9258-B7943FCD3511}" = inSSIDer
"{5D946D0D-9437-4E15-AC1F-F9BCF0B32561}" = FLY World
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62AAFC0A-00B8-4663-98D8-96AE9F3BA058}" = TTS
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{746EC26B-9A80-4FD5-9861-545E0CD2A795}" = Mega Manager
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7817D588-3207-45FF-8E6E-BC6B07E46F49}" = ASUS MyCinema U3100mini ATSC
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A2CC286B-BFE9-4D1F-9EDA-AA3E8289CA12}" = BPDSoftware_Ini
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AB8BDDBF-7965-4476-B9BC-ED8DFD603AA8}" = HP Officejet All-In-One Series
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"8F1A19F8168CB0908127999D4F53773EAF35C31E" = Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alive Text to Speech_is1" = Alive Text to Speech v5.6.2.8
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus Vuze" = Azureus Vuze
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DVD Flick_is1" = DVD Flick
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy WiFi Radar" = Easy WiFi Radar 1.0.5
"Everything" = Everything 1.2.1.371
"FLY World" = FLY World
"Free Easy Burner_is1" = Free Easy Burner V 4.0
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"ImgBurn" = ImgBurn
"ImTOO DVD Creator" = ImTOO DVD Creator
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LimeWire" = LimeWire 5.4.6
"LinCity-NG_is1" = LinCity-NG 2.0
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"MagicDisc 2.6.85" = MagicDisc 2.6.85
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MegauploadToolbar" = Megaupload Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Orb" = Orb
"PDFtypewriter Printer Driver" = PDFtypewriter Printer Driver
"QuoteTracker_is1" = QuoteTracker
"SopCast" = SopCast 2.0.4
"Total Video Converter 3.14_is1" = Total Video Converter 3.14 080930
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"URLSnooper 2_is1" = URL Snooper v2.20.02
"VLC media player" = VLC media player 0.9.9
"Vpskeys_is1" = Vpskeys 4.3
"Warcraft III" = Warcraft III
"Webroot Software" = Webroot Software
"WildTangent hplaptop Master Uninstall" = My HP Games
"WinPcapInst" = WinPcap 4.1 beta
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2010 12:18:34 PM | Computer Name = bin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/8/2010 12:18:34 PM | Computer Name = bin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/9/2010 12:14:27 PM | Computer Name = bin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/9/2010 12:14:27 PM | Computer Name = bin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/10/2010 10:48:49 AM | Computer Name = bin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/10/2010 10:48:49 AM | Computer Name = bin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/11/2010 11:58:07 AM | Computer Name = bin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/11/2010 11:58:07 AM | Computer Name = bin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/11/2010 12:08:18 PM | Computer Name = bin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/11/2010 12:08:18 PM | Computer Name = bin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 2/7/2010 8:09:54 PM | Computer Name = bin-PC | Source = ehRecvr | ID = 4
Description =

Error - 2/28/2010 12:54:53 PM | Computer Name = bin-PC | Source = ehRecvr | ID = 4
Description =

Error - 2/28/2010 3:29:36 PM | Computer Name = bin-PC | Source = ehRecvr | ID = 4
Description =

Error - 6/13/2010 1:03:56 PM | Computer Name = bin-PC | Source = ehRecvr | ID = 4
Description =

[ OSession Events ]
Error - 5/6/2009 4:46:25 PM | Computer Name = bin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 2074 seconds with 1860 seconds of active time. This session ended with a
crash.

Error - 5/6/2009 5:08:35 PM | Computer Name = bin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1288 seconds with 1200 seconds of active time. This session ended with a
crash.

Error - 12/3/2009 7:32:39 PM | Computer Name = bin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session
lasted 1656 seconds with 60 seconds of active time. This session ended with a crash.

Error - 12/4/2009 3:20:16 AM | Computer Name = bin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session
lasted 3846 seconds with 360 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 8/14/2010 6:03:01 AM | Computer Name = bin-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/14/2010 6:03:01 AM | Computer Name = bin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/14/2010 6:36:15 AM | Computer Name = bin-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 8/14/2010 6:38:15 AM | Computer Name = bin-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 8/14/2010 6:55:52 AM | Computer Name = bin-PC | Source = DCOM | ID = 10010
Description =

Error - 8/14/2010 6:59:38 AM | Computer Name = bin-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/14/2010 7:01:08 AM | Computer Name = bin-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 8/14/2010 7:01:08 AM | Computer Name = bin-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 8/14/2010 7:01:08 AM | Computer Name = bin-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/14/2010 8:05:21 PM | Computer Name = bin-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

OTL logfile created on: 8/14/2010 5:14:14 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\bin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.86 Gb Total Space | 34.90 Gb Free Space | 24.78% Space Free | Partition Type: NTFS
Drive D: | 8.19 Gb Total Space | 1.85 Gb Free Space | 22.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 3.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIN-PC
Current User Name: bin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\bin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Orb Networks\Orb\bin\OrbLauncher.exe (Orb Networks)
PRC - C:\Program Files\Orb Networks\Orb\bin\Orb.exe (Orb Networks, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\LeapFrog\FlyWorld\bin\FLYMonitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\NETGEAR\PS121v2\PS121v2.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\bin\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msi.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\sfc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msiltcfg.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (WRConsumerService) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\Windows\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\bin\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (ssidrv) -- C:\Windows\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfmonm) -- C:\Windows\System32\drivers\ssfmonm.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\Windows\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (MicNgTun) -- C:\Windows\System32\drivers\MicNgTun.sys (Micronas GmbH)
DRV - (MicNgCap) -- C:\Windows\System32\drivers\MicNgCap.sys (Micronas GmbH)
DRV - (MicFxBas) -- C:\Windows\System32\drivers\MicFxBas.sys (Micronas GmbH)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (NETGEARUHOST) -- C:\Windows\System32\drivers\NETGEARUHOST.sys (SerComm)
DRV - (NETGEARUHUB) -- C:\Windows\System32\drivers\NETGEARUHUB.sys (SerComm)
DRV - (NETGEARUCOMP) -- C:\Windows\System32\drivers\NETGEARUCOMP.sys (SerComm)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=megaup&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/26 16:05:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/06 00:13:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/10 10:31:19 | 000,000,000 | ---D | M]

