Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Vista Troubles

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Vista Troubles

Unread postby Carolyn » July 26th, 2008, 4:47 pm

Hello,

Upload files for scanning
I'd like you to check a file/some files for malware.
C:\Qoobox\C\Windows\system32\drivers\Phibtn.exe
C:\Qoobox\C\Windows\system32\drivers\Tray900.exe

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.
  • Repeat for all files on the list.


Next, right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

Go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.


Please post the following:
  1. The VirusTotal/Jotti results
  2. The Kaspersky log
  3. A fresh HijackThis log
  4. A description of how your computer is behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

Re: Vista Troubles

Unread postby Carolyn » July 29th, 2008, 10:38 am

It's been a few days. Are you still in need of assistance?
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Vista Troubles

Unread postby Keronadon » August 1st, 2008, 1:37 am

Yes was attempting the last thing you told me to do and it crashed my entire network,I just got it back up a few minutes ago after a few days offline.
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Re: Vista Troubles

Unread postby Keronadon » August 1st, 2008, 1:48 am

When I tried to upload the 2 Qoobox files to Virustotal and Jotti I got pretty much the same error message for both files from both sites:The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file.
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Re: Vista Troubles

Unread postby Carolyn » August 1st, 2008, 12:37 pm

Yes was attempting the last thing you told me to do and it crashed my entire network


What part of the instructions caused the crash?


Sorry about the file uploads not working the first time. Please do the following:

Copy the contents of the code box below into a new notepad document (not wordpad).
Click file> save as...> call it upload.bat > file types *all files*> and save it to desktop.

Code: Select all
@zip -q Upload_This_file %systemdrive%\qoobox\quarantine\%systemdrive:~0,1%%systemroot:~2%\system32\drivers\*
Start http://www.bleepingcomputer.com/submit-malware.php?channel=4


Right-click upload.bat and select Run as administrator.

The batch file shall produce a zipped file named Upload_This_file.zip on your desktop.

It will also launch a Web page in your browser:
  • In the first empty box, post the link to this thread. That means copy exactly the address which shows in the address bar.
  • Browse to the file to be uploaded.
  • Then click send and you are done.

Please post a fresh HijackThis log and a description of what caused your network to crash.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Vista Troubles

Unread postby Keronadon » August 1st, 2008, 2:34 pm

When I ran the first Kaspersky online scan I left while it was running,when I came back home the scan had not completed and my network was down.When I got my network back up I ran the Kaspersky scan again and it worked the seconde time.Here are the results of the Kaspersky scan.
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, August 1, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, August 01, 2008 07:43:26
Records in database: 1038821
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 150877
Threat name: 6
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 06:26:27


File name / Threat name / Threats count
C:\Junk\All 3Planesoft 3D Screensavers\tower.exe Infected: Trojan-PSW.Win32.LdPinch.bsj 1
C:\Junk\Space 3D Screensavers All-in-One Collection Incl Serial\3d_space_edition.exe Infected: Trojan-Dropper.Win32.Agent.bfr 1
C:\Program Files\ESET\infected\IHL5OLAA.NQF Infected: not-a-virus:AdWare.Win32.Agent.zk 1
C:\Users\Jeff\Desktop\Nero-8.2.8.0_eng_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
C:\Users\Jeff\Documents\Downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
C:\Users\Jeff\Documents\Downloads\Nero 8.1.1.0b\Nero-8.1.1.0b_eng_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
C:\Users\Jeff\Shared\SOUND CHOICE - HOKU - ANOTHER DUMB blonde.mp3 Infected: Trojan-Downloader.WMA.Wimad.n 1
C:\Users\Jeff\Shared\Top of Charts - 2003.wma Infected: Trojan-Downloader.WMA.Wimad.l 1

The selected area was scanned.
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Re: Vista Troubles

Unread postby Keronadon » August 1st, 2008, 2:50 pm

Okay the file has been submitted,and here is another HJT scan.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:35 PM, on 8/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\Jeff\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smunet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [auditadmin] C:\windows\options\auditadmin.cmd
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8755 bytes
I noticed that Kaspsersky said there was a virus in that 3d planesoft file,I never installed those screensavers on this computer because they are XP screensavers not Vista,problem is that I did install them on anothedr computer on this network. :(
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Re: Vista Troubles

Unread postby Carolyn » August 2nd, 2008, 3:28 pm

Hello,

I noticed that Kaspsersky said there was a virus in that 3d planesoft file,I never installed those screensavers on this computer because they are XP screensavers not Vista,problem is that I did install them on anothedr computer on this network.


The other computers on this network should be checked for malware after we finish cleaning this Vista computer. In the meanwhile, I recommend that you disconnect the other computers from the network, or at least keep them shut down, while we finish cleaning this PC. Once this PC is clean, you should keep it shut down or disconnected from the network until you know that the other computers are clean as well. Otherwise, you risk reinfection.


The Kaspersky Log shows this:

C:\Users\Jeff\Documents\Downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1

Someone on this system was trying to access cracks or a 'keygen'....this is a certain way to attract malware to your system. 'Keygen' are often associated or loaded with malware, and should be avoided (along with 'cracks' and associated 'crack' sites).

Malware Removal Forum Guidelines and Rules wrote:Any time the helper detects that you may have illegal software on your machine, that helper may stop assisting you immediately until you can demonstrate that you have rectified the situation. We will not support fixing machines with pirated or otherwise illegal software.


The full text of this Forum's guidelines can be found HERE

It does not look like that program is currently installed but...
Before we continue to clean your computer, I have to insist that any illegal software be removed.


In a previous post, I brought up the presence of LimeWire on your computer and asked that you not use P2P programs until your computer is cleaned. This forum's policy has recently changed regarding the presence/use of P2P programs.

Your most recent log shows that uTorrent.exe is installed and running.

Use of P2P (Person to Person) file sharing programs

We have noticed that most people seeking help from us are coming with infections contracted from the use of P2P programs.

Because of this, we felt we needed to change our policy on the use of P2P file sharing programs.
  • If your helper detects the presence of such programs on your computer he/she will ask you to remove them. We will withdraw our help should you not agree to their removal.

  • If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we will refuse our help.

We do not ask you to do this without reason.

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

We see no purpose in cleaning your machine if you use P2P programs, as it is pretty much certain that if you continue to use them then you will get infected again.


You have the following P-2-P program(s) installed
LimeWire
uTorrent


This is how you uninstall it/them:

  • Click Start
  • Go to Control Panel
  • Go to Programs and Features
  • Find and click Uninstall for the following (if present):

    LimeWire Pro
    uTorrent

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


After you uninstall all P2P programs and any "cracks" or illegal software, please do the following:

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Right click on HijackThis and click Run as administrator
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.


Please post the HijackThis Uninstall List and a fresh HijackThis log.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Vista Troubles

Unread postby Keronadon » August 3rd, 2008, 2:09 am

Okay,no problem only had utorrent because you guys said it was okay,I let my girlfriend install her Limewire pro because she said she had been using it for years with no problem.I have uninstalled both.Here is the uninstall log.
Sansa Media Converter
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11
AGEIA PhysX v7.09.13
AIM 6
Aim Plugin for QQ Games
AIMTunes
AOL Mail and AIM Gadget
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
Bejeweled 2 Deluxe
Beyond TV DVD Burning Foundation
Beyond TV DVD Burning Foundation
BigFix
Blackhawk Striker 2
Blasterball 3
Business Contact Manager for Outlook 2007 SP1
Business Contact Manager for Outlook 2007 SP1
CDDRV_Installer
City of Villains/City of Heroes (remove only)
Crysis(R) SP Demo
Digital Media Reader
Diner Dash - Flo on the Go
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Dragon NaturallySpeaking 9
Drivers Install For Linksys Easylink Advisor
Exteel
Family Feud 2
FATE
Fax Machine 4.26
Gateway Connect
Gateway Game Console
Gateway Recovery Center Installer
Google Earth
Google Updater
Hellgate: London
HijackThis 2.0.2
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Solution Center 8.0
HP Update
HPSSupply
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
KhalInstallWrapper
Linkit_eBay
Linksys EasyLink Advisor 1.6 (0032)
Logitech Desktop Messenger
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft Digital Image Starter Edition 2006
Microsoft Money 2006
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.14)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MVision
neroxml
NOD32 antivirus system
NVIDIA Drivers
Penguins!
Philips SPC 900NC PC Camera
PlayNC Launcher
Polar Bowler
Polar Golfer
Power2Go 5.0
PowerISO
Presto! VideoWorks 6 (VCD Version)
QQ Games
QuickTime
Rappelz_USA
RealPlayer
Realtek High Definition Audio Driver
Rhapsody Player Engine
RTC Client API v1.2
Samsung Master
Sansa Updater
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Office 2007 (KB947801)
Security Update for Visio 2007 (KB947590)
Security Update for Visio 2007 (KB947590)
Shades of Truth
SiSoftware Sandra Lite XII.SP2c
SnapStream Beyond TV 4.8.1
SnapStream Firefly Mini 1.0.2
Soft Data Fax Modem with SmartCP
System Requirements Lab
Total Video Converter 3.12 080330
Tradewinds
Uninstall AOL Emergency Connect Utility 1.0
Unreal Tournament 3 Demo
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb953463)
VCRedistSetup
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Virtual Earth 3D (Beta)
Visual Studio 2005 Redist Package
Windows Media Player Firefox Plugin
WinRAR archiver
World of Kaneva V2.0
World of Warcraft
Yahoo! Messenger