[2009/12/20 09:35:34 | 000,000,000 | ---D | M] -- C:\Users\bin\AppData\Roaming\Mozilla\Extensions
[2008/07/14 12:44:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/12/20 09:35:34 | 000,000,000 | ---D | M] -- C:\Users\bin\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/13 09:44:27 | 000,000,000 | ---D | M] -- C:\Users\bin\AppData\Roaming\Mozilla\Firefox\Profiles\2lxn8dg1.default\extensions
[2010/05/24 09:45:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\bin\AppData\Roaming\Mozilla\Firefox\Profiles\2lxn8dg1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/24 09:45:16 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\bin\AppData\Roaming\Mozilla\Firefox\Profiles\2lxn8dg1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2007/12/09 23:45:24 | 000,000,000 | ---D | M] (Megaupload Toolbar) -- C:\Users\bin\AppData\Roaming\Mozilla\Firefox\Profiles\2lxn8dg1.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2010/08/10 10:31:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/28 09:24:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/11/26 11:30:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/26 11:50:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/09/05 07:36:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/11/27 22:18:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/11 08:31:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/05/10 21:52:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/23 09:49:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010/08/10 10:31:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/07/14 12:44:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org
[2010/07/28 09:24:01 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/28 09:24:01 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010/08/10 10:31:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/28 09:24:03 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 20:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2008/10/14 22:33:30 | 000,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010/08/06 00:13:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/08/06 00:13:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/08/06 00:13:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/08/06 00:13:17 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/08/06 00:13:18 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/08/06 00:13:18 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/08/06 00:13:18 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2010/07/28 09:24:05 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/07/28 09:24:05 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/07/28 09:24:05 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/07/28 09:24:05 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/07/28 09:24:05 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/07/28 09:24:05 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/07/28 09:24:05 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/08/06 10:25:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKLM\..\Toolbar: (Alive Text to Speech) - {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\Program Files\AliveMedia\Text to Speech\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [FlyMonitor] C:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PS121v2] C:\Program Files\NETGEAR\PS121v2\PS121v2.exe ()
O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\bin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Users\bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\bin\Pictures\2007 N.Cali\P1013349.JPG
O24 - Desktop BackupWallPaper: C:\Users\bin\Pictures\2007 N.Cali\P1013349.JPG
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (y Packages settings...) - File not found
O30 - LSA: Security Packages - (ystem32\msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/18 00:34:41 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2006/05/12 01:18:43 | 000,000,000 | ---D | M] - F:\AutoRunSource -- [ CDFS ]
O32 - AutoRun File - [2005/12/23 06:12:36 | 002,073,600 | R--- | M] (Longtion) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/08/28 01:37:48 | 000,022,486 | R--- | M] () - F:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2006/05/14 15:24:13 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/08/13 09:51:28 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/13 09:51:08 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/13 09:51:08 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/08/13 09:51:07 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/08/13 09:50:42 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/13 09:50:32 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/13 09:49:45 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/13 09:49:43 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/10 10:37:48 | 000,000,000 | ---D | C] -- C:\Users\bin\AppData\Roaming\OpenOffice.org
[2010/08/10 10:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/08/10 10:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/08/10 10:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/08/10 10:31:19 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/08/10 10:31:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/08/10 10:31:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/08/10 10:31:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/08/10 10:19:47 | 000,000,000 | ---D | C] -- C:\Restoration
[2010/08/10 10:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\PDFtypewriter
[2010/08/10 10:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\CTdeveloping
[2010/08/10 10:09:56 | 000,000,000 | ---D | C] -- C:\Users\bin\AppData\Roaming\CTdeveloping
[2010/08/09 18:04:42 | 000,000,000 | ---D | C] -- C:\Users\bin\Desktop\New Folder
[2010/08/07 09:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Everything
[2010/08/06 16:58:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/08/06 11:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/06 10:30:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/06 10:30:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/06 10:10:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/06 10:10:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/06 10:10:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/06 10:08:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/06 10:08:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/06 10:06:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/06 09:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/06 00:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/06 00:16:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/06 00:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/08/06 00:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/08/06 00:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/05 10:17:53 | 000,000,000 | ---D | C] -- C:\Users\bin\Desktop\Cool Tools
[2010/08/05 09:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2010/08/05 09:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/08/05 09:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2010/08/04 18:03:08 | 000,000,000 | ---D | C] -- C:\Users\bin\AppData\Local\lmgdcxypy
[2010/08/04 18:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/04 17:26:20 | 000,000,000 | ---D | C] -- C:\Users\bin\Desktop\Sunny Choi
[2010/08/02 15:54:54 | 000,000,000 | ---D | C] -- C:\Users\bin\AppData\Local\Microsoft Corporation
[2010/08/02 15:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/07/28 13:13:40 | 000,182,056 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\System32\drivers\ssidrv.sys
[2010/07/28 13:13:40 | 000,045,072 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\System32\drivers\ssfmonm.sys
[2010/07/28 13:13:40 | 000,024,496 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\System32\drivers\sshrmd.sys
[2010/07/28 13:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2010/07/28 13:11:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}
[2010/07/28 13:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2010/07/28 13:11:34 | 000,000,000 | ---D | C] -- C:\Users\bin\AppData\Local\PackageAware
[2010/07/18 09:00:04 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/07/18 09:00:04 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/07/18 09:00:04 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

========== Files - Modified Within 30 Days ==========

[2010/08/14 17:18:10 | 003,670,016 | -HS- | M] () -- C:\Users\bin\ntuser.dat
[2010/08/14 17:18:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3525388558-3831463980-1619435110-1000UA.job
[2010/08/14 17:06:11 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/08/14 15:58:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/14 15:58:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/14 14:18:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3525388558-3831463980-1619435110-1000Core.job
[2010/08/14 04:01:21 | 000,000,387 | ---- | M] () -- C:\Windows\win.ini
[2010/08/14 03:58:50 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbin.job
[2010/08/14 03:58:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/14 03:58:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/14 03:57:51 | 000,489,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/14 03:57:29 | 2137,382,912 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/14 03:55:38 | 000,524,288 | -HS- | M] () -- C:\Users\bin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 03:55:38 | 000,065,536 | -HS- | M] () -- C:\Users\bin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/14 03:55:31 | 004,173,135 | -H-- | M] () -- C:\Users\bin\AppData\Local\IconCache.db
[2010/08/11 18:26:31 | 000,023,404 | ---- | M] () -- C:\Users\bin\Desktop\ag_100300sportsmed_stretch1-BB.gif
[2010/08/10 11:08:35 | 000,144,992 | ---- | M] () -- C:\Users\bin\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/10 10:38:47 | 000,001,028 | ---- | M] () -- C:\Users\bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/08/10 10:31:01 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/08/10 10:31:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/08/10 10:31:00 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/08/10 10:31:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/08/09 14:34:20 | 000,088,714 | ---- | M] () -- C:\Users\bin\Desktop\Back.tif
[2010/08/09 14:33:57 | 000,088,714 | ---- | M] () -- C:\Users\bin\Documents\Back.tif
[2010/08/09 14:33:39 | 000,239,040 | ---- | M] () -- C:\Users\bin\Desktop\Front.tif
[2010/08/09 13:46:20 | 000,040,448 | ---- | M] () -- C:\Users\bin\Desktop\WeeklyMeetingDraft.doc
[2010/08/06 15:03:04 | 000,000,000 | ---- | M] () -- C:\Users\bin\defogger_reenable
[2010/08/06 10:25:22 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/06 10:25:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/06 02:21:58 | 006,295,922 | ---- | M] () -- C:\Users\bin\Desktop\Adam_Lambert_-_Whataya_Want_From_Me.mp3
[2010/08/04 18:56:48 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/04 18:03:41 | 000,056,320 | RHS- | M] () -- C:\Users\bin\AppData\Roaming\igfxrrusd.dll
[2010/08/04 16:29:55 | 000,260,909 | ---- | M] () -- C:\Users\bin\Desktop\Untitled.wma
[2010/07/25 09:58:07 | 000,087,923 | ---- | M] () -- C:\Users\bin\Desktop\RenewFBname.pdf
[2010/07/19 09:52:26 | 000,028,176 | ---- | M] () -- C:\Windows\System32\wrLZMA.dll
[2010/07/19 09:52:22 | 000,015,224 | ---- | M] () -- C:\Windows\System32\SsiEfr.exe