Here is the new Hijackthis scan.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:03 AM, on 8/3/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smunet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [auditadmin] C:\windows\options\auditadmin.cmd
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8819 bytes
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Re: Vista Troubles

Unread postby Carolyn » August 4th, 2008, 3:18 pm

Hello,

Please create and run the following batch file:
  • Open Notepad!
  • Copy and Paste everything from the Quote box into Notepad:

    regedit.exe /s "C:\QooBox\Quarantine\Registry_Backups\HKLM-Run-PhiBtn.reg.dat"
    regedit.exe /s "C:\QooBox\Quarantine\Registry_Backups\HKLM-Run-TrayMin900.reg.dat"

  • Go to File > Save As
  • Save File name as Fix.bat
  • Change Save as Type to All Files and save the file to your desktop.
  • Close Notepad, and right-click Fix.bat and select Run as administrator.
  • Reboot the computer.


Download the latest ComboFix (by sUBs) Do not run it yet, we will use it later.

Please delete ComboFix from your computer and download it again as it's recently been updated.
  • Download this file from one of the three below listed places :
    For information regarding this download, please visit this webpage:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Link1
    Link2
    Link3

    **Note: It is important that it is saved directly to your desktop**

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".


Please do the following;
1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
C:\Junk\All 3Planesoft 3D Screensavers\tower.exe
C:\Junk\Space 3D Screensavers All-in-One Collection Incl Serial\3d_space_edition.exe
C:\Users\Jeff\Desktop\Nero-8.2.8.0_eng_trial.exe
C:\Users\Jeff\Documents\Downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe
C:\Users\Jeff\Documents\Downloads\Nero 8.1.1.0b\Nero-8.1.1.0b_eng_trial.exe
C:\Users\Jeff\Shared\SOUND CHOICE - HOKU - ANOTHER DUMB blonde.mp3
C:\Users\Jeff\Shared\Top of Charts - 2003.wma

FCopy::
C:\Qoobox\C\Windows\system32\drivers\Phibtn.exe.vir | C:\Windows\system32\drivers\Phibtn.exe
C:\Qoobox\C\Windows\system32\drivers\Tray900.exe.vir | C:\Windows\system32\drivers\Tray900.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Let's run one more online scan:
  1. Right click on Internet Explorer and select and select Run As Administrator to run it.
  2. Go to http://www.pandasecurity.com/homeusers/solutions/activescan/ to perform a Panda online scan. Please use Internet Explorer as it requires ActiveX.
  3. Click on Scan your PC now.
  4. A new window will open.
  5. Select your country and type in your email address. You may also optionally choose to receive emails from Panda. If you don't wish to, please select I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable. option.
  6. Click on Free online scan.
  7. You will be prompted to install an ActiveX. Please allow it.
  8. Once installed, it will start downloading the virus definitions. Please be patient. This takes a while.
  9. Once the files are downloaded, it will ask you to select what to scan. Select My Computer.
  10. The scan will start. It takes a while, please be patient.
  11. Once done, click on View Report.
  12. You will be brought to another page. Click on Save Report. Save it to your desktop. Please post this report in your next reply.


Please post the following:
  1. The ComboFix log
  2. The Panda log
  3. A fresh HijackThis log
  4. And a description of how your computer is behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Vista Troubles

Unread postby Keronadon » August 5th, 2008, 3:49 am

Sorry it took so long to get back to this but one of the new problems I am experiencing is that my network connection for my comps keeps failing.I cannot figure out if it is the comps being infected with something that causes them to lose the connection with the router or if the router is conking out,it is only about 6 months old.Here is the combofix log.
ComboFix 08-08-04.01 - Jeff 2008-08-05 0:21:20.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2570 [GMT -5:00]
Running from: C:\Users\Jeff\Desktop\ComboFix.exe
Command switches used :: C:\Users\Jeff\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Jeff\AppData\Roaming\macromedia\Flash Player\#SharedObjects\PJRTG2BC\interclick.com
C:\Users\Jeff\AppData\Roaming\macromedia\Flash Player\#SharedObjects\PJRTG2BC\interclick.com\ud.sol
C:\Users\Jeff\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\Jeff\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.

2008-08-01 13:38 . 2008-08-01 13:39 153,950 --a------ C:\Windows\System32\Upload_This_file.zip
2008-07-27 16:33 . 2008-07-27 16:33 <DIR> d-------- C:\Windows\nvtmpinst
2008-07-27 16:32 . 2008-06-11 14:48 188,960 --a------ C:\Windows\System32\nvapps.xml
2008-07-22 03:31 . 2008-07-22 03:31 <DIR> d-------- C:\Deckard
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\Users\Jeff\AppData\Roaming\Malwarebytes
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 02:22 . 2008-07-20 20:21 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-07-22 02:22 . 2008-07-20 20:21 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-16 00:01 . 2008-07-16 00:01 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-07-16 00:01 . 2008-07-16 00:01 <DIR> d-------- C:\ProgramData\Apple Computer
2008-07-16 00:01 . 2008-07-16 00:02 <DIR> d-------- C:\Program Files\QuickTime
2008-07-12 22:42 . 2008-06-25 20:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-12 22:42 . 2008-06-25 20:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-12 22:42 . 2008-06-25 22:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-08 15:29 . 2008-07-08 15:29 <DIR> d-------- C:\Windows\SQL9_KB948109_ENU
2008-07-08 13:42 . 2008-04-26 03:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-08 13:42 . 2008-04-11 22:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 08:06 --------- d-----w C:\ProgramData\Google Updater
2008-07-27 21:35 --------- d-----w C:\ProgramData\NVIDIA
2008-07-27 04:42 --------- d-----w C:\Program Files\Java
2008-07-15 11:06 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-13 03:45 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-08 20:29 --------- d-----w C:\Program Files\Windows Mail
2008-07-08 20:29 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-06-26 10:46 --------- d-----w C:\Program Files\Total Video Converter
2008-06-25 06:53 --------- d-----w C:\Program Files\DivX
2008-06-24 08:21 2,834 ----a-w C:\Users\Jeff\AppData\Roaming\SAS7_000.DAT
2008-06-19 08:42 --------- d-----w C:\Users\Jeff\AppData\Roaming\CyberLink
2008-06-19 07:18 --------- d-----w C:\Users\Jeff\AppData\Roaming\dvdcss
2008-06-15 22:05 --------- d-----w C:\ProgramData\Nero
2008-06-15 22:05 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-15 21:58 --------- d-----w C:\Program Files\Common Files\Steam
2008-06-15 21:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 21:40 --------- d-----w C:\Program Files\Common Files\SnapStream
2008-06-15 21:40 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-06-15 09:28 --------- d-----w C:\Program Files\SiSoftware
2008-06-15 09:15 --------- d---a-w C:\ProgramData\TEMP
2008-06-14 08:56 --------- d-----w C:\Users\Jeff\AppData\Roaming\Move Networks
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-16 16:48 446,464 ----a-w C:\Windows\System32\nvuninst.exe
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2008-03-26 13:08 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-07-25_14.13.54.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-14 06:21:48 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-07-27 21:33:15 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-06-14 06:21:48 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-07-27 21:33:14 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-06-14 06:21:48 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-07-27 21:33:15 143,360 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-05-16 19:01:00 768,544 ----a-w C:\Windows\nvtmpinst\nvcplui.exe
+ 2008-05-16 19:01:00 313,888 ----a-w C:\Windows\nvtmpinst\nvexpbar.dll
- 2008-07-25 17:29:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-05 05:11:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-25 17:29:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-08-05 05:11:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-03-15 14:10:00 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-01 05:19:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-15 14:10:00 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-01 05:19:02 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-15 14:10:00 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-01 05:19:02 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-25 17:32:23 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-05 05:13:00 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-05 05:13:00 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-03-26 13:08:30 2,641,057 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
+ 2008-07-26 07:37:52 2,641,057 -c--a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat
- 2008-07-25 17:59:37 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-05 05:12:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-05 05:12:55 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-07-25 17:44:51 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-04 18:04:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-25 17:44:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-04 18:04:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-25 17:44:51 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-04 18:04:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-25 17:40:05 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-08-05 05:21:15 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2007-12-19 01:55:00 8,238,720 ----a-w C:\Windows\System32\drivers\nvlddmkm.sys
+ 2008-05-16 19:01:00 7,465,312 ----a-w C:\Windows\System32\drivers\nvlddmkm.sys
+ 2008-05-16 19:01:00 795,104 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\dpinst.exe
+ 2008-05-16 19:01:00 442,368 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvapi.dll
+ 2008-05-16 19:01:00 114,688 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvcod.dll
+ 2008-05-16 19:01:00 154,144 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvcolor.exe
+ 2008-05-16 19:01:00 13,535,776 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvcpl.dll
+ 2008-05-16 19:01:00 768,544 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvcplui.exe
+ 2008-05-16 19:01:00 5,689,344 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvd3dum.dll
+ 2008-05-16 19:01:00 6,588,960 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvdisps.dll
+ 2008-05-16 19:01:00 313,888 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvexpbar.dll
+ 2008-05-16 19:01:00 3,398,176 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvgames.dll
+ 2008-05-16 19:01:00 7,465,312 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvlddmkm.sys
+ 2008-05-16 19:01:00 236,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvmccs.dll
+ 2008-05-16 19:01:00 45,056 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvmccsrs.dll
+ 2008-05-16 19:01:00 195,104 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvmccss.dll
+ 2008-05-16 19:01:00 92,704 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvmctray.dll
+ 2008-05-16 19:01:00 1,264,160 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvmobls.dll
+ 2008-05-16 19:01:00 9,039,872 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvoglv32.dll
+ 2008-05-16 19:01:00 526,880 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvsvc.dll
+ 2008-05-16 19:01:00 446,464 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvudisp.exe
+ 2008-05-16 19:01:00 3,783,200 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvvitvs.dll
+ 2008-05-16 19:01:00 118,784 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvvsvc.exe
+ 2008-05-16 19:01:00 2,360,832 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvwgf2um.dll
+ 2008-05-16 19:01:00 2,636,320 ----a-w C:\Windows\System32\DriverStore\FileRepository\nv_disp.inf_e4c5bd3a\nvwss.dll
- 2008-02-22 06:23:35 135,168 ----a-w C:\Windows\System32\java.exe
+ 2008-06-10 06:21:01 135,168 ----a-w C:\Windows\System32\java.exe
- 2008-02-22 06:23:39 135,168 ----a-w C:\Windows\System32\javaw.exe
+ 2008-06-10 06:21:04 135,168 ----a-w C:\Windows\System32\javaw.exe
- 2008-02-22 07:33:32 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2008-06-10 07:32:34 139,264 ----a-w C:\Windows\System32\javaws.exe
+ 2008-03-25 02:32:44 218,496 ----a-r C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe
- 2007-12-31 09:27:45 74,649 ----a-w C:\Windows\System32\Macromed\Flash\uninstall_activeX.exe
+ 2008-07-30 07:20:45 74,137 ----a-w C:\Windows\System32\Macromed\Flash\uninstall_activeX.exe
- 2008-01-19 07:34:49 35,328 ----a-w C:\Windows\System32\mimefilt.dll
+ 2008-05-27 05:18:32 40,448 ----a-w C:\Windows\System32\mimefilt.dll
- 2008-01-19 07:35:13 248,832 ----a-w C:\Windows\System32\msshsq.dll
+ 2008-05-27 05:18:32 231,936 ----a-w C:\Windows\System32\msshsq.dll
- 2008-01-19 07:35:13 333,824 ----a-w C:\Windows\System32\mssph.dll
+ 2008-05-27 05:18:25 350,208 ----a-w C:\Windows\System32\mssph.dll
- 2008-01-19 07:35:13 167,936 ----a-w C:\Windows\System32\mssphtb.dll
+ 2008-05-27 05:18:55 203,776 ----a-w C:\Windows\System32\mssphtb.dll
- 2008-01-19 07:35:13 52,224 ----a-w C:\Windows\System32\msstrc.dll
+ 2008-05-27 05:18:40 44,032 ----a-w C:\Windows\System32\msstrc.dll
- 2008-01-19 07:35:13 1,696,768 ----a-w C:\Windows\System32\mssvp.dll
+ 2008-05-27 05:18:56 670,208 ----a-w C:\Windows\System32\mssvp.dll
- 2008-01-19 07:35:38 122,368 ----a-w C:\Windows\System32\nlhtml.dll
+ 2008-05-27 05:18:30 136,704 ----a-w C:\Windows\System32\nlhtml.dll
- 2007-12-19 01:55:00 385,024 ----a-w C:\Windows\System32\nvapi.dll
+ 2008-05-16 19:01:00 442,368 ----a-w C:\Windows\System32\nvapi.dll