========== Files Created - No Company Name ==========

[2010/08/11 18:26:30 | 000,023,404 | ---- | C] () -- C:\Users\bin\Desktop\ag_100300sportsmed_stretch1-BB.gif
[2010/08/10 10:38:47 | 000,001,028 | ---- | C] () -- C:\Users\bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/08/10 10:12:17 | 000,090,920 | ---- | C] () -- C:\Windows\System32\custmon32.dll
[2010/08/09 14:33:57 | 000,088,714 | ---- | C] () -- C:\Users\bin\Documents\Back.tif
[2010/08/09 14:26:20 | 000,088,714 | ---- | C] () -- C:\Users\bin\Desktop\Back.tif
[2010/08/09 14:16:33 | 000,239,040 | ---- | C] () -- C:\Users\bin\Desktop\Front.tif
[2010/08/09 13:34:12 | 000,040,448 | ---- | C] () -- C:\Users\bin\Desktop\WeeklyMeetingDraft.doc
[2010/08/06 15:03:04 | 000,000,000 | ---- | C] () -- C:\Users\bin\defogger_reenable
[2010/08/06 13:46:24 | 000,293,376 | ---- | C] () -- C:\Users\bin\Desktop\gmer.exe
[2010/08/06 13:29:08 | 2137,382,912 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/06 10:10:02 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/06 10:10:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/06 10:10:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/06 10:10:02 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/06 10:10:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/06 01:56:44 | 006,295,922 | ---- | C] () -- C:\Users\bin\Desktop\Adam_Lambert_-_Whataya_Want_From_Me.mp3
[2010/08/04 18:56:48 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/04 18:03:41 | 000,056,320 | RHS- | C] () -- C:\Users\bin\AppData\Roaming\igfxrrusd.dll
[2010/08/04 16:29:08 | 000,260,909 | ---- | C] () -- C:\Users\bin\Desktop\Untitled.wma
[2010/07/28 13:13:40 | 000,028,176 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2010/07/28 13:13:40 | 000,015,224 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2010/07/25 09:58:01 | 000,087,923 | ---- | C] () -- C:\Users\bin\Desktop\RenewFBname.pdf
[2010/03/22 11:52:16 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
[2009/12/02 19:57:55 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/10/10 16:43:46 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/08/07 19:23:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/26 03:04:59 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/07/26 03:04:59 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/12 11:50:46 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/04 23:56:10 | 000,000,444 | ---- | C] () -- C:\Windows\{5D946D0D-9437-4E15-AC1F-F9BCF0B32561}_WiseFW.ini
[2008/01/17 18:37:39 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/06/21 13:55:54 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007/03/30 05:27:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/03/30 04:55:46 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/02/27 13:43:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/05/07 05:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/08/06 09:54:27 | 000,000,000 | ---D | M] -- C:\Users\bin\AppData\Roaming\Azureus
[2010/08/10 10:09:56 | 000,000,000 | ---D | M] -- C:\Users\bin\AppData\Roaming\CTdeveloping
[2010/04/12 10:05:53 | 000,000,000 | ---D | M] -- C:\Users\bin\AppData\Roaming\FreeBurner
[2010/03/22 13:38:59 | 000,000,000 | ---D | M] -- C:\Users\bin\AppData\Roaming\ImgBurn
[2010/02/27 00:32:18 | 000,000,000 | ---D | M] -- C:\Users\bin\AppData\Roaming\LimeWire
[2007/12/09 23:45:52 | 000,000,000 | ---D | M] -- C:\Users\bin\AppData\Roaming\Megaupload
[2008/01/14 18:16:00 | 000,000,000 | ---D | M] -- C:\Users\bin\AppData\Roaming\MegauploadToolbar
[2009/08/06 16:05:45 | 000,000,000 | ---D | M] -- C:\Users\bin\AppData\Roaming\muvee Technologies
[2010/08/10 10:37:48 | 000,000,000 | ---D | M] -- C:\Users\bin\AppData\Roaming\OpenOffice.org
[2009/09/11 23:59:46 | 000,000,000 | ---D | M] -- C:\Users\bin\AppData\Roaming\rockbox.org
[2008/11/27 03:22:44 | 000,000,000 | ---D | M] -- C:\Users\bin\AppData\Roaming\SanDisk
[2007/11/19 11:14:06 | 000,000,000 | ---D | M] -- C:\Users\bin\AppData\Roaming\Template
[2010/01/28 13:24:27 | 000,000,500 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2010/08/14 03:56:22 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/08/18 00:34:41 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/08/06 10:30:12 | 000,022,399 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/11/01 10:32:53 | 000,000,170 | ---- | M] () -- C:\Driver.log
[2010/08/14 03:57:29 | 2137,382,912 | -HS- | M] () -- C:\hiberfil.sys
[2008/02/04 23:56:57 | 000,000,170 | ---- | M] () -- C:\logfile.dat
[2002/01/05 03:38:38 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\msvci70.dll
[2010/08/14 03:57:28 | 2451,165,184 | -HS- | M] () -- C:\pagefile.sys
[2008/06/12 21:00:16 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/10 23:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 23:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2010/07/19 09:52:26 | 000,028,176 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\wrLZMA.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/01 19:00:04 | 000,016,744 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys
[2010/06/04 11:55:40 | 000,224,240 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdGuard.sys
[2010/06/01 19:00:06 | 000,030,112 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2010/06/01 19:00:06 | 000,075,944 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010/06/18 08:04:57 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2010/06/18 08:04:44 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2010/06/17 14:49:10 | 000,045,072 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\System32\drivers\ssfmonm.sys
[2010/06/17 14:49:10 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\System32\drivers\sshrmd.sys
[2010/06/17 14:49:10 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\System32\drivers\ssidrv.sys
[2010/06/16 09:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/12/29 10:57:18 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2008/01/19 00:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files\BetUSPoker:MID
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:A6CD15C3
< End of report >


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:44 AM

Posted 15 August 2010 - 07:10 AM

Please delete your version of Combofix if you still have it and do the following:
Please visit this webpage for download links, and instructions for running Combofix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 bint

bint
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 15 August 2010 - 12:43 PM

Hi,

I cannot disable Avira...i turned it off but it says the active scan is still running. I tried using task manager but it won't allow me. Can i run combofix in safe mode? or How can I disable Avira?

Thanks alot for your help.

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:44 AM

Posted 15 August 2010 - 02:03 PM

Temporarily uninstall it then reboot.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 bint

bint
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 15 August 2010 - 05:30 PM

Here is the combofix log. Thanks.