- 2007-12-19 01:55:00 35,328 ----a-w C:\Windows\System32\nvcod.dll
+ 2008-05-16 19:01:00 114,688 ----a-w C:\Windows\System32\nvcod.dll
+ 2008-05-16 19:01:00 114,688 ----a-w C:\Windows\System32\nvcod130.dll
+ 2008-05-16 19:01:00 114,688 ----a-w C:\Windows\System32\nvcodh.dll
+ 2008-05-16 19:01:00 114,688 ----a-w C:\Windows\System32\nvcodhins.dll
- 2007-12-19 01:55:00 147,456 ----a-w C:\Windows\System32\nvcolor.exe
+ 2008-05-16 19:01:00 154,144 ----a-w C:\Windows\System32\nvcolor.exe
- 2007-12-19 01:55:00 8,530,464 ----a-w C:\Windows\System32\nvcpl.dll
+ 2008-05-16 19:01:00 13,535,776 ----a-w C:\Windows\System32\nvcpl.dll
- 2007-12-19 01:55:00 753,664 ----a-w C:\Windows\System32\nvcplui.exe
+ 2008-05-16 19:01:00 768,544 ----a-w C:\Windows\System32\nvcplui.exe
- 2007-12-19 01:55:00 5,263,360 ----a-w C:\Windows\System32\nvd3dum.dll
+ 2008-05-16 19:01:00 5,689,344 ----a-w C:\Windows\System32\nvd3dum.dll
- 2007-12-19 01:55:00 6,549,504 ----a-w C:\Windows\System32\nvdisps.dll
+ 2008-05-16 19:01:00 6,588,960 ----a-w C:\Windows\System32\nvdisps.dll
- 2007-12-19 01:55:00 307,200 ----a-w C:\Windows\System32\nvexpbar.dll
+ 2008-05-16 19:01:00 313,888 ----a-w C:\Windows\System32\nvexpbar.dll
- 2007-12-19 01:55:00 3,420,160 ----a-w C:\Windows\System32\nvgames.dll
+ 2008-05-16 19:01:00 3,398,176 ----a-w C:\Windows\System32\nvgames.dll
- 2007-12-19 01:55:00 229,376 ----a-w C:\Windows\System32\nvmccs.dll
+ 2008-05-16 19:01:00 236,064 ----a-w C:\Windows\System32\nvmccs.dll
- 2007-12-19 01:55:00 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
+ 2008-05-16 19:01:00 45,056 ----a-w C:\Windows\System32\nvmccsrs.dll
- 2007-12-19 01:55:00 188,416 ----a-w C:\Windows\System32\nvmccss.dll
+ 2008-05-16 19:01:00 195,104 ----a-w C:\Windows\System32\nvmccss.dll
- 2007-12-19 01:55:00 81,920 ----a-w C:\Windows\System32\nvmctray.dll
+ 2008-05-16 19:01:00 92,704 ----a-w C:\Windows\System32\nvmctray.dll
- 2007-12-19 01:55:00 1,228,800 ----a-w C:\Windows\System32\nvmobls.dll
+ 2008-05-16 19:01:00 1,264,160 ----a-w C:\Windows\System32\nvmobls.dll
- 2007-12-19 01:55:00 7,098,368 ----a-w C:\Windows\System32\nvoglv32.dll
+ 2008-05-16 19:01:00 9,039,872 ----a-w C:\Windows\System32\nvoglv32.dll
- 2007-12-19 01:55:00 86,016 ----a-w C:\Windows\System32\nvsvc.dll
+ 2008-05-16 19:01:00 526,880 ----a-w C:\Windows\System32\nvsvc.dll
- 2007-12-19 01:55:00 356,352 ----a-w C:\Windows\System32\nvudisp.exe
+ 2008-05-16 19:01:00 446,464 ----a-w C:\Windows\System32\nvudisp.exe
- 2007-12-19 01:55:00 3,710,976 ----a-w C:\Windows\System32\nvvitvs.dll
+ 2008-05-16 19:01:00 3,783,200 ----a-w C:\Windows\System32\nvvitvs.dll
+ 2008-05-16 19:01:00 118,784 ----a-w C:\Windows\System32\nvvsvc.exe
- 2007-12-19 01:55:00 1,830,912 ----a-w C:\Windows\System32\nvwgf2um.dll
+ 2008-05-16 19:01:00 2,360,832 ----a-w C:\Windows\System32\nvwgf2um.dll
- 2007-12-19 01:55:00 2,498,560 ----a-w C:\Windows\System32\nvwss.dll
+ 2008-05-16 19:01:00 2,636,320 ----a-w C:\Windows\System32\nvwss.dll
- 2008-01-19 07:36:11 65,536 ----a-w C:\Windows\System32\propdefs.dll
+ 2008-05-27 05:18:06 71,680 ----a-w C:\Windows\System32\propdefs.dll
- 2008-01-19 07:36:17 26,624 ----a-w C:\Windows\System32\rtffilt.dll
+ 2008-05-27 05:18:30 38,400 ----a-w C:\Windows\System32\rtffilt.dll
- 2008-01-19 07:33:28 302,080 ----a-w C:\Windows\System32\SearchIndexer.exe
+ 2008-05-27 05:18:43 439,808 ----a-w C:\Windows\System32\SearchIndexer.exe
- 2008-01-19 07:33:28 179,200 ----a-w C:\Windows\System32\SearchProtocolHost.exe
+ 2008-05-27 05:18:16 184,832 ----a-w C:\Windows\System32\SearchProtocolHost.exe
- 2008-07-13 03:47:31 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-07-26 09:09:17 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
- 2008-07-25 17:33:18 16,930 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-969393467-3198209037-4009577033-1000_UserData.bin
+ 2008-08-05 05:13:28 17,276 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-969393467-3198209037-4009577033-1000_UserData.bin
- 2008-07-25 17:33:17 77,902 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-05 05:13:28 79,202 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-25 17:33:14 89,194 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-05 05:13:27 90,450 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-01-19 07:37:11 27,136 ----a-w C:\Windows\System32\wsepno.dll
+ 2008-05-27 05:18:35 29,184 ----a-w C:\Windows\System32\wsepno.dll
- 2008-01-19 07:37:12 110,592 ----a-w C:\Windows\System32\xmlfilter.dll
+ 2008-05-27 05:18:32 56,320 ----a-w C:\Windows\System32\xmlfilter.dll
- 2008-07-13 03:40:52 550,023 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-07-26 07:34:40 2,720,435 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-05-27 05:17:28 301,568 ----a-w C:\Windows\winsxs\x86_desktop_shell-search-srchadmin_31bf3856ad364e35_7.0.6001.16503_none_13fcab3737a334c2\srchadmin.dll
+ 2008-05-27 05:18:30 136,704 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.6001.16503_none_13ff1de93d266b97\nlhtml.dll
+ 2008-05-27 05:18:32 56,320 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-html_31bf3856ad364e35_7.0.6001.16503_none_13ff1de93d266b97\xmlfilter.dll
+ 2008-05-27 05:18:32 40,448 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-mime_31bf3856ad364e35_7.0.6001.16503_none_10a358dd3f57c0de\mimefilt.dll
+ 2008-05-27 05:17:23 194,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-office_31bf3856ad364e35_7.0.6001.16503_none_fab3f42bbfadf408\offfilt.dll
+ 2008-05-27 05:18:30 38,400 ----a-w C:\Windows\winsxs\x86_microsoft-windows-content-filter-rtf_31bf3856ad364e35_7.0.6001.16503_none_485964bf76e0570a\rtffilt.dll
+ 2008-05-27 05:17:46 754,176 ----a-w C:\Windows\winsxs\x86_microsoft-windows-propsys_31bf3856ad364e35_7.0.6001.16503_none_f3d11aeeb9526bbb\propsys.dll
+ 2008-05-27 05:18:35 29,184 ----a-w C:\Windows\winsxs\x86_microsoft-windows-search-profilenotify_31bf3856ad364e35_7.0.6001.16503_none_d86cd72c8d3c237e\wsepno.dll
+ 2008-05-27 05:17:16 6,103,040 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..-chinesetraditional_31bf3856ad364e35_7.0.6001.16503_none_df2000cce0d8c017\chtbrkr.dll
+ 2008-05-27 05:17:16 313,344 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..breakerstemmer-thai_31bf3856ad364e35_7.0.6001.16503_none_d40428cfc6b6fdf9\thawbrkr.dll
+ 2008-05-27 05:17:16 143,872 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..eakerstemmer-korean_31bf3856ad364e35_7.0.6001.16503_none_14072d09797cf93d\korwbrkr.dll
+ 2008-05-27 05:17:13 1,671,680 ----a-w C:\Windows\winsxs\x86_microsoft-windows-w..r-chinesesimplified_31bf3856ad364e35_7.0.6001.16503_none_4cbdb704b61543d2\chsbrkr.dll
+ 2008-05-27 05:18:43 13,824 ----a-w C:\Windows\winsxs\x86_windowssearch-wtrservicingsupport_31bf3856ad364e35_7.0.6001.16503_none_163fe74a2171e12e\WSWTRSvc.exe
+ 2008-05-27 05:18:32 231,936 ----a-w C:\Windows\winsxs\x86_windowssearchengine-structuredquery_31bf3856ad364e35_7.0.6001.16503_none_98586419f9103903\msshsq.dll
+ 2008-05-27 04:59:39 106,605 ----a-w C:\Windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_7.0.6001.16503_none_88f88929e3c77aa3\StructuredQuerySchema.bin
+ 2008-05-27 04:59:40 18,904 ----a-w C:\Windows\winsxs\x86_windowssearchengine..uredqueryschema.bin_31bf3856ad364e35_7.0.6001.16503_none_88f88929e3c77aa3\StructuredQuerySchemaTrivial.bin
+ 2008-05-27 05:17:42 34,816 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msscb.dll
+ 2008-05-27 05:17:25 60,416 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msscntrs.dll
+ 2008-05-27 05:17:36 11,776 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msshooks.dll
+ 2008-05-27 05:17:25 87,552 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssitlb.dll
+ 2008-05-27 05:18:25 350,208 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssph.dll
+ 2008-05-27 05:18:55 203,776 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssphtb.dll
+ 2008-05-27 05:17:26 32,768 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssprxy.dll
+ 2008-05-27 05:21:24 1,418,240 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssrch.dll
+ 2008-05-27 05:18:40 44,032 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\msstrc.dll
+ 2008-05-27 05:18:56 670,208 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\mssvp.dll
+ 2008-05-27 05:18:06 71,680 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\propdefs.dll
+ 2008-05-27 05:17:55 87,552 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchFilterHost.exe
+ 2008-05-27 05:18:43 439,808 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchIndexer.exe
+ 2008-05-27 05:18:16 184,832 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchProtocolHost.exe
+ 2008-05-27 05:21:07 1,582,592 ----a-w C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\tquery.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 02:33 125952]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 02:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"auditadmin"="C:\windows\options\auditadmin.cmd" [2007-04-05 19:58 476]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 18:04 2348584]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-01 08:08 949376]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 02:33 227840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 14:01 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 14:01 92704]
"PhiBtn"="C:\Windows\System32\Drivers\PhiBtn.exe" [BU]
"TrayMin900"="C:\Windows\System32\Drivers\Tray900.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 16:46 4349952 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]