ComboFix 10-08-14.06 - bin 08/15/2010 14:40:15.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.851 [GMT -7:00]
Running from: c:\users\bin\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-15 21:55 . 2010-08-15 21:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-15 21:55 . 2010-08-15 21:55 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-08-15 21:55 . 2010-08-15 21:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-13 16:51 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-13 16:51 . 2010-06-29 15:47 834048 ----a-w- c:\windows\system32\wininet.dll
2010-08-13 16:51 . 2010-06-28 16:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-13 16:50 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-13 16:50 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-13 16:50 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-13 16:49 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-13 16:49 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-13 16:49 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-13 16:49 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-13 16:49 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-13 16:49 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-10 17:38 . 2010-08-10 17:38 568832 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\7120.tmp_\sun-pdfimport.oxt\msvcp90.dll
2010-08-10 17:38 . 2010-08-10 17:38 686080 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\7120.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2010-08-10 17:38 . 2010-08-10 17:38 655872 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\7120.tmp_\sun-pdfimport.oxt\msvcr90.dll
2010-08-10 17:38 . 2010-08-10 17:38 583168 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\7120.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2010-08-10 17:38 . 2010-08-10 17:38 224768 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\7120.tmp_\sun-pdfimport.oxt\msvcm90.dll
2010-08-10 17:37 . 2010-08-10 17:37 1 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-10 17:37 . 2010-08-10 17:37 -------- d-----w- c:\users\bin\AppData\Roaming\OpenOffice.org
2010-08-10 17:32 . 2010-08-10 17:32 -------- d-----w- c:\program files\JRE
2010-08-10 17:32 . 2010-08-10 17:32 -------- d-----w- c:\program files\OpenOffice.org 3
2010-08-10 17:31 . 2010-08-10 17:31 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-10 17:19 . 2010-08-10 17:19 -------- d-----w- C:\Restoration
2010-08-10 17:12 . 2010-06-22 17:57 90920 ----a-w- c:\windows\system32\custmon32.dll
2010-08-10 17:11 . 2010-08-10 17:13 -------- d-----w- c:\program files\PDFtypewriter
2010-08-10 17:11 . 2010-08-10 17:11 -------- d-----w- c:\programdata\CTdeveloping
2010-08-10 17:09 . 2010-08-10 17:09 -------- d-----w- c:\users\bin\AppData\Roaming\CTdeveloping
2010-08-07 16:33 . 2010-08-15 21:25 -------- d-----w- c:\program files\Everything
2010-08-06 23:58 . 2010-08-06 23:58 -------- d-----w- c:\windows\Sun
2010-08-06 18:22 . 2010-08-06 18:22 -------- d-----w- c:\program files\Trend Micro
2010-08-06 16:52 . 2010-08-06 16:53 -------- d-----w- c:\program files\CCleaner
2010-08-06 07:16 . 2010-08-06 07:16 -------- d-----w- c:\program files\iPod
2010-08-06 07:16 . 2010-08-06 07:17 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-06 07:16 . 2010-08-06 07:17 -------- d-----w- c:\program files\iTunes
2010-08-06 07:10 . 2010-08-06 07:10 -------- d-----w- c:\program files\Apple Software Update
2010-08-06 07:07 . 2010-08-06 07:07 -------- d-----w- c:\program files\Bonjour
2010-08-05 16:58 . 2010-08-05 17:00 -------- d-----w- c:\programdata\COMODO
2010-08-05 16:54 . 2010-08-05 16:54 -------- d-----w- c:\program files\COMODO
2010-08-05 16:48 . 2010-08-05 16:50 -------- d-----w- c:\programdata\Comodo Downloader
2010-08-05 01:03 . 2010-08-05 01:03 56320 --sha-r- c:\users\bin\AppData\Roaming\igfxrrusd.dll
2010-08-05 01:03 . 2010-08-05 01:36 -------- d-----w- c:\users\bin\AppData\Local\lmgdcxypy
2010-08-05 01:02 . 2010-08-05 01:03 -------- d-----w- c:\programdata\Update
2010-08-02 22:54 . 2010-08-02 22:54 -------- d-----w- c:\users\bin\AppData\Local\Microsoft Corporation
2010-08-02 22:53 . 2010-08-02 22:53 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-07-28 20:13 . 2010-06-17 21:49 45072 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2010-07-28 20:13 . 2010-06-17 21:49 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2010-07-28 20:13 . 2010-06-17 21:49 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2010-07-28 20:11 . 2010-07-19 19:06 3198000 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\WRInstall.exe
2010-07-28 20:11 . 2010-07-28 20:11 -------- d-----w- c:\program files\Webroot
2010-07-28 20:11 . 2010-07-28 20:11 -------- dc-h--w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}
2010-07-28 20:11 . 2010-08-15 21:51 -------- d-----w- c:\programdata\Webroot
2010-07-28 20:11 . 2010-07-28 20:11 -------- d-----w- c:\users\bin\AppData\Local\PackageAware
2010-07-28 20:11 . 2010-07-19 19:04 383368 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\54E229FA\DE0A17F3\WRInstallProgressHelper.dll
2010-07-28 20:11 . 2010-07-19 19:04 433072 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\FA6F4296\DE0A17F3\WRSvcAssist.exe
2010-07-28 20:11 . 2010-07-19 19:03 1266336 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\B2785152\DE0A17F3\WRTray.exe
2010-07-28 20:11 . 2010-07-19 19:01 50984 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\C3BEFA\DE0A17F3\WRConsumerServicePS.dll
2010-07-28 20:11 . 2010-07-19 18:59 3019672 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\E3131F5C\DE0A17F3\WRConsumerService.exe
2010-07-28 20:11 . 2010-07-19 18:53 121856 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\EA369C90\DE0A17F3\xmllite.dll
2010-07-28 20:11 . 2009-07-02 01:51 101888 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll
2010-07-21 23:30 . 2010-07-21 23:30 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-18 16:00 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-18 16:00 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-18 16:00 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-18 16:00 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-18 16:00 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 11:14 . 2007-11-26 18:30 -------- d-----w- c:\program files\Google
2010-08-14 10:03 . 2007-08-18 07:10 -------- d-----w- c:\programdata\Microsoft Help
2010-08-10 18:08 . 2007-11-14 02:45 144992 ----a-w- c:\users\bin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-10 17:31 . 2007-08-18 07:54 -------- d-----w- c:\program files\Common Files\Java
2010-08-06 16:54 . 2007-11-17 18:02 -------- d-----w- c:\users\bin\AppData\Roaming\Azureus
2010-08-06 07:16 . 2010-02-08 16:08 -------- d-----w- c:\program files\Common Files\Apple
2010-08-06 07:13 . 2010-02-08 16:11 -------- d-----w- c:\program files\QuickTime
2010-07-28 22:20 . 2010-02-27 07:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 22:02 . 2007-08-18 06:20 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-17 23:29 . 2009-11-21 17:27 -------- d-----w- c:\users\bin\AppData\Roaming\HpUpdate
2010-06-04 18:55 . 2010-06-04 18:55 224240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-02 02:00 . 2010-06-02 02:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-02 02:00 . 2010-06-02 02:00 75944 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-02 02:00 . 2010-06-02 02:00 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-02 02:00 . 2010-06-02 02:00 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-26 22:24 . 2010-05-25 06:54 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-26 17:06 . 2010-06-10 17:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 17:57 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14 . 2009-10-03 16:27 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:35 . 2010-05-18 23:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:35 . 2010-05-18 23:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 23:35 . 2010-05-18 23:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\bin\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-30 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"FlyMonitor"="c:\program files\Leapfrog\FlyWorld\bin\FlyMonitor.exe" [2007-11-15 669000]
"PS121v2"="c:\program files\NETGEAR\PS121v2\PS121v2.exe" [2006-08-25 724992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2010-07-19 1266336]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-02 2039240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^bin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^bin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^bin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 09:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HANAQ]
2010-08-05 01:03 56320 --sha-r- c:\users\bin\AppData\Roaming\igfxrrusd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POPUPTV]
2009-07-01 22:40 692224 ----a-w- c:\program files\ASUS\PopupTV\ExpressTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2009-09-12 06:51 79872 ----a-w- c:\users\bin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-11-12 23:48 21760296 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
2009-07-15 20:11 230632 ------w- c:\program files\CyberLink\TV Enhance\TVEService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPSKEYS]
2003-03-29 18:52 102400 ----a-w- c:\program files\Vpskeys\VPSKEYS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-31 00:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:38,4c,b4,83,4e,1f,ca,01