C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-25 19:56:27 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-29 23:31:09 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.NSVI"= NSVIDEO.DLL

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
--a------ 2007-03-19 10:20 259624 C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 C:\Program Files\Common Files\aol\1199568448\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 22:52 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPPDetect]
--a------ 2004-03-16 14:49 40960 C:\Program Files\NewSoft\Presto! VideoWorks 6\IPP4Detect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 19:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
--a------ 2007-10-22 12:52 75584 C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 10:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-15 12:52 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D9016ED6-7E6A-4733-9451-4B947E3B4DBE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B849EBEF-F8BF-47D5-AE84-FFDF2619C5E3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5DF82768-3AD3-42C3-890B-67FFB6087F6F}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:Beyond TV Registration Service
"{8D45B4C1-774C-44AB-99F5-03FCBCB867D1}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:Beyond TV Registration Service
"{777120E9-BB54-458B-82AB-841A3EB7FB7D}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:Beyond TV Library Service
"{9B099D0E-B636-47C0-9E0D-95CF0469060F}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:Beyond TV Library Service
"{8023A7CE-BB5D-4536-90CF-8EF6B8C8B41D}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:Beyond TV Network Service
"{5BBF1454-DDB2-4DFD-97D1-4A7ADB187C2C}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:Beyond TV Network Service
"{CF2228F7-FF8C-4EA0-AC79-05EDC8493784}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:Beyond TV Recording Engine
"{915A84C2-0551-4E71-80D7-1FCB0ECE91D5}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:Beyond TV Recording Engine
"{E8D2CCF1-0928-4037-9751-46C22A32EADC}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:Beyond TV Guide Data Loader
"{226F141E-F1D1-4575-885B-BF478BB4DB80}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:Beyond TV Guide Data Loader
"{AA4C1154-3C8B-4603-9B65-4862763BAC67}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:Beyond TV Settings Service
"{8DB49E7C-5F22-459F-A177-22A8088BF304}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:Beyond TV Settings Service
"{2DC4135F-AD50-46C4-B41F-17C3DD747C51}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:Beyond TV Task Manager Service
"{3119FF8A-2B25-48C0-85A9-087FDEE547C8}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:Beyond TV Task Manager Service
"{4B9FFAEE-C62F-4542-909B-14B85AD48E04}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:Beyond TV ViewScape
"{D707EE12-5C6C-440E-AA88-00FBF416BAC8}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:Beyond TV ViewScape
"{3DE595B0-F6A2-4C9E-9DAD-21A657341822}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:Beyond TV Setup Wizard
"{189DF32D-B5C3-45CD-9817-EFB04270C016}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:Beyond TV Setup Wizard
"TCP Query User{CBD6BDBD-44BB-4F7A-94A7-75BF7385F2C0}C:\\program files\\world of warcraft\\wow-2.2.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{F11CE85A-96BE-4CD1-9683-B3690EB1F28A}C:\\program files\\world of warcraft\\wow-2.2.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{AB74DB35-565A-44BA-A990-ED7C09A86A82}C:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe:Blizzard Downloader
"UDP Query User{6D98AC01-E756-487C-ADF5-92620DF73489}C:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe:Blizzard Downloader
"TCP Query User{042043E3-3F1F-4490-8F0E-710AA396C1C1}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{FC47FCBA-3798-4052-A345-1B6B4ED62570}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{8A752FFF-F0CE-40A5-B9FB-B75E694BD64C}C:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe:Blizzard Downloader
"UDP Query User{761E2616-B5B5-4991-851A-D0A16F2A2AF7}C:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe:Blizzard Downloader
"{3F8DBF73-452C-495E-A32B-6A37B8D379A0}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{F4084399-4C7C-4A6A-A50A-8ED8C53221CA}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{46C0492C-5087-4B5F-960C-72AE499A60E0}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{0FA74659-9970-4A6A-9FB2-4FE12FDC6E6C}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"TCP Query User{739789E4-4AD8-44C8-B313-B6556C16A9A2}C:\\program files\\shades of truth\\underlight.exe"= UDP:C:\program files\shades of truth\underlight.exe:P-Lyra
"UDP Query User{D966E2C2-018E-45FB-B2A4-BF88FF9C8893}C:\\program files\\shades of truth\\underlight.exe"= TCP:C:\program files\shades of truth\underlight.exe:P-Lyra
"TCP Query User{5838DC9E-F0EF-4EB5-812A-C28A73F7985D}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{7C563B76-CBC8-4272-B9DD-44770B56244F}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{F5DFC06C-43B6-467A-83C8-13101C202104}C:\\users\\jeff\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\jeff\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{3DDB5C3A-CF7D-4BFF-8E2B-1F4B1B3323F6}C:\\users\\jeff\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\jeff\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{A396B86C-019C-4DBF-894D-5256C36D0794}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"UDP Query User{B40BE65D-8913-43CD-9905-F97E444E43B1}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"TCP Query User{B40F5858-707B-457C-83C8-D7C3358C336C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{99A8B560-063C-4731-9551-81DBEFA6C07C}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{464184D5-4886-4399-A83E-23F4407D173B}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{8F34C19E-081E-4538-9A27-48140C769DE2}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{001796E6-5BC5-4BEB-9671-C71B89C9ECCE}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{F40C2A12-3865-412C-968D-FD3F618CCB2F}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{1C7BD611-8ECA-422F-A7BC-1BB70E0A68CA}"= UDP:C:\Program Files\AOL 9.0a\waol.exe:AOL
"{0023D449-D9B6-4252-8F38-F24A5468D9B7}"= TCP:C:\Program Files\AOL 9.0a\waol.exe:AOL
"{ABFF9636-F8E3-4E20-A498-0D888A77D5E5}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{5E11565F-D08D-464D-878C-01B905986E1F}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{1A34A367-E1F2-4F14-898F-47A17B189F40}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{C1E987EA-6BFF-48A5-8F33-01EF09DE182F}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{36E84982-0C4C-47BE-BC5C-369FBCD22943}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{E5928EC5-59F7-431C-B004-93C786DED980}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{3F128E8C-76C1-4777-848D-9E04B629D438}"= UDP:C:\Program Files\AOL 9.0b\waol.exe:AOL
"{1DF66FF6-541C-45B8-B808-7C07F750E258}"= TCP:C:\Program Files\AOL 9.0b\waol.exe:AOL
"{BC2C87A8-DD05-49CF-9F96-B4E5E33256BA}"= UDP:C:\Program Files\Common Files\aol\1199566442\ee\aolsoftware.exe:AOL Shared Components
"{D0E8E484-E01A-4E3E-85F8-ADC9B6B0336B}"= TCP:C:\Program Files\Common Files\aol\1199566442\ee\aolsoftware.exe:AOL Shared Components
"{38198640-A2AD-464B-AB44-BF0AEC0BFC9C}"= UDP:C:\Program Files\Common Files\aol\1199568448\ee\aolsoftware.exe:AOL Shared Components
"{D2C1036C-8765-4195-9A38-151AA42CD2AD}"= TCP:C:\Program Files\Common Files\aol\1199568448\ee\aolsoftware.exe:AOL Shared Components
"{51A3F9F5-26F1-4D38-838E-A999A224829E}"= UDP:C:\Program Files\AOL 9.1\waol.exe:AOL
"{04766688-1A24-4B23-896E-A93221CFDFC2}"= TCP:C:\Program Files\AOL 9.1\waol.exe:AOL
"TCP Query User{DCF7E62A-8574-497E-A898-94B59FABD5FD}C:\\users\\jeff\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\jeff\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{1A545066-588A-4FBB-AFCE-40F3FBA3446D}C:\\users\\jeff\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\jeff\program files\utorrent\utorrent.exe:utorrent.exe
"{CD3A12C0-0983-48E0-AA1E-08DF6A173C03}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{26886B81-95CD-4DA6-B7C2-78DE0DC64DFA}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{204CDFC4-4328-4276-92CB-DEDDB5D6683C}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A7B5323B-EB80-490C-80BE-04BD997B06EA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C14AAE9C-412E-4A50-9F59-443D121A32E9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C34DE1C0-2859-4C47-B693-2148EA0D623A}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{826F8499-49EF-401C-9BD3-A5E0DB4B9C97}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{2D9BCDD3-7344-4CBA-9DD2-82D85F1ECA06}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{65DCB432-5C13-4D87-949C-654E878BB3BE}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B83BF5C1-E82C-4E6C-BCF4-83FB91341630}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{E578A938-E364-4870-B631-140D4E426A67}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{D6CDD40E-72D7-4372-8E49-B6FA399EA6E2}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BED51DCB-521F-4BB4-8435-52F7ABD59C11}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B3411FE4-D09C-42F7-847E-090677D38247}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{1B470EA0-99DD-4D2C-805B-BF280980CC94}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{A0C410C7-F5C2-45E4-B792-2F4ADA510A73}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{F6D479C4-1A04-4127-A60A-022A838EA18C}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{8842ED0A-4911-4742-9720-6A76C3D5FB6E}"= UDP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{B9886591-77E7-4E58-A306-F34CD7A25843}"= TCP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"TCP Query User{EE57C978-7A91-4CEB-98CA-BA09181F9C42}C:\\users\\jeff\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:C:\users\jeff\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{4158E73A-0103-4098-85C5-8FB6F5837274}C:\\users\\jeff\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:C:\users\jeff\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"TCP Query User{DEE29D52-2C70-4724-BE77-522247FCD489}C:\\program files\\oovoo\\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{B7761C7F-717B-41F7-BF9B-060B9233CCB9}C:\\program files\\oovoo\\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo
"{4888903E-B6B1-40E5-95D3-A68F99D3ACAB}"= Disabled:UDP:443:ooVoo TCP port 443
"{8F1132E3-1BA4-4659-B17B-7F7979094AC0}"= Disabled:TCP:443:ooVoo UDP port 443
"{16455A28-1DDB-4F19-AF78-9166A4EC843B}"= Disabled:UDP:37674:ooVoo TCP port 37674
"{1C937F7F-7A08-4C76-82AD-3EEE697C6362}"= Disabled:TCP:37674:ooVoo UDP port 37674
"{C165B523-4A89-48A1-820E-EA752A37D4EA}"= Disabled:TCP:37675:ooVoo UDP port 37675
"{66E86256-E406-4D8B-A412-DAD1FC3F63D2}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe:TV Notifier Service
"{E8FB135C-D536-4CD8-B219-5E9BF7A0C8C2}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe:TV Notifier Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 18:23]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);C:\Windows\system32\DRIVERS\xcbda.sys [2006-11-30 22:39]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 18:50]
S3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-05-04 09:45]
S3 mr97310c;CIF Dual-Mode Camera;C:\Windows\system32\DRIVERS\mr97310c.sys [2005-04-11 15:26]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 02:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 00:46:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-05 0:59:55
ComboFix-quarantined-files.txt 2008-08-05 05:58:59
ComboFix2.txt 2008-07-25 19:50:18