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2007-09-05 19456]
R3 MicFxBas;U3100mini DRXUSB Driver;c:\windows\system32\DRIVERS\MicFxBas.sys [2008-02-20 27904]
R3 MicNgCap;U3100mini Audio/Video Capture Driver;c:\windows\system32\DRIVERS\MicNgCap.sys [2008-02-20 74112]
R3 MicNgTun;U3100mini Tuner Driver;c:\windows\system32\DRIVERS\MicNgTun.sys [2008-02-20 311424]
R3 NETGEARUCOMP;NETGEAR Network USB Composite Device;c:\windows\system32\DRIVERS\NETGEARUCOMP.sys [2006-08-17 11648]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-21 42512]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-02 30112]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2010-06-17 45072]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-07-15 386400]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2009-07-15 202080]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2010-07-19 3019672]
S3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\DRIVERS\NETGEARUHOST.sys [2006-08-17 10752]
S3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\DRIVERS\NETGEARUHUB.sys [2006-08-17 37120]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 01:56]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3525388558-3831463980-1619435110-1000Core.job
- c:\users\bin\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-30 23:07]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3525388558-3831463980-1619435110-1000UA.job
- c:\users\bin\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-30 23:07]

2010-08-14 c:\windows\Tasks\HPCeeScheduleForbin.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-18 21:23]

2010-01-28 c:\windows\Tasks\Install_NSS.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-01-28 07:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\bin\AppData\Roaming\Mozilla\Firefox\Profiles\2lxn8dg1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\bin\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-15 14:55
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-15 15:00:23
ComboFix-quarantined-files.txt 2010-08-15 22:00

Pre-Run: 36,509,519,872 bytes free
Post-Run: 36,616,491,008 bytes free

- - End Of File - - 0688C3A7B4958C723056E7661BFCF24F


#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:44 AM

Posted 15 August 2010 - 07:17 PM

Please submit the following file to one of these online file scanners.
(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\Windows\System32\wrLZMA.dll

This will produce a report after the scan is complete, please copy and paste those results in your next post.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 bint

bint
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 16 August 2010 - 02:36 PM

Hi,
I cannot upload the file C:\Windows\System32\wrLZMA.dll. It says I do have permission to open the file. I have tried uploading it with both my User-created Admin account and the Vista-hidden-admin account. I have also disabled User Account Control and allowed full permissions the the file via properties - security. Please help. Thanks.

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:44 AM

Posted 16 August 2010 - 06:12 PM

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

CODE
http://www.bleepingcomputer.com/forums/t/337778/infected-with-something/?p=1890471

Suspect::
C:\Windows\System32\wrLZMA.dll


2. Save the above as CFScript.txt

3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.



4. During this run Combofix will collect and automatically upload some sample files.
You will see it say Combofix needs to upload some samples.
If it fails to do that do the requested steps at the bottom of this post to manually upload the samples.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:
  • Combofix.txt
===========
Note::
If Combofix fails to upload anything please do the following:
Go to Start > My Computer > C:\
Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 bint

bint
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 16 August 2010 - 08:39 PM

Hi,
I manually submitted the requested zip file. Here is the combofix.txt log. Thanks.

ComboFix 10-08-14.06 - bin 08/16/2010 17:18:30.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.850 [GMT -7:00]
Running from: c:\users\bin\Desktop\ComboFix.exe
Command switches used :: c:\users\bin\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\windows\System32\wrLZMA.dll
.

((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-17 00:32 . 2010-08-17 00:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-17 00:32 . 2010-08-17 00:32 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-08-17 00:32 . 2010-08-17 00:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-17 00:32 . 2010-08-17 00:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-08-16 19:24 . 2010-08-16 19:24 0 ----a-w- c:\windows\nsreg.dat
2010-08-16 19:24 . 2010-08-16 19:24 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2010-08-16 19:24 . 2010-08-16 19:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Intel Corporation
2010-08-16 19:24 . 2010-08-16 19:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer
2010-08-16 19:24 . 2010-08-16 22:02 -------- d-----w- c:\users\Administrator\AppData\Local\QuickPlay
2010-08-16 19:24 . 2010-08-16 19:24 144992 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-08-13 16:51 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-13 16:51 . 2010-06-29 15:47 834048 ----a-w- c:\windows\system32\wininet.dll
2010-08-13 16:51 . 2010-06-28 16:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-13 16:50 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-13 16:50 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-13 16:50 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-13 16:49 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-13 16:49 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-13 16:49 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-13 16:49 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-13 16:49 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-13 16:49 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-10 17:38 . 2010-08-10 17:38 568832 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\7120.tmp_\sun-pdfimport.oxt\msvcp90.dll
2010-08-10 17:38 . 2010-08-10 17:38 686080 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\7120.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2010-08-10 17:38 . 2010-08-10 17:38 655872 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\7120.tmp_\sun-pdfimport.oxt\msvcr90.dll
2010-08-10 17:38 . 2010-08-10 17:38 583168 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\7120.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2010-08-10 17:38 . 2010-08-10 17:38 224768 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\7120.tmp_\sun-pdfimport.oxt\msvcm90.dll
2010-08-10 17:37 . 2010-08-10 17:37 1 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-10 17:37 . 2010-08-10 17:37 -------- d-----w- c:\users\bin\AppData\Roaming\OpenOffice.org
2010-08-10 17:32 . 2010-08-10 17:32 -------- d-----w- c:\program files\JRE
2010-08-10 17:32 . 2010-08-10 17:32 -------- d-----w- c:\program files\OpenOffice.org 3
2010-08-10 17:31 . 2010-08-10 17:31 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-10 17:19 . 2010-08-10 17:19 -------- d-----w- C:\Restoration
2010-08-10 17:12 . 2010-06-22 17:57 90920 ----a-w- c:\windows\system32\custmon32.dll
2010-08-10 17:11 . 2010-08-10 17:13 -------- d-----w- c:\program files\PDFtypewriter
2010-08-10 17:11 . 2010-08-10 17:11 -------- d-----w- c:\programdata\CTdeveloping
2010-08-10 17:09 . 2010-08-10 17:09 -------- d-----w- c:\users\bin\AppData\Roaming\CTdeveloping
2010-08-07 16:33 . 2010-08-15 21:25 -------- d-----w- c:\program files\Everything
2010-08-06 23:58 . 2010-08-06 23:58 -------- d-----w- c:\windows\Sun
2010-08-06 18:22 . 2010-08-06 18:22 -------- d-----w- c:\program files\Trend Micro
2010-08-06 16:52 . 2010-08-06 16:53 -------- d-----w- c:\program files\CCleaner
2010-08-06 07:16 . 2010-08-06 07:16 -------- d-----w- c:\program files\iPod
2010-08-06 07:16 . 2010-08-06 07:17 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-06 07:16 . 2010-08-06 07:17 -------- d-----w- c:\program files\iTunes
2010-08-06 07:10 . 2010-08-06 07:10 -------- d-----w- c:\program files\Apple Software Update
2010-08-06 07:07 . 2010-08-06 07:07 -------- d-----w- c:\program files\Bonjour
2010-08-05 16:58 . 2010-08-05 17:00 -------- d-----w- c:\programdata\COMODO
2010-08-05 16:54 . 2010-08-05 16:54 -------- d-----w- c:\program files\COMODO
2010-08-05 16:48 . 2010-08-05 16:50 -------- d-----w- c:\programdata\Comodo Downloader
2010-08-05 01:03 . 2010-08-05 01:03 56320 --sha-r- c:\users\bin\AppData\Roaming\igfxrrusd.dll
2010-08-05 01:03 . 2010-08-05 01:36 -------- d-----w- c:\users\bin\AppData\Local\lmgdcxypy
2010-08-05 01:02 . 2010-08-05 01:03 -------- d-----w- c:\programdata\Update
2010-08-02 22:54 . 2010-08-02 22:54 -------- d-----w- c:\users\bin\AppData\Local\Microsoft Corporation
2010-08-02 22:53 . 2010-08-02 22:53 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-07-28 20:13 . 2010-06-17 21:49 45072 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2010-07-28 20:13 . 2010-06-17 21:49 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2010-07-28 20:13 . 2010-06-17 21:49 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2010-07-28 20:11 . 2010-07-19 19:06 3198000 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\WRInstall.exe
2010-07-28 20:11 . 2010-07-28 20:11 -------- d-----w- c:\program files\Webroot
2010-07-28 20:11 . 2010-07-28 20:11 -------- dc-h--w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}
2010-07-28 20:11 . 2010-08-16 19:18 -------- d-----w- c:\programdata\Webroot
2010-07-28 20:11 . 2010-07-28 20:11 -------- d-----w- c:\users\bin\AppData\Local\PackageAware
2010-07-28 20:11 . 2010-07-19 19:04 383368 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\54E229FA\DE0A17F3\WRInstallProgressHelper.dll
2010-07-28 20:11 . 2010-07-19 19:04 433072 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\FA6F4296\DE0A17F3\WRSvcAssist.exe
2010-07-28 20:11 . 2010-07-19 19:03 1266336 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\B2785152\DE0A17F3\WRTray.exe
2010-07-28 20:11 . 2010-07-19 19:01 50984 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\C3BEFA\DE0A17F3\WRConsumerServicePS.dll
2010-07-28 20:11 . 2010-07-19 18:59 3019672 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\E3131F5C\DE0A17F3\WRConsumerService.exe
2010-07-28 20:11 . 2010-07-19 18:53 121856 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\EA369C90\DE0A17F3\xmllite.dll
2010-07-28 20:11 . 2009-07-02 01:51 101888 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll
2010-07-21 23:30 . 2010-07-21 23:30 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-18 16:00 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-18 16:00 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-18 16:00 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-07-18 16:00 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-18 16:00 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 20:52 . 2010-08-16 19:23 144992 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-16 19:24 . 2010-08-16 19:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\ArcSoft
2010-08-15 22:56 . 2007-11-26 18:30 -------- d-----w- c:\program files\Google
2010-08-14 10:03 . 2007-08-18 07:10 -------- d-----w- c:\programdata\Microsoft Help
2010-08-10 18:08 . 2007-11-14 02:45 144992 ----a-w- c:\users\bin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-10 17:31 . 2007-08-18 07:54 -------- d-----w- c:\program files\Common Files\Java
2010-08-06 16:54 . 2007-11-17 18:02 -------- d-----w- c:\users\bin\AppData\Roaming\Azureus
2010-08-06 07:16 . 2010-02-08 16:08 -------- d-----w- c:\program files\Common Files\Apple
2010-08-06 07:13 . 2010-02-08 16:11 -------- d-----w- c:\program files\QuickTime
2010-07-28 22:20 . 2010-02-27 07:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 22:02 . 2007-08-18 06:20 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-17 23:29 . 2009-11-21 17:27 -------- d-----w- c:\users\bin\AppData\Roaming\HpUpdate
2010-06-04 18:55 . 2010-06-04 18:55 224240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-02 02:00 . 2010-06-02 02:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-02 02:00 . 2010-06-02 02:00 75944 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-02 02:00 . 2010-06-02 02:00 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-02 02:00 . 2010-06-02 02:00 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-26 22:24 . 2010-05-25 06:54 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-26 17:06 . 2010-06-10 17:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 17:57 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14 . 2009-10-03 16:27 221568 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\bin\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-30 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"FlyMonitor"="c:\program files\Leapfrog\FlyWorld\bin\FlyMonitor.exe" [2007-11-15 669000]
"PS121v2"="c:\program files\NETGEAR\PS121v2\PS121v2.exe" [2006-08-25 724992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2010-07-19 1266336]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-02 2039240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^bin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^bin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^bin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 09:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HANAQ]
2010-08-05 01:03 56320 --sha-r- c:\users\bin\AppData\Roaming\igfxrrusd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POPUPTV]
2009-07-01 22:40 692224 ----a-w- c:\program files\ASUS\PopupTV\ExpressTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2009-09-12 06:51 79872 ----a-w- c:\users\bin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-11-12 23:48 21760296 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
2009-07-15 20:11 230632 ------w- c:\program files\CyberLink\TV Enhance\TVEService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPSKEYS]
2003-03-29 18:52 102400 ----a-w- c:\program files\Vpskeys\VPSKEYS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-31 00:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:38,4c,b4,83,4e,1f,ca,01

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2007-09-05 19456]
R3 MicFxBas;U3100mini DRXUSB Driver;c:\windows\system32\DRIVERS\MicFxBas.sys [2008-02-20 27904]
R3 MicNgCap;U3100mini Audio/Video Capture Driver;c:\windows\system32\DRIVERS\MicNgCap.sys [2008-02-20 74112]
R3 MicNgTun;U3100mini Tuner Driver;c:\windows\system32\DRIVERS\MicNgTun.sys [2008-02-20 311424]
R3 NETGEARUCOMP;NETGEAR Network USB Composite Device;c:\windows\system32\DRIVERS\NETGEARUCOMP.sys [2006-08-17 11648]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-21 42512]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-02 30112]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2010-06-17 45072]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-07-15 386400]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2009-07-15 202080]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2010-07-19 3019672]
S3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\DRIVERS\NETGEARUHOST.sys [2006-08-17 10752]
S3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\DRIVERS\NETGEARUHUB.sys [2006-08-17 37120]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 01:56]

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3525388558-3831463980-1619435110-1000Core.job
- c:\users\bin\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-30 23:07]

2010-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3525388558-3831463980-1619435110-1000UA.job
- c:\users\bin\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-30 23:07]

2010-08-16 c:\windows\Tasks\HPCeeScheduleForbin.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-18 21:23]

2010-01-28 c:\windows\Tasks\Install_NSS.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-01-28 07:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\bin\AppData\Roaming\Mozilla\Firefox\Profiles\2lxn8dg1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\bin\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 17:32
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-16 17:36:50
ComboFix-quarantined-files.txt 2010-08-17 00:36
ComboFix2.txt 2010-08-15 22:00

Pre-Run: 36,515,254,272 bytes free
Post-Run: 36,482,838,528 bytes free

- - End Of File - - CE84E7973DB4C1DCB4728D854DCD964B


#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:44 AM

Posted 17 August 2010 - 06:25 AM

Ok that file is a part of Spy sweeper.
One more file is suspect to me other than that the logs are clean.