Pre-Run: 309,135,859,712 bytes free
Post-Run: 309,544,534,016 bytes free

481 --- E O F --- 2008-08-02 04:40:46

Here is the Pandascan log.
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-05 02:34:28
PROTECTIONS: 1
MALWARE: 43
SUSPECTS: 2
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.3806.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@trafficmp[2].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@tradedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@mediaplex[2].txt
00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@7search[2].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@clickbank[1].txt
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@ccbill[2].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@findwhat[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@yadro[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@yadro[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@xiti[1].txt
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.azjmp.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@azjmp[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@statcounter[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@perf.overture[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@bs.serving-sys[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@www.burstbeacon[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@adtech[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@server.iad.liveperson[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.advertising.com/]
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@media.adrevolver[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@media.adrevolver[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@statse.webtrendslive[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@ads.pointroll[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@adrevolver[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.adrevolver.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@target[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@target[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@atwola[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@ads.addynamix[1].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@enhance[2].txt
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@enhance[2].txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\pim7h6kr.default\cookies.txt[.adserver.easyad.info/]
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\Low\jeff@adserver.easyad[1].txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Cookies\jeff@adserver.easyad[1].txt
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Program Files\ESET\infected\FC33OIDA.NQF
03009106 W32/Xor-encoded.A Virus No 0 Yes No C:\Program Files\ESET\infected\IHL5OLAA.NQF
;===================================================================================================================================================================================
SUSPECTS
Sent Location ���`�r
s5
;===================================================================================================================================================================================
No C:\Deckard\System Scanner\20080722033348\backup\Users\Jeff\AppData\Local\Temp\aax4FA3.tmp.exe[²ÇÇ\y_toolbar.exe][²èÇ]
No C:\Users\Jeff\Desktop\ComboFix.exe ���`�r
s5
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description ���`�r
s5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Here is a new HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:48, on 2008-08-05
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smunet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [auditadmin] C:\windows\options\auditadmin.cmd
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PhiBtn] C:\Windows\System32\Drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] C:\Windows\System32\Drivers\Tray900.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8939 bytes
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Re: Vista Troubles

Unread postby Carolyn » August 6th, 2008, 1:37 pm

Hello,

Since you have uninstalled uTorrent and LimeWire, we should tighten up your Firewall Policies and remove entries associated with those programs.

Custom CFScript

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
Folder::
C:\program files\utorrent
C:\program files\limewire
C:\users\jeff\program files\utorrent

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{042043E3-3F1F-4490-8F0E-710AA396C1C1}C:\\program files\\utorrent\\utorrent.exe"= -
"UDP Query User{FC47FCBA-3798-4052-A345-1B6B4ED62570}C:\\program files\\utorrent\\utorrent.exe"=-
"TCP Query User{B40F5858-707B-457C-83C8-D7C3358C336C}C:\\program files\\limewire\\limewire.exe"=-
"UDP Query User{99A8B560-063C-4731-9551-81DBEFA6C07C}C:\\program files\\limewire\\limewire.exe"=-
"TCP Query User{DCF7E62A-8574-497E-A898-94B59FABD5FD}C:\\users\\jeff\\program files\\utorrent\\utorrent.exe"=-
"UDP Query User{1A545066-588A-4FBB-AFCE-40F3FBA3446D}C:\\users\\jeff\\program files\\utorrent\\utorrent.exe"=- 


Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click programs and features.
  3. In programs and features, highlight >>Viewpoint component<< , click Uninstall
  4. Do the same for each Viewpoint component.


Please post the ComboFix log along with a fresh HijackThis log and a description of how this computer is behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Vista Troubles

Unread postby Keronadon » August 7th, 2008, 2:22 am

Okay did everything you said,Here is the combofix log:
ComboFix 08-08-04.01 - Jeff 2008-08-07 0:53:30.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2284 [GMT -5:00]
Running from: C:\Users\Jeff\Desktop\ComboFix.exe
Command switches used :: C:\Users\Jeff\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))
.

2008-08-05 14:00 . 2008-08-05 14:00 <DIR> d-------- C:\Users\All Users\Apple
2008-08-05 14:00 . 2008-08-05 14:00 <DIR> d-------- C:\ProgramData\Apple
2008-08-05 14:00 . 2008-08-05 14:00 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-05 02:59 . 2008-08-05 03:01 <DIR> d-------- C:\Music
2008-08-05 01:27 . 2008-08-05 01:27 <DIR> d-------- C:\Program Files\Panda Security
2008-08-05 01:27 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-08-01 13:38 . 2008-08-01 13:39 153,950 --a------ C:\Windows\System32\Upload_This_file.zip
2008-07-27 16:33 . 2008-07-27 16:33 <DIR> d-------- C:\Windows\nvtmpinst
2008-07-27 16:32 . 2008-06-11 14:48 188,960 --a------ C:\Windows\System32\nvapps.xml
2008-07-22 03:31 . 2008-07-22 03:31 <DIR> d-------- C:\Deckard
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\Users\Jeff\AppData\Roaming\Malwarebytes
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 02:22 . 2008-07-20 20:21 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-07-22 02:22 . 2008-07-20 20:21 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-16 00:01 . 2008-07-16 00:01 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-07-16 00:01 . 2008-07-16 00:01 <DIR> d-------- C:\ProgramData\Apple Computer
2008-07-16 00:01 . 2008-07-16 00:02 <DIR> d-------- C:\Program Files\QuickTime
2008-07-12 22:42 . 2008-06-25 20:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-12 22:42 . 2008-06-25 20:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-12 22:42 . 2008-06-25 22:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-08 15:29 . 2008-07-08 15:29 <DIR> d-------- C:\Windows\SQL9_KB948109_ENU
2008-07-08 13:42 . 2008-04-26 03:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-08 13:42 . 2008-04-11 22:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 10:06 --------- d-----w C:\ProgramData\Google Updater
2008-07-27 21:35 --------- d-----w C:\ProgramData\NVIDIA
2008-07-27 04:42 --------- d-----w C:\Program Files\Java
2008-07-15 11:06 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-13 03:45 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-08 20:29 --------- d-----w C:\Program Files\Windows Mail
2008-07-08 20:29 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-06-26 10:46 --------- d-----w C:\Program Files\Total Video Converter
2008-06-25 06:53 --------- d-----w C:\Program Files\DivX
2008-06-24 08:21 2,834 ----a-w C:\Users\Jeff\AppData\Roaming\SAS7_000.DAT
2008-06-19 08:42 --------- d-----w C:\Users\Jeff\AppData\Roaming\CyberLink
2008-06-19 07:18 --------- d-----w C:\Users\Jeff\AppData\Roaming\dvdcss
2008-06-15 22:05 --------- d-----w C:\ProgramData\Nero
2008-06-15 22:05 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-15 21:58 --------- d-----w C:\Program Files\Common Files\Steam
2008-06-15 21:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 21:40 --------- d-----w C:\Program Files\Common Files\SnapStream
2008-06-15 21:40 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-06-15 09:28 --------- d-----w C:\Program Files\SiSoftware
2008-06-15 09:15 --------- d---a-w C:\ProgramData\TEMP
2008-06-14 08:56 --------- d-----w C:\Users\Jeff\AppData\Roaming\Move Networks
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-16 16:48 446,464 ----a-w C:\Windows\System32\nvuninst.exe
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2008-03-26 13:08 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_2008-08-05_ 0.53.11.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-30 15:39:58 128,256 ----a-w C:\Windows\Downloaded Program Files\as2stubie.dll
+ 2008-08-05 19:00:46 27,136 ----a-r C:\Windows\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
- 2008-08-05 05:11:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-05 18:49:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-08-05 05:11:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-08-05 18:49:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-05 05:13:00 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-05 18:53:47 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-05 18:53:47 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-08-05 05:12:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-05 18:53:42 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-05 18:53:42 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-04 18:04:14 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-06 10:06:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-04 18:04:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-06 10:06:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-04 18:04:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-06 10:06:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-05 05:13:28 17,276 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-969393467-3198209037-4009577033-1000_UserData.bin
+ 2008-08-05 18:54:41 17,276 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-969393467-3198209037-4009577033-1000_UserData.bin
- 2008-08-05 05:13:28 79,202 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-05 18:54:40 79,302 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-05 05:13:27 90,450 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-05 18:54:39 90,450 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 02:33 125952]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 02:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"auditadmin"="C:\windows\options\auditadmin.cmd" [2007-04-05 19:58 476]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 18:04 2348584]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-01 08:08 949376]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 02:33 227840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 14:01 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 14:01 92704]
"PhiBtn"="C:\Windows\System32\Drivers\PhiBtn.exe" [BU]
"TrayMin900"="C:\Windows\System32\Drivers\Tray900.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 16:46 4349952 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]