Please submit the following file to one of these online file scanners.
(All you have to do is copy and paste the file path into the box when you click on Browse then once you have done that click on the open button then submit)

C:\Users\bin\AppData\Roaming\igfxrrusd.dll

This will produce a report after the scan is complete, please copy and paste those results in your next post.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 bint

bint
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 17 August 2010 - 11:16 AM

Hi, I cannot upload that file. Weird.
Can i do the same thing like last time? Thanks.

---------------------------
1. Please open Notepad

* Click Start , then Run
* type in notepad in the Run Box then hit ok.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

CODE
http://www.bleepingcomputer.com/forums/top...ml#entry1890471

Suspect::
C:\Users\bin\AppData\Roaming\igfxrrusd.dll

2. Save the above as CFScript.txt

3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.



4. During this run Combofix will collect and automatically upload some sample files.
You will see it say Combofix needs to upload some samples.
If it fails to do that do the requested steps at the bottom of this post to manually upload the samples.

5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:

* Combofix.txt

===========
Note::
If Combofix fails to upload anything please do the following:
Go to Start > My Computer > C:\
Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.

Edited by bint, 17 August 2010 - 11:54 AM.


#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:44 AM

Posted 17 August 2010 - 01:11 PM

Yes.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 bint

bint
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 17 August 2010 - 02:06 PM

Hi, the submit.zip was uploaded automatically this time. Here is the combofix.txt log. Thanks.

ComboFix 10-08-14.06 - bin 08/17/2010 11:36:23.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1012 [GMT -7:00]
Running from: c:\users\bin\Desktop\ComboFix.exe
Command switches used :: c:\users\bin\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\users\bin\AppData\Roaming\igfxrrusd.dll
.

((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-17 18:51 . 2010-08-17 18:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-17 18:51 . 2010-08-17 18:51 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-08-17 18:51 . 2010-08-17 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-17 18:51 . 2010-08-17 18:51 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-08-17 18:13 . 2010-08-17 18:13 -------- d-----w- c:\users\bin\AppData\Roaming\FFSJ
2010-08-17 18:11 . 2010-08-17 18:11 -------- d-----w- c:\windows\system32\FFSJ
2010-08-17 18:11 . 2010-08-17 18:11 4147 ----a-w- c:\windows\unins000.dat
2010-08-17 18:11 . 2010-08-17 18:10 794906 ----a-w- c:\windows\unins000.exe
2010-08-17 08:35 . 2010-08-17 08:35 -------- d-----w- c:\users\bin\AppData\Local\Welltek_Software
2010-08-17 08:35 . 2010-08-17 08:35 -------- d-----w- c:\program files\001 File Joiner and Splitter 4.0
2010-08-16 19:24 . 2010-08-16 19:24 0 ----a-w- c:\windows\nsreg.dat
2010-08-16 19:24 . 2010-08-16 19:24 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2010-08-16 19:24 . 2010-08-16 19:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Intel Corporation
2010-08-16 19:24 . 2010-08-16 19:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer
2010-08-16 19:24 . 2010-08-16 22:02 -------- d-----w- c:\users\Administrator\AppData\Local\QuickPlay
2010-08-16 19:24 . 2010-08-16 19:24 144992 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-08-13 16:51 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-13 16:51 . 2010-06-29 15:47 834048 ----a-w- c:\windows\system32\wininet.dll
2010-08-13 16:51 . 2010-06-28 16:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-08-13 16:50 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-13 16:50 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-13 16:50 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-13 16:49 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-13 16:49 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-13 16:49 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-13 16:49 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-13 16:49 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-13 16:49 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-10 17:38 . 2010-08-10 17:38 568832 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\7120.tmp_\sun-pdfimport.oxt\msvcp90.dll
2010-08-10 17:38 . 2010-08-10 17:38 686080 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\7120.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2010-08-10 17:38 . 2010-08-10 17:38 655872 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\7120.tmp_\sun-pdfimport.oxt\msvcr90.dll
2010-08-10 17:38 . 2010-08-10 17:38 583168 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\7120.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2010-08-10 17:38 . 2010-08-10 17:38 224768 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\7120.tmp_\sun-pdfimport.oxt\msvcm90.dll
2010-08-10 17:37 . 2010-08-10 17:37 1 ----a-w- c:\users\bin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-10 17:37 . 2010-08-10 17:37 -------- d-----w- c:\users\bin\AppData\Roaming\OpenOffice.org
2010-08-10 17:32 . 2010-08-10 17:32 -------- d-----w- c:\program files\JRE
2010-08-10 17:32 . 2010-08-10 17:32 -------- d-----w- c:\program files\OpenOffice.org 3
2010-08-10 17:31 . 2010-08-10 17:31 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-10 17:19 . 2010-08-10 17:19 -------- d-----w- C:\Restoration
2010-08-10 17:12 . 2010-06-22 17:57 90920 ----a-w- c:\windows\system32\custmon32.dll
2010-08-10 17:11 . 2010-08-10 17:13 -------- d-----w- c:\program files\PDFtypewriter
2010-08-10 17:11 . 2010-08-10 17:11 -------- d-----w- c:\programdata\CTdeveloping
2010-08-10 17:09 . 2010-08-10 17:09 -------- d-----w- c:\users\bin\AppData\Roaming\CTdeveloping
2010-08-07 16:33 . 2010-08-17 08:34 -------- d-----w- c:\program files\Everything
2010-08-06 23:58 . 2010-08-06 23:58 -------- d-----w- c:\windows\Sun
2010-08-06 18:22 . 2010-08-06 18:22 -------- d-----w- c:\program files\Trend Micro
2010-08-06 16:52 . 2010-08-06 16:53 -------- d-----w- c:\program files\CCleaner
2010-08-06 07:16 . 2010-08-06 07:16 -------- d-----w- c:\program files\iPod
2010-08-06 07:16 . 2010-08-06 07:17 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-06 07:16 . 2010-08-06 07:17 -------- d-----w- c:\program files\iTunes
2010-08-06 07:10 . 2010-08-06 07:10 -------- d-----w- c:\program files\Apple Software Update
2010-08-06 07:07 . 2010-08-06 07:07 -------- d-----w- c:\program files\Bonjour
2010-08-05 16:58 . 2010-08-05 17:00 -------- d-----w- c:\programdata\COMODO
2010-08-05 16:54 . 2010-08-05 16:54 -------- d-----w- c:\program files\COMODO
2010-08-05 16:48 . 2010-08-05 16:50 -------- d-----w- c:\programdata\Comodo Downloader
2010-08-05 01:03 . 2010-08-05 01:03 56320 --sha-r- c:\users\bin\AppData\Roaming\igfxrrusd.dll
2010-08-05 01:03 . 2010-08-05 01:36 -------- d-----w- c:\users\bin\AppData\Local\lmgdcxypy
2010-08-05 01:02 . 2010-08-05 01:03 -------- d-----w- c:\programdata\Update
2010-08-02 22:54 . 2010-08-02 22:54 -------- d-----w- c:\users\bin\AppData\Local\Microsoft Corporation
2010-08-02 22:53 . 2010-08-02 22:53 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-07-28 20:13 . 2010-06-17 21:49 45072 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2010-07-28 20:13 . 2010-06-17 21:49 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2010-07-28 20:13 . 2010-06-17 21:49 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2010-07-28 20:11 . 2010-07-19 19:06 3198000 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\WRInstall.exe
2010-07-28 20:11 . 2010-07-28 20:11 -------- d-----w- c:\program files\Webroot
2010-07-28 20:11 . 2010-07-28 20:11 -------- dc-h--w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}
2010-07-28 20:11 . 2010-08-17 16:08 -------- d-----w- c:\programdata\Webroot
2010-07-28 20:11 . 2010-07-28 20:11 -------- d-----w- c:\users\bin\AppData\Local\PackageAware
2010-07-28 20:11 . 2010-07-19 19:04 383368 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\54E229FA\DE0A17F3\WRInstallProgressHelper.dll
2010-07-28 20:11 . 2010-07-19 19:04 433072 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\FA6F4296\DE0A17F3\WRSvcAssist.exe
2010-07-28 20:11 . 2010-07-19 19:03 1266336 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\B2785152\DE0A17F3\WRTray.exe
2010-07-28 20:11 . 2010-07-19 19:01 50984 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\C3BEFA\DE0A17F3\WRConsumerServicePS.dll
2010-07-28 20:11 . 2010-07-19 18:59 3019672 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\E3131F5C\DE0A17F3\WRConsumerService.exe
2010-07-28 20:11 . 2010-07-19 18:53 121856 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\EA369C90\DE0A17F3\xmllite.dll
2010-07-28 20:11 . 2009-07-02 01:51 101888 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll
2010-07-21 23:30 . 2010-07-21 23:30 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-17 16:03 . 2007-11-26 18:30 -------- d-----w- c:\program files\Google
2010-08-16 20:52 . 2010-08-16 19:23 144992 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-16 19:24 . 2010-08-16 19:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\ArcSoft
2010-08-14 10:03 . 2007-08-18 07:10 -------- d-----w- c:\programdata\Microsoft Help
2010-08-10 18:08 . 2007-11-14 02:45 144992 ----a-w- c:\users\bin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-10 17:31 . 2007-08-18 07:54 -------- d-----w- c:\program files\Common Files\Java
2010-08-06 16:54 . 2007-11-17 18:02 -------- d-----w- c:\users\bin\AppData\Roaming\Azureus
2010-08-06 07:16 . 2010-02-08 16:08 -------- d-----w- c:\program files\Common Files\Apple
2010-08-06 07:13 . 2010-02-08 16:11 -------- d-----w- c:\program files\QuickTime
2010-07-28 22:20 . 2010-02-27 07:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-26 22:02 . 2007-08-18 06:20 -------- d-----w- c:\program files\Hewlett-Packard
2010-07-17 23:29 . 2009-11-21 17:27 -------- d-----w- c:\users\bin\AppData\Roaming\HpUpdate
2010-06-04 18:55 . 2010-06-04 18:55 224240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-02 02:00 . 2010-06-02 02:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-02 02:00 . 2010-06-02 02:00 75944 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-02 02:00 . 2010-06-02 02:00 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-02 02:00 . 2010-06-02 02:00 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-26 22:24 . 2010-05-25 06:54 18488 ----a-w- c:\windows\Help\OEM\scripts\HPHC_BUY_BATTERY.exe
2010-05-26 17:06 . 2010-06-10 17:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 17:57 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 21:14 . 2009-10-03 16:27 221568 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\bin\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-30 133104]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"PS121v2"="c:\program files\NETGEAR\PS121v2\PS121v2.exe" [2006-08-25 724992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2010-07-19 1266336]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-02 2039240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^bin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^bin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^bin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\bin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 09:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlyMonitor]
2007-11-15 22:32 669000 ----a-w- c:\program files\LeapFrog\FlyWorld\bin\FLYMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HANAQ]
2010-08-05 01:03 56320 --sha-r- c:\users\bin\AppData\Roaming\igfxrrusd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POPUPTV]
2009-07-01 22:40 692224 ----a-w- c:\program files\ASUS\PopupTV\ExpressTV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2009-09-12 06:51 79872 ----a-w- c:\users\bin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-11-12 23:48 21760296 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
2009-07-15 20:11 230632 ------w- c:\program files\CyberLink\TV Enhance\TVEService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPSKEYS]
2003-03-29 18:52 102400 ----a-w- c:\program files\Vpskeys\VPSKEYS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-31 00:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:38,4c,b4,83,4e,1f,ca,01

R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2007-09-05 19456]
R3 MicFxBas;U3100mini DRXUSB Driver;c:\windows\system32\DRIVERS\MicFxBas.sys [2008-02-20 27904]
R3 MicNgCap;U3100mini Audio/Video Capture Driver;c:\windows\system32\DRIVERS\MicNgCap.sys [2008-02-20 74112]
R3 MicNgTun;U3100mini Tuner Driver;c:\windows\system32\DRIVERS\MicNgTun.sys [2008-02-20 311424]
R3 NETGEARUCOMP;NETGEAR Network USB Composite Device;c:\windows\system32\DRIVERS\NETGEARUCOMP.sys [2006-08-17 11648]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-21 42512]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-02 30112]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2010-06-17 45072]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-07-15 386400]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2009-07-15 202080]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2010-07-19 3019672]
S3 NETGEARUHOST;NETGEAR Network USB Host Controller;c:\windows\system32\DRIVERS\NETGEARUHOST.sys [2006-08-17 10752]
S3 NETGEARUHUB;NETGEAR Network USB Root Hub;c:\windows\system32\DRIVERS\NETGEARUHUB.sys [2006-08-17 37120]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 01:56]

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3525388558-3831463980-1619435110-1000Core.job
- c:\users\bin\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-30 23:07]

2010-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3525388558-3831463980-1619435110-1000UA.job
- c:\users\bin\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-30 23:07]

2010-08-17 c:\windows\Tasks\HPCeeScheduleForbin.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-18 21:23]

2010-01-28 c:\windows\Tasks\Install_NSS.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2010-01-28 07:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\bin\AppData\Roaming\Mozilla\Firefox\Profiles\2lxn8dg1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\bin\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 11:51
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-17 11:56:24
ComboFix-quarantined-files.txt 2010-08-17 18:56
ComboFix2.txt 2010-08-17 00:36
ComboFix3.txt 2010-08-15 22:00

Pre-Run: 35,068,243,968 bytes free
Post-Run: 35,064,307,712 bytes free

- - End Of File - - B0105CD8556A30ADF39C9ED8E5EADA70
Upload was successful





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users