C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-25 19:56:27 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-29 23:31:09 692224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.NSVI"= NSVIDEO.DLL

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
--a------ 2007-03-19 10:20 259624 C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 C:\Program Files\Common Files\aol\1199568448\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 22:52 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPPDetect]
--a------ 2004-03-16 14:49 40960 C:\Program Files\NewSoft\Presto! VideoWorks 6\IPP4Detect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 19:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
--a------ 2007-10-22 12:52 75584 C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 10:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-15 12:52 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D9016ED6-7E6A-4733-9451-4B947E3B4DBE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B849EBEF-F8BF-47D5-AE84-FFDF2619C5E3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5DF82768-3AD3-42C3-890B-67FFB6087F6F}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:Beyond TV Registration Service
"{8D45B4C1-774C-44AB-99F5-03FCBCB867D1}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:Beyond TV Registration Service
"{777120E9-BB54-458B-82AB-841A3EB7FB7D}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:Beyond TV Library Service
"{9B099D0E-B636-47C0-9E0D-95CF0469060F}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:Beyond TV Library Service
"{8023A7CE-BB5D-4536-90CF-8EF6B8C8B41D}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:Beyond TV Network Service
"{5BBF1454-DDB2-4DFD-97D1-4A7ADB187C2C}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:Beyond TV Network Service
"{CF2228F7-FF8C-4EA0-AC79-05EDC8493784}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:Beyond TV Recording Engine
"{915A84C2-0551-4E71-80D7-1FCB0ECE91D5}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:Beyond TV Recording Engine
"{E8D2CCF1-0928-4037-9751-46C22A32EADC}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:Beyond TV Guide Data Loader
"{226F141E-F1D1-4575-885B-BF478BB4DB80}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:Beyond TV Guide Data Loader
"{AA4C1154-3C8B-4603-9B65-4862763BAC67}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:Beyond TV Settings Service
"{8DB49E7C-5F22-459F-A177-22A8088BF304}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:Beyond TV Settings Service
"{2DC4135F-AD50-46C4-B41F-17C3DD747C51}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:Beyond TV Task Manager Service
"{3119FF8A-2B25-48C0-85A9-087FDEE547C8}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:Beyond TV Task Manager Service
"{4B9FFAEE-C62F-4542-909B-14B85AD48E04}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:Beyond TV ViewScape
"{D707EE12-5C6C-440E-AA88-00FBF416BAC8}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:Beyond TV ViewScape
"{3DE595B0-F6A2-4C9E-9DAD-21A657341822}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:Beyond TV Setup Wizard
"{189DF32D-B5C3-45CD-9817-EFB04270C016}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:Beyond TV Setup Wizard
"TCP Query User{CBD6BDBD-44BB-4F7A-94A7-75BF7385F2C0}C:\\program files\\world of warcraft\\wow-2.2.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{F11CE85A-96BE-4CD1-9683-B3690EB1F28A}C:\\program files\\world of warcraft\\wow-2.2.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{AB74DB35-565A-44BA-A990-ED7C09A86A82}C:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe:Blizzard Downloader
"UDP Query User{6D98AC01-E756-487C-ADF5-92620DF73489}C:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe:Blizzard Downloader
"TCP Query User{8A752FFF-F0CE-40A5-B9FB-B75E694BD64C}C:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe:Blizzard Downloader
"UDP Query User{761E2616-B5B5-4991-851A-D0A16F2A2AF7}C:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe:Blizzard Downloader
"{3F8DBF73-452C-495E-A32B-6A37B8D379A0}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{F4084399-4C7C-4A6A-A50A-8ED8C53221CA}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{46C0492C-5087-4B5F-960C-72AE499A60E0}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{0FA74659-9970-4A6A-9FB2-4FE12FDC6E6C}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"TCP Query User{739789E4-4AD8-44C8-B313-B6556C16A9A2}C:\\program files\\shades of truth\\underlight.exe"= UDP:C:\program files\shades of truth\underlight.exe:P-Lyra
"UDP Query User{D966E2C2-018E-45FB-B2A4-BF88FF9C8893}C:\\program files\\shades of truth\\underlight.exe"= TCP:C:\program files\shades of truth\underlight.exe:P-Lyra
"TCP Query User{5838DC9E-F0EF-4EB5-812A-C28A73F7985D}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{7C563B76-CBC8-4272-B9DD-44770B56244F}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{F5DFC06C-43B6-467A-83C8-13101C202104}C:\\users\\jeff\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\jeff\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{3DDB5C3A-CF7D-4BFF-8E2B-1F4B1B3323F6}C:\\users\\jeff\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\jeff\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{A396B86C-019C-4DBF-894D-5256C36D0794}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"UDP Query User{B40BE65D-8913-43CD-9905-F97E444E43B1}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"{464184D5-4886-4399-A83E-23F4407D173B}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{8F34C19E-081E-4538-9A27-48140C769DE2}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{001796E6-5BC5-4BEB-9671-C71B89C9ECCE}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{F40C2A12-3865-412C-968D-FD3F618CCB2F}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{1C7BD611-8ECA-422F-A7BC-1BB70E0A68CA}"= UDP:C:\Program Files\AOL 9.0a\waol.exe:AOL
"{0023D449-D9B6-4252-8F38-F24A5468D9B7}"= TCP:C:\Program Files\AOL 9.0a\waol.exe:AOL
"{ABFF9636-F8E3-4E20-A498-0D888A77D5E5}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{5E11565F-D08D-464D-878C-01B905986E1F}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{1A34A367-E1F2-4F14-898F-47A17B189F40}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{C1E987EA-6BFF-48A5-8F33-01EF09DE182F}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{36E84982-0C4C-47BE-BC5C-369FBCD22943}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{E5928EC5-59F7-431C-B004-93C786DED980}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{3F128E8C-76C1-4777-848D-9E04B629D438}"= UDP:C:\Program Files\AOL 9.0b\waol.exe:AOL
"{1DF66FF6-541C-45B8-B808-7C07F750E258}"= TCP:C:\Program Files\AOL 9.0b\waol.exe:AOL
"{BC2C87A8-DD05-49CF-9F96-B4E5E33256BA}"= UDP:C:\Program Files\Common Files\aol\1199566442\ee\aolsoftware.exe:AOL Shared Components
"{D0E8E484-E01A-4E3E-85F8-ADC9B6B0336B}"= TCP:C:\Program Files\Common Files\aol\1199566442\ee\aolsoftware.exe:AOL Shared Components
"{38198640-A2AD-464B-AB44-BF0AEC0BFC9C}"= UDP:C:\Program Files\Common Files\aol\1199568448\ee\aolsoftware.exe:AOL Shared Components
"{D2C1036C-8765-4195-9A38-151AA42CD2AD}"= TCP:C:\Program Files\Common Files\aol\1199568448\ee\aolsoftware.exe:AOL Shared Components
"{51A3F9F5-26F1-4D38-838E-A999A224829E}"= UDP:C:\Program Files\AOL 9.1\waol.exe:AOL
"{04766688-1A24-4B23-896E-A93221CFDFC2}"= TCP:C:\Program Files\AOL 9.1\waol.exe:AOL
"{CD3A12C0-0983-48E0-AA1E-08DF6A173C03}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{26886B81-95CD-4DA6-B7C2-78DE0DC64DFA}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{204CDFC4-4328-4276-92CB-DEDDB5D6683C}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A7B5323B-EB80-490C-80BE-04BD997B06EA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C14AAE9C-412E-4A50-9F59-443D121A32E9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C34DE1C0-2859-4C47-B693-2148EA0D623A}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{826F8499-49EF-401C-9BD3-A5E0DB4B9C97}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{2D9BCDD3-7344-4CBA-9DD2-82D85F1ECA06}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{65DCB432-5C13-4D87-949C-654E878BB3BE}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B83BF5C1-E82C-4E6C-BCF4-83FB91341630}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{E578A938-E364-4870-B631-140D4E426A67}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{D6CDD40E-72D7-4372-8E49-B6FA399EA6E2}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BED51DCB-521F-4BB4-8435-52F7ABD59C11}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B3411FE4-D09C-42F7-847E-090677D38247}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{1B470EA0-99DD-4D2C-805B-BF280980CC94}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{A0C410C7-F5C2-45E4-B792-2F4ADA510A73}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{F6D479C4-1A04-4127-A60A-022A838EA18C}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{8842ED0A-4911-4742-9720-6A76C3D5FB6E}"= UDP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{B9886591-77E7-4E58-A306-F34CD7A25843}"= TCP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"TCP Query User{EE57C978-7A91-4CEB-98CA-BA09181F9C42}C:\\users\\jeff\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:C:\users\jeff\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{4158E73A-0103-4098-85C5-8FB6F5837274}C:\\users\\jeff\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:C:\users\jeff\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"TCP Query User{DEE29D52-2C70-4724-BE77-522247FCD489}C:\\program files\\oovoo\\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{B7761C7F-717B-41F7-BF9B-060B9233CCB9}C:\\program files\\oovoo\\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo
"{4888903E-B6B1-40E5-95D3-A68F99D3ACAB}"= Disabled:UDP:443:ooVoo TCP port 443
"{8F1132E3-1BA4-4659-B17B-7F7979094AC0}"= Disabled:TCP:443:ooVoo UDP port 443
"{16455A28-1DDB-4F19-AF78-9166A4EC843B}"= Disabled:UDP:37674:ooVoo TCP port 37674
"{1C937F7F-7A08-4C76-82AD-3EEE697C6362}"= Disabled:TCP:37674:ooVoo UDP port 37674
"{C165B523-4A89-48A1-820E-EA752A37D4EA}"= Disabled:TCP:37675:ooVoo UDP port 37675
"{66E86256-E406-4D8B-A412-DAD1FC3F63D2}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe:TV Notifier Service
"{E8FB135C-D536-4CD8-B219-5E9BF7A0C8C2}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe:TV Notifier Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 18:23]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);C:\Windows\system32\DRIVERS\xcbda.sys [2006-11-30 22:39]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 18:50]
S3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-05-04 09:45]
S3 mr97310c;CIF Dual-Mode Camera;C:\Windows\system32\DRIVERS\mr97310c.sys [2005-04-11 15:26]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 02:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 00:55:17
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\Jeff\AppData\Roaming\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\DB\{106C2E00-822A-44F8-B867-FBFB75E42411}.xml 859 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-08-07 0:57:13
ComboFix-quarantined-files.txt 2008-08-07 05:56:19
ComboFix2.txt 2008-08-05 06:00:07
ComboFix4.txt 2008-07-25 19:50:18

Pre-Run: 306,309,550,080 bytes free
Post-Run: 309,517,692,928 bytes free

321 --- E O F --- 2008-08-06 04:50:53
And here is the new HJT logfile:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:03 AM, on 8/7/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smunet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [auditadmin] C:\windows\options\auditadmin.cmd
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PhiBtn] C:\Windows\System32\Drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] C:\Windows\System32\Drivers\Tray900.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8898 bytes
And here is a kind of side question,I have this window pop up every time I reboot or start up my comp that the people at gateway told me to use recovery to fix and I have never had a recovery drive to use to fix it,it opens up as soon as my desktop opens.At the top it says:C;\Windows\system32\cmd.exe
thats on the top bar of the window,and in the window itself it says "access denied" twice.It has done this since I got the comp.
And as for how the comp is performing,I havn't really done much with it since I started having problems with it,but it still loses connection with the web quite a bit and I have to reboot it to fix it,the reboot has speeded up somewhat but it still stays on the Gateway reboot screen a lot longer than it used to.
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Re: Vista Troubles

Unread postby Keronadon » August 7th, 2008, 2:43 am

new problem has popped up as well,Internet Explorer keeps shuting down and restarting on one of my favorite websites,Camazon.com :lol:
User avatar
Keronadon
Member+
 
Posts: 57
Joined: June 24th, 2007, 11:22 am
Location: West Columbia,South Carolina

Re: Vista Troubles

Unread postby Carolyn » August 7th, 2008, 3:11 pm

Hello,

Remove outdated versions of Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.


  • Go to start > control panel > programs and features.
  • Right click on each instance of:

    Java(TM) 6 Update 5
    Java(TM) SE Runtime Environment 6 Update 1


  • Click Uninstall & then follow the prompts to remove it.
  • Close any programs you may have running - especially your web browser.
  • Reboot your computer.


And here is a kind of side question,I have this window pop up every time I reboot or start up my comp that the people at gateway told me to use recovery to fix and I have never had a recovery drive to use to fix it,it opens up as soon as my desktop opens.At the top it says:C;\Windows\system32\cmd.exe
thats on the top bar of the window,and in the window itself it says "access denied" twice.It has done this since I got the comp.
And as for how the comp is performing,I havn't really done much with it since I started having problems with it,but it still loses connection with the web quite a bit and I have to reboot it to fix it,the reboot has speeded up somewhat but it still stays on the Gateway reboot screen a lot longer than it used to.



As this is a computer troubleshooting issue, not a malware issue, I suggest you use the following link to go to the CastleCops General Computer Problems forum for help from a CastleCops SRT...

http://www.castlecops.com/f120-General_ ... blems.html

I recommend that you register before posting your problem. Registered members can receive notification when there has been a reply to their topic. There is no way for CCSP to notify "guests" when they have received a reply.


This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are

Your log now appears to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.

    Delete ComboFix and Clean Up
    Click Start > Run > type combofix /u > OK (Note the space between combofix and /u)
    Image
    Please advise if this step is missed for any reason as it performs some important actions.

    Protection Programs
    Don't forget to re-enable any protection programs we disabled during your fix.

    General Security and Computer Health
    Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

    • Clear Infected System Restore Points
      Turn off System Restore-Vista
      • Click the Vista/Start icon.
      • Right Click >> Computer
      • Click Properties.
      • Click the System Protection tab.
      • Uncheck All drives
      • Click "Turn Off System Restore" at the prompt then click "Apply".
      • Restart your computer.

      Turn ON System Restore-Vista
      • Click the Vista/Start icon
      • Right Click >> Computer
      • Click Properties.
      • Click the System Protection tab.
      • Checkmark All drives that were selected previously then click "Apply".

    • Set correct settings for files
      • Click Start > Computer > Organize menu (at top of page) > Folder and Search Options > View tab.
      • Under Hidden files and folders if necessary select Do not show hidden files and folders.
      • If unchecked please check Hide protected operating system files (Recommended)
      • If necessary check Display content of system folders
      • If necessary Uncheck Hide file extensions for known file types.
      • Click OK

    • Make sure that you keep your antivirus updated
      New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
      Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

    • Security Updates for Windows, Internet Explorer & Microsoft Office
      Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab.

    • Update Non-Microsoft Programs
      Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.

    • Make Internet Explorer More Secure
      You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.

    • Malwarebytes' Anti-Malware
      Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.

    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

      Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
      If this isn't done first, the next reboot may take a VERY LONG TIME.
      This is how to do it. First be sure you are signed in as a user with administrative privileges:
      Stop and Disable the DNS Client Service
      Go to Start, in the Start Search box type Run, when the run window opens type Services.msc and click OK.
      Under the Extended Tab, Scroll down and find this service.
      DNS Client
      Right-Click on the DNS Client Service. Choose Properties
      Select the General tab. Click on the Stop button.
      Click the Arrow-down tab on the right-hand side at the Start-up Type box.
      From the drop-down menu, click on Manual
      Click the Apply tab, then click OK


    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
      Firefox
      Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 59 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware