Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Seach Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Seach Redirect

Unread postby jkoviak111 » February 15th, 2010, 11:27 pm

I'll try this again.

Hi, I'm having trouble with search redirects. I get good lists when searching, but when I follow the links I'm redirected to random sites such as Info.com or webfetti. I've had Bit Defender block a few trojans and thought I was ok. In my search about these redirects I was led to trying Malware bytes, which found several infected files but I haven't had any improvment. I read the info about p2p and have remove limewire. I suppose that about covers it. I look forward to solving my problems and want to thank you in advance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:15 PM, on 2/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
h:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
H:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
F:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
H:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {969F6D55-0B76-4956-8F31-2A995769E43C} - C:\Program Files\Causes\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FCTBPos00Pos - {AAAC503B-6F0F-4F48-8055-289B8A5EF5C0} - C:\Program Files\Causes\Toolbar.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Causes - {5D51B4F2-CC28-4488-9AB3-BE7E40EB3293} - C:\Program Files\Causes\Toolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ThreatFire] h:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; msn OptimizedIE8;ENUS)" -"http://www.myhuntinggames.com/bear-hunting-games.html"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe
O4 - HKUS\S-1-5-21-259937745-2445984491-3771350425-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Sharie_2')
O4 - HKUS\S-1-5-21-259937745-2445984491-3771350425-1008\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Sharie_2')
O4 - HKUS\S-1-5-21-259937745-2445984491-3771350425-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Sharie_2')
O4 - HKUS\S-1-5-21-259937745-2445984491-3771350425-1008\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; msn OptimizedIE8;ENUS)" -"http://www.funhorsegames.net/game/53/Pine-HollowStables.html" (User 'Sharie_2')
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.4.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/tes ... eGames.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.34.14/ttinst.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ThreatFire - PC Tools - h:\Program Files\ThreatFire\TFService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O24 - Desktop Component 0: (no name) - http://c1.neweggimages.com/WebResource/ ... 7.03.07.js

--
End of file - 11697 bytes


Uninstall list

"The Enchanted Unicorn"
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
APC PowerChute Personal Edition
Babysitter
Backyard Soccer MLS Edition
Barbie as The Island Princess
BitDefender Antivirus 2008
BitDefender Antivirus 2009
Bonjour
Causes
CCScore
Command & Conquer Generals
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
Disney Pirates of the Caribbean Online
Disney Princess - Enchanted Journey
Disney's Toontown Online
Dora Backpack
Dora Lost City
Dora the Explorer: Animal Adventures
Duck Hunter Pro
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
Fashion Craze
Finding Doggy
Game Booster
Google Toolbar for Internet Explorer
H&R Block Tax Offer
HijackThis 2.0.2
HLPPDOCK
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Imaging Device Functions 9.0
HP Photosmart Cameras 9.0
HP Photosmart Essential 2.01
HP Product Detection
HP Solution Center 9.0
HP Update
Hunting Unlimited 2010
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
InterActual Player
Internet Explorer Default Page
Jasc Paint Shop Pro Studio, Dell Editon
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 3
Java(TM) 6 Update 7
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kidz Cam Photo Editing Software
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Publishing Wizard 1.52
Modem Event Monitor
Modem Helper
Modem On Hold
MSN Money Investment Toolbox
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
My Way Search Assistant
Notifier
NVIDIA Drivers
OfotoXMI
OpenOffice.org Installer 1.0
Oregon Trail(R) 5
OTtBP
OTtBPSDK
PokerStars
PowerDVD 5.3
Prevx
PrintMaster 12
Qualxserve Service Agreement
QuickTime
Reader Rabbit Math Ages 4-6
Reader Rabbit Reading Ages 4-6
RealPlayer
Registry Mechanic 8.0
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SFR
SHASTA
Sid Meier's Civilization 4
SimCity 4 Deluxe
SKIN0001
SKINXSDK
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
staticcr
StreamTorrent 1.0
System Requirements Lab
ThreatFire
Uninstall Dual Mode Camera
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Virtual Earth 3D (Beta)
VPRINTOL
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Service Pack 3
WIRELESS
WordPerfect Office 12
World of Warcraft
Xfire (remove only)
Your Pet Obedience School
Zuma Deluxe 1.0
jkoviak111
Active Member
 
Posts: 10
Joined: February 14th, 2010, 3:33 pm
Advertisement
Register to Remove

Re: Seach Redirect

Unread postby muppy03 » February 20th, 2010, 12:58 am

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Make sure that all browser windows are closed.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    (If you use FireFox or the Opera browser,To keep saved passwords, click No at the prompt.)
    Click Exit on the Main menu to close the program.


NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

GMER Rootkit Scanner
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Please reply with:-
  • RSIT logs ( info.txt and log.txt)
  • GMER Log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Seach Redirect

Unread postby jkoviak111 » February 21st, 2010, 1:32 am

OK, thank you again for your help.

I've had some issues. I ran RSIT as instructed first. It created two logs at the time, however when I ran GMER my computer locked up and I lost those files. I spent a lot of time trying to get the GMER log. My computer froze several times and I got blue screen a couple of times. Finally when I did get the log saved I got blue sceen again. I think I got the log you requested though. I'm only get one log from RSIT now and it is posted below. I hope this will do...................

When I added the GMER log I was over 1.2 million characters. So here is the RSIT. Let me know what you'd like me to do.



Logfile of random's system information tool 1.06 (written by random/random)
Run by Sharie at 2010-02-20 21:29:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (11%) free of 35 GB
Total RAM: 2046 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:56 PM, on 2/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
h:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\Sharie\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Sharie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {969F6D55-0B76-4956-8F31-2A995769E43C} - C:\Program Files\Causes\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FCTBPos00Pos - {AAAC503B-6F0F-4F48-8055-289B8A5EF5C0} - C:\Program Files\Causes\Toolbar.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Causes - {5D51B4F2-CC28-4488-9AB3-BE7E40EB3293} - C:\Program Files\Causes\Toolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; msn OptimizedIE8;ENUS)" -"http://www.myhuntinggames.com/bear-hunting-games.html"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/tes ... eGames.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.34.14/ttinst.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ThreatFire - PC Tools - h:\Program Files\ThreatFire\TFService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O24 - Desktop Component 0: (no name) - http://c1.neweggimages.com/WebResource/ ... 7.03.07.js

--
End of file - 9685 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DBRRJT61-Matt).job
C:\WINDOWS\tasks\User_Feed_Synchronization-{6A21BE33-9984-4500-B7D5-2AAF066A6412}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-10-04 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-12 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-08-07 138608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAC503B-6F0F-4F48-8055-289B8A5EF5C0}]
Freecause Toolbar BHO - C:\Program Files\Causes\Toolbar.dll [2009-07-24 1338368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll [2009-08-09 502624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-17 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-03-24 95536]
{5D51B4F2-CC28-4488-9AB3-BE7E40EB3293} - Causes - C:\Program Files\Causes\Toolbar.dll [2009-07-24 1338368]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll [2009-08-09 502624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-02-23 69632]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-11-12 782336]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
g:\Program Files\IObit\Advanced SystemCare 3\AWC.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe [2004-07-19 306688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-12 122939]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-10-12 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [2006-01-17 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2006-01-17 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\mswinext.exe [2009-08-09 239456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2009-10-04 214536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files\Registry Mechanic\RegMech.exe [2009-09-11 2836440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
h:\Program Files\ThreatFire\TFTray.exe [2010-01-14 378128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-10-04 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-06 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
C:\PROGRA~1\APC\APCPOW~1\Display.exe [2004-07-21 221295]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe [2002-02-11 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor Ver.4.lnk]
F:\PROGRA~1\PIXELA\IMAGEM~1.4\TRANSF~1\CAMERA~1.EXE [2008-09-18 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sharie^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
G:\PROGRA~1\LimeWire\LimeWire.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sharie^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sharie_2^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOWS\syste

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"G:\World of Warcraft\WoW-2.4.0-enUS-downloader.exe"="G:\World of Warcraft\WoW-2.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"G:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="G:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"G:\Program Files\EA Games\Command and Conquer Generals\patchget.dat"="G:\Program Files\EA Games\Command and Conquer Generals\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\Causes\TroubleShooter.exe"="C:\Program Files\Causes\TroubleShooter.exe:*:Enabled:Causes (Helper)"
"C:\Program Files\Causes\ToolbarUpdate.exe"="C:\Program Files\Causes\ToolbarUpdate.exe:*:Enabled:Causes (Update)"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe"="C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player"
"G:\Program Files\LimeWire\LimeWire.exe"="G:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"G:\Program Files\StreamTorrent 1.0\StreamTorrent.exe"="G:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player"
"F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-20 07:28:51 ----D---- C:\rsit
2010-02-17 19:12:07 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-02-17 19:11:38 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-17 19:11:38 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-17 19:11:38 ----A---- C:\WINDOWS\system32\java.exe
2010-02-17 19:11:38 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-02-14 11:05:27 ----D---- C:\Program Files\Trend Micro
2010-02-14 10:26:05 ----A---- C:\WINDOWS\system32\PxSecure.dll
2010-02-14 10:26:00 ----D---- C:\Program Files\Prevx
2010-02-14 10:25:07 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2010-02-11 21:20:49 ----ASH---- C:\BOOT.BAK
2010-02-11 21:20:19 ----RSHD---- C:\cmdcons
2010-02-11 21:20:19 ----A---- C:\WINDOWS\UPGRADE.TXT
2010-02-11 21:20:17 ----D---- C:\WINDOWS\setup.pss
2010-02-11 21:19:57 ----D---- C:\WINDOWS\setupupd
2010-02-10 21:30:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 21:29:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 21:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 21:26:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 21:25:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 21:25:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 21:25:15 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 21:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 21:22:56 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2010-02-10 21:22:56 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2010-02-10 21:22:55 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-10 21:11:30 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2010-02-09 18:10:25 ----D---- C:\Documents and Settings\Sharie\Application Data\Uniblue
2010-02-08 21:35:00 ----D---- C:\Program Files\Common Files\PC Tools
2010-02-08 20:08:59 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2010-02-08 19:06:51 ----D---- C:\Documents and Settings\Sharie\Application Data\ZoomBrowser EX
2010-02-08 18:50:25 ----D---- C:\Program Files\Common Files\Canon

======List of files/folders modified in the last 1 months======

2010-02-20 21:08:44 ----D---- C:\WINDOWS\Temp
2010-02-20 21:07:52 ----D---- C:\WINDOWS\Prefetch
2010-02-20 21:04:28 ----D---- C:\WINDOWS\SYSTEM32
2010-02-20 20:58:26 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem #2.txt
2010-02-20 15:44:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-20 15:44:45 ----RASH---- C:\boot.ini
2010-02-20 15:44:45 ----A---- C:\WINDOWS\WIN.INI
2010-02-20 15:44:45 ----A---- C:\WINDOWS\SYSTEM.INI
2010-02-20 15:35:27 ----D---- C:\WINDOWS\pss
2010-02-19 17:54:28 ----A---- C:\WINDOWS\bdagent.INI
2010-02-18 22:13:26 ----D---- C:\WINDOWS\system32\FxsTmp
2010-02-18 21:48:30 ----D---- C:\WINDOWS
2010-02-17 19:51:00 ----D---- C:\WINDOWS\system32\DRIVERS
2010-02-17 19:16:35 ----SHD---- C:\WINDOWS\Installer
2010-02-17 19:16:34 ----HD---- C:\Config.Msi
2010-02-17 19:12:02 ----D---- C:\Program Files\Common Files\Java
2010-02-17 19:11:00 ----D---- C:\Program Files\Java
2010-02-17 18:44:36 ----D---- C:\Documents and Settings\Sharie\Application Data\Mozilla
2010-02-17 18:44:02 ----D---- C:\Program Files\Mozilla Firefox
2010-02-17 17:22:53 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-16 09:35:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-15 20:07:27 ----RD---- C:\Program Files
2010-02-15 20:04:37 ----D---- C:\Program Files\Kodak
2010-02-14 20:02:34 ----SD---- C:\Documents and Settings\Sharie\Application Data\Microsoft
2010-02-14 10:25:50 ----A---- C:\WINDOWS\wininit.ini
2010-02-14 08:43:49 ----D---- C:\Program Files\Google
2010-02-14 08:19:57 ----HD---- C:\WINDOWS\INF
2010-02-12 03:01:34 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-11 20:47:19 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-02-11 19:32:59 ----D---- C:\Program Files\Common Files
2010-02-11 19:25:50 ----D---- C:\Program Files\Hunting Unlimited
2010-02-11 19:20:11 ----D---- C:\WINDOWS\network diagnostic
2010-02-11 19:17:38 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-11 19:10:58 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-10 21:30:40 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 21:30:02 ----A---- C:\WINDOWS\imsins.BAK
2010-02-09 18:39:51 ----A---- C:\WINDOWS\CRC.INI
2010-02-09 04:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-02-09 04:31:50 ----SD---- C:\WINDOWS\Tasks
2010-02-08 22:04:42 ----D---- C:\WINDOWS\system32\CONFIG
2010-02-08 22:04:18 ----D---- C:\WINDOWS\system32\WBEM
2010-02-08 22:04:17 ----D---- C:\WINDOWS\Registration
2010-02-08 21:42:18 ----D---- C:\Program Files\Registry Mechanic
2010-02-01 11:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-23 03:20:02 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-23 03:02:47 ----D---- C:\Program Files\Internet Explorer
2010-01-23 03:02:33 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 pxrts;pxrts; C:\WINDOWS\System32\drivers\pxrts.sys [2010-02-14 47664]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-12 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-12 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-12 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-12 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-12 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-12 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-12 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-12 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-12 100603]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-12-10 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-01-18 53248]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-01-18 11904]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 pxkbf;pxkbf; C:\WINDOWS\System32\drivers\pxkbf.sys [2010-02-14 24368]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-29 260096]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-11-17 68954]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2004-07-21 176241]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2010-02-14 6297008]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-17 153376]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-10-07 413696]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-08-07 242048]
R2 ThreatFire;ThreatFire; h:\Program Files\ThreatFire\TFService.exe [2010-01-14 70928]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-11-12 1638240]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 xaxnynxlvyis;xaxnynxlvyis; C:\WINDOWS\system32\drivers\xaxnynxlvyis.sys [2010-02-10 8576]
S3 xsqjbivrbiuh;xsqjbivrbiuh; C:\WINDOWS\system32\drivers\xsqjbivrbiuh.sys [2010-02-10 8576]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
jkoviak111
Active Member
 
Posts: 10
Joined: February 14th, 2010, 3:33 pm

Re: Seach Redirect

Unread postby muppy03 » February 21st, 2010, 3:58 am

Sorry you had such a time of it. Hopefully the next scan won’t be so painful. Make sure you disable all Antivirus or Antispyware applications before running.

Please update me on problems and issues after doing the following.

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please reply with:-
  • Combofix log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Seach Redirect

Unread postby jkoviak111 » February 21st, 2010, 2:00 pm

Sorry, I can't get combofix to run. It started once and then closed saying something about access being denied. At that point it dissappeared from my desktop. Now when I run it it says Error "Some files could not be created. Please close all applications, reboot windows and restart this installation." I've tried that with no luck.
jkoviak111
Active Member
 
Posts: 10
Joined: February 14th, 2010, 3:33 pm

Re: Seach Redirect

Unread postby muppy03 » February 21st, 2010, 4:58 pm

Please temporarily uninstall Spybot - Search & Destroy, until the computer is clean.


TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Next extract (unzip) its contents to your Desktop.
  • Next double-click the TDSSKiller Folder on your desktop.
  • Next right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.<---Important
  • Next Highlight and copy all the text (including the quote marks) in the codebox below.
    Code: Select all
    "%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted.
  • After reboot, the driver will delete malicious registry keys and files as well as remove itself from the services list.
  • When finished a log file should be created on your desktop named tdsskiller.txt
  • Copy the contents of the log & post in your next reply.

If the above runs ok delete Combofix from your desktop and re- download and run using the directions given earlier. Make sure all antivirus and antispyware applications are disabled before running.

Please reply with:-
  • TDSSkiller text
  • Combofix log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Seach Redirect

Unread postby jkoviak111 » February 21st, 2010, 7:12 pm

I don't think S&D completely uninstalled. It told me a uninstall file was missing and recommended a new copy. Not sure what to do there.

I get this error when trying to delete Combo fix from my desktop:
Error "Cannot delete Combofix:access is denied. Make sure that disk is not full or write-protected and that File is not currently in use."


I saved it to another user desktop and get the following when I attempt to run.
Error "Some files could not be created. Please close all applications, reboot windows and restart this installation."

I think I have everything turned off---Spyware...anti-virus.

Here are the other 2 logs:

14:05:56:140 4788 TDSS rootkit removing tool 2.2.4 Feb 15 2010 19:38:31
14:05:56:140 4788 ================================================================================
14:05:56:140 4788 SystemInfo:

14:05:56:140 4788 OS Version: 5.1.2600 ServicePack: 3.0
14:05:56:140 4788 Product type: Workstation
14:05:56:140 4788 ComputerName: DBRRJT61
14:05:56:140 4788 UserName: Sharie
14:05:56:140 4788 Windows directory: C:\WINDOWS
14:05:56:140 4788 Processor architecture: Intel x86
14:05:56:140 4788 Number of processors: 2
14:05:56:140 4788 Page size: 0x1000
14:05:56:250 4788 Boot type: Normal boot
14:05:56:250 4788 ================================================================================
14:05:56:265 4788 UnloadDriverW: NtUnloadDriver error 2
14:05:56:265 4788 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
14:05:56:265 4788 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
14:05:59:609 4788 UtilityInit: KLMD drop and load success
14:05:59:609 4788 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
14:05:59:609 4788 UtilityInit: KLMD open success
14:05:59:609 4788 UtilityInit: Initialize success
14:05:59:609 4788
14:05:59:609 4788 Scanning Services ...
14:05:59:609 4788 CreateRegParser: Registry parser init started
14:05:59:609 4788 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
14:05:59:609 4788 CreateRegParser: DisableWow64Redirection error
14:05:59:609 4788 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
14:05:59:609 4788 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
14:05:59:609 4788 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:05:59:609 4788 wfopen_ex: Trying to KLMD file open
14:05:59:609 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
14:05:59:609 4788 wfopen_ex: File opened ok (Flags 2)
14:05:59:609 4788 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 1174978
14:05:59:609 4788 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
14:05:59:609 4788 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
14:05:59:609 4788 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:05:59:609 4788 wfopen_ex: Trying to KLMD file open
14:05:59:609 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
14:05:59:609 4788 wfopen_ex: File opened ok (Flags 2)
14:05:59:609 4788 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 1174A20
14:05:59:609 4788 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
14:05:59:609 4788 CreateRegParser: EnableWow64Redirection error
14:05:59:609 4788 CreateRegParser: RegParser init completed
14:06:00:000 4788 GetAdvancedServicesInfo: Raw services enum returned 376 services
14:06:00:000 4788 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
14:06:00:000 4788 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
14:06:00:000 4788
14:06:00:000 4788 Scanning Kernel memory ...
14:06:00:000 4788 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
14:06:00:000 4788 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8A88B238
14:06:00:000 4788 DetectCureTDL3: KLMD_GetDeviceObjectList returned 10 DevObjects
14:06:00:000 4788
14:06:00:000 4788 DetectCureTDL3: DEVICE_OBJECT: 8A39B208
14:06:00:000 4788 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A39B208
14:06:00:000 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A39B208[0x38]
14:06:00:000 4788 DetectCureTDL3: DRIVER_OBJECT: 8A88B238
14:06:00:000 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A88B238[0xA8]
14:06:00:000 4788 KLMD_ReadMem: Trying to ReadMemory 0xE100B9E0[0x18]
14:06:00:000 4788 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_CREATE : F76BDBB0
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F9739
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_CLOSE : F76BDBB0
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_READ : F76B7D1F
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_WRITE : F76B7D1F
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F9739
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F9739
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F9739
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_SET_EA : 804F9739
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F76B82E2
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9739
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F9739
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F9739
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F9739
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F76B83BB
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F76BBF28
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_SHUTDOWN : F76B82E2
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F9739
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_CLEANUP : 804F9739
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F9739
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F9739
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F9739
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_POWER : F76B9C82
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F76BE99E
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F9739
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F9739
14:06:00:000 4788 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F9739
14:06:00:000 4788 TDL3_FileDetect: Processing driver: Disk
14:06:00:000 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:000 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:015 4788 TDL3_FileDetect: Processing driver: Disk
14:06:00:015 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:015 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:015 4788 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:06:00:015 4788
14:06:00:015 4788 DetectCureTDL3: DEVICE_OBJECT: 8A3ED030
14:06:00:015 4788 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A3ED030
14:06:00:015 4788 DetectCureTDL3: DEVICE_OBJECT: 89A1C5A8
14:06:00:015 4788 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89A1C5A8
14:06:00:015 4788 DetectCureTDL3: DEVICE_OBJECT: 8A328798
14:06:00:015 4788 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A328798
14:06:00:015 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A328798[0x38]
14:06:00:015 4788 DetectCureTDL3: DRIVER_OBJECT: 898CC958
14:06:00:015 4788 KLMD_ReadMem: Trying to ReadMemory 0x898CC958[0xA8]
14:06:00:015 4788 KLMD_ReadMem: Trying to ReadMemory 0xE1D97108[0x1E]
14:06:00:015 4788 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_CREATE : BA6CD218
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_CLOSE : BA6CD218
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_READ : BA6CD23C
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_WRITE : BA6CD23C
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_SET_EA : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : BA6CD180
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : BA6C89E6
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_CLEANUP : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_POWER : BA6CC5F0
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : BA6CAA6E
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F9739
14:06:00:015 4788 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F9739
14:06:00:015 4788 TDL3_FileDetect: Processing driver: USBSTOR
14:06:00:015 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:06:00:015 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:06:00:031 4788 KLMD_ReadMem: Trying to ReadMemory 0xBA6C9F26[0x400]
14:06:00:031 4788 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
14:06:00:031 4788 TDL3_FileDetect: Processing driver: USBSTOR
14:06:00:031 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:06:00:031 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:06:00:031 4788 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
14:06:00:031 4788
14:06:00:031 4788 DetectCureTDL3: DEVICE_OBJECT: 8A805C68
14:06:00:031 4788 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A805C68
14:06:00:031 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A805C68[0x38]
14:06:00:031 4788 DetectCureTDL3: DRIVER_OBJECT: 8A88B238
14:06:00:031 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A88B238[0xA8]
14:06:00:031 4788 KLMD_ReadMem: Trying to ReadMemory 0xE100B9E0[0x18]
14:06:00:031 4788 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_CREATE : F76BDBB0
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F9739
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_CLOSE : F76BDBB0
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_READ : F76B7D1F
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_WRITE : F76B7D1F
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F9739
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F9739
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F9739
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_SET_EA : 804F9739
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F76B82E2
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9739
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F9739
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F9739
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F9739
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F76B83BB
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F76BBF28
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_SHUTDOWN : F76B82E2
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F9739
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_CLEANUP : 804F9739
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F9739
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F9739
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F9739
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_POWER : F76B9C82
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F76BE99E
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F9739
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F9739
14:06:00:031 4788 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F9739
14:06:00:031 4788 TDL3_FileDetect: Processing driver: Disk
14:06:00:031 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:031 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:046 4788 TDL3_FileDetect: Processing driver: Disk
14:06:00:046 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:046 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:046 4788 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:06:00:046 4788
14:06:00:046 4788 DetectCureTDL3: DEVICE_OBJECT: 8A888C68
14:06:00:046 4788 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A888C68
14:06:00:046 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A888C68[0x38]
14:06:00:046 4788 DetectCureTDL3: DRIVER_OBJECT: 8A88B238
14:06:00:046 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A88B238[0xA8]
14:06:00:046 4788 KLMD_ReadMem: Trying to ReadMemory 0xE100B9E0[0x18]
14:06:00:046 4788 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_CREATE : F76BDBB0
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F9739
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_CLOSE : F76BDBB0
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_READ : F76B7D1F
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_WRITE : F76B7D1F
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F9739
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F9739
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F9739
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_SET_EA : 804F9739
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F76B82E2
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9739
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F9739
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F9739
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F9739
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F76B83BB
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F76BBF28
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_SHUTDOWN : F76B82E2
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F9739
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_CLEANUP : 804F9739
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F9739
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F9739
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F9739
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_POWER : F76B9C82
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F76BE99E
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F9739
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F9739
14:06:00:046 4788 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F9739
14:06:00:046 4788 TDL3_FileDetect: Processing driver: Disk
14:06:00:046 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:046 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:062 4788 TDL3_FileDetect: Processing driver: Disk
14:06:00:062 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:062 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:062 4788 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:06:00:062 4788
14:06:00:062 4788 DetectCureTDL3: DEVICE_OBJECT: 8A887C68
14:06:00:062 4788 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A887C68
14:06:00:062 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A887C68[0x38]
14:06:00:062 4788 DetectCureTDL3: DRIVER_OBJECT: 8A88B238
14:06:00:062 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A88B238[0xA8]
14:06:00:062 4788 KLMD_ReadMem: Trying to ReadMemory 0xE100B9E0[0x18]
14:06:00:062 4788 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_CREATE : F76BDBB0
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F9739
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_CLOSE : F76BDBB0
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_READ : F76B7D1F
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_WRITE : F76B7D1F
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F9739
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F9739
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F9739
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_SET_EA : 804F9739
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F76B82E2
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9739
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F9739
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F9739
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F9739
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F76B83BB
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F76BBF28
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_SHUTDOWN : F76B82E2
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F9739
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_CLEANUP : 804F9739
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F9739
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F9739
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F9739
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_POWER : F76B9C82
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F76BE99E
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F9739
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F9739
14:06:00:062 4788 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F9739
14:06:00:062 4788 TDL3_FileDetect: Processing driver: Disk
14:06:00:062 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:062 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:078 4788 TDL3_FileDetect: Processing driver: Disk
14:06:00:078 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:078 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:078 4788 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:06:00:078 4788
14:06:00:078 4788 DetectCureTDL3: DEVICE_OBJECT: 8A840030
14:06:00:078 4788 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A840030
14:06:00:078 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A840030[0x38]
14:06:00:078 4788 DetectCureTDL3: DRIVER_OBJECT: 8A88B238
14:06:00:078 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A88B238[0xA8]
14:06:00:078 4788 KLMD_ReadMem: Trying to ReadMemory 0xE100B9E0[0x18]
14:06:00:078 4788 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_CREATE : F76BDBB0
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F9739
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_CLOSE : F76BDBB0
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_READ : F76B7D1F
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_WRITE : F76B7D1F
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F9739
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F9739
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F9739
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_SET_EA : 804F9739
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F76B82E2
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9739
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F9739
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F9739
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F9739
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F76B83BB
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F76BBF28
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_SHUTDOWN : F76B82E2
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F9739
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_CLEANUP : 804F9739
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F9739
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F9739
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F9739
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_POWER : F76B9C82
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F76BE99E
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F9739
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F9739
14:06:00:078 4788 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F9739
14:06:00:078 4788 TDL3_FileDetect: Processing driver: Disk
14:06:00:078 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:078 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:093 4788 TDL3_FileDetect: Processing driver: Disk
14:06:00:093 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:093 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:093 4788 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:06:00:093 4788
14:06:00:093 4788 DetectCureTDL3: DEVICE_OBJECT: 8A805548
14:06:00:093 4788 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A805548
14:06:00:093 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A805548[0x38]
14:06:00:093 4788 DetectCureTDL3: DRIVER_OBJECT: 8A88B238
14:06:00:093 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A88B238[0xA8]
14:06:00:093 4788 KLMD_ReadMem: Trying to ReadMemory 0xE100B9E0[0x18]
14:06:00:093 4788 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_CREATE : F76BDBB0
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F9739
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_CLOSE : F76BDBB0
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_READ : F76B7D1F
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_WRITE : F76B7D1F
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F9739
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F9739
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F9739
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_SET_EA : 804F9739
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F76B82E2
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9739
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F9739
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F9739
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F9739
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F76B83BB
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F76BBF28
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_SHUTDOWN : F76B82E2
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F9739
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_CLEANUP : 804F9739
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F9739
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F9739
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F9739
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_POWER : F76B9C82
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F76BE99E
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F9739
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F9739
14:06:00:093 4788 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F9739
14:06:00:093 4788 TDL3_FileDetect: Processing driver: Disk
14:06:00:093 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:093 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:093 4788 TDL3_FileDetect: Processing driver: Disk
14:06:00:093 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:093 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:109 4788 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:06:00:109 4788
14:06:00:109 4788 DetectCureTDL3: DEVICE_OBJECT: 8A805030
14:06:00:109 4788 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A805030
14:06:00:109 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A805030[0x38]
14:06:00:109 4788 DetectCureTDL3: DRIVER_OBJECT: 8A88B238
14:06:00:109 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A88B238[0xA8]
14:06:00:109 4788 KLMD_ReadMem: Trying to ReadMemory 0xE100B9E0[0x18]
14:06:00:109 4788 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_CREATE : F76BDBB0
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F9739
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_CLOSE : F76BDBB0
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_READ : F76B7D1F
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_WRITE : F76B7D1F
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F9739
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F9739
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F9739
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_SET_EA : 804F9739
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F76B82E2
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F9739
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F9739
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F9739
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F9739
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F76B83BB
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F76BBF28
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_SHUTDOWN : F76B82E2
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F9739
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_CLEANUP : 804F9739
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F9739
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F9739
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F9739
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_POWER : F76B9C82
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F76BE99E
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F9739
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F9739
14:06:00:109 4788 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F9739
14:06:00:109 4788 TDL3_FileDetect: Processing driver: Disk
14:06:00:109 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:109 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:109 4788 TDL3_FileDetect: Processing driver: Disk
14:06:00:109 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:109 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
14:06:00:125 4788 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
14:06:00:125 4788
14:06:00:125 4788 DetectCureTDL3: DEVICE_OBJECT: 8A810030
14:06:00:125 4788 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A810030
14:06:00:125 4788 DetectCureTDL3: DEVICE_OBJECT: 8A823B00
14:06:00:125 4788 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A823B00
14:06:00:125 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A823B00[0x38]
14:06:00:125 4788 DetectCureTDL3: DRIVER_OBJECT: 8A8272C0
14:06:00:125 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A8272C0[0xA8]
14:06:00:125 4788 KLMD_ReadMem: Trying to ReadMemory 0xE18DC1B8[0x1A]
14:06:00:125 4788 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_CREATE : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_CLOSE : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_READ : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_WRITE : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_SET_INFORMATION : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_QUERY_EA : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_SET_EA : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_SHUTDOWN : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_CLEANUP : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_SET_SECURITY : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_POWER : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : F74B1B3A
14:06:00:125 4788 DetectCureTDL3: IRP_MJ_SET_QUOTA : F74B1B3A
14:06:00:125 4788 TDL3_FileDetect: Processing driver: atapi
14:06:00:125 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
14:06:00:125 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
14:06:00:140 4788 DetectCureTDL3: All IRP handlers pointed to one addr: F74B1B3A
14:06:00:140 4788 KLMD_ReadMem: Trying to ReadMemory 0xF74B1B3A[0x400]
14:06:00:140 4788 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr
14:06:00:140 4788 KLMD_ReadMem: Trying to ReadMemory 0xFFDF0308[0x4]
14:06:00:140 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A8240B4[0x4]
14:06:00:140 4788 TDL3_IrpHookDetect: New IrpHandler addr: 8A8828C8
14:06:00:140 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A8828C8[0x400]
14:06:00:140 4788 TDL3_IrpHookDetect: CheckParameters: 10, FFDF0308, 510, 134, 3, 120
14:06:00:140 4788 Driver "atapi" Irp handler infected by TDSS rootkit ... 14:06:00:140 4788 KLMD_WriteMem: Trying to WriteMemory 0x8A88294E[0xD]
14:06:00:140 4788 cured
14:06:00:140 4788 KLMD_ReadMem: Trying to ReadMemory 0xF74AF864[0x400]
14:06:00:140 4788 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
14:06:00:140 4788 TDL3_FileDetect: Processing driver: atapi
14:06:00:140 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
14:06:00:140 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
14:06:00:140 4788 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Infected
14:06:00:140 4788 File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 14:06:00:140 4788 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
14:06:00:140 4788 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
14:06:00:156 4788 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\I386\sp3.cab
14:06:00:312 4788 CabinetCallback: Backup candidate found: atapi.sys:96512, extracting..
14:06:00:375 4788 CabinetCallback: File extracted successfully: C:\DOCUME~1\Sharie\LOCALS~1\Temp\bck6.tmp
14:06:00:375 4788 ValidateDriverFile: Stage 1 passed
14:06:00:390 4788 ValidateDriverFile: Stage 2 passed
14:06:00:718 4788 DigitalSignVerifyByHandle: Embedded DS result: 800B0100
14:06:02:140 4788 DigitalSignVerifyByHandle: Cat DS result: 00000000
14:06:02:140 4788 ValidateDriverFile: Stage 3 passed
14:06:02:140 4788 CabinetCallback: File validated successfully, restore information prepared
14:06:02:140 4788 FindDriverFileBackup: Backup copy found in cab-file
14:06:02:140 4788 TDL3_FileCure: Backup copy found, using it..
14:06:02:140 4788 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\drivers\tsk7.tmp
14:06:02:171 4788 TDL3_FileCure: New / Old Image paths: (system32\drivers\tsk7.tmp, system32\drivers\atapi.sys)
14:06:02:171 4788 TDL3_FileCure: KLMD jobs schedule success
14:06:02:171 4788 will be cured on next reboot
14:06:02:171 4788
14:06:02:171 4788 DetectCureTDL3: DEVICE_OBJECT: 8A8080C0
14:06:02:171 4788 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A8080C0
14:06:02:171 4788 DetectCureTDL3: DEVICE_OBJECT: 8A811B00
14:06:02:171 4788 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A811B00
14:06:02:171 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A811B00[0x38]
14:06:02:171 4788 DetectCureTDL3: DRIVER_OBJECT: 8A8272C0
14:06:02:171 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A8272C0[0xA8]
14:06:02:171 4788 KLMD_ReadMem: Trying to ReadMemory 0xE18DC1B8[0x1A]
14:06:02:171 4788 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_CREATE : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_CLOSE : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_READ : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_WRITE : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_SET_INFORMATION : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_QUERY_EA : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_SET_EA : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_SHUTDOWN : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_CLEANUP : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_SET_SECURITY : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_POWER : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : F74B1B3A
14:06:02:171 4788 DetectCureTDL3: IRP_MJ_SET_QUOTA : F74B1B3A
14:06:02:171 4788 TDL3_FileDetect: Processing driver: atapi
14:06:02:171 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\tsk7.tmp
14:06:02:171 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\tsk7.tmp
14:06:02:187 4788 DetectCureTDL3: All IRP handlers pointed to one addr: F74B1B3A
14:06:02:187 4788 KLMD_ReadMem: Trying to ReadMemory 0xF74B1B3A[0x400]
14:06:02:187 4788 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr
14:06:02:187 4788 KLMD_ReadMem: Trying to ReadMemory 0xFFDF0308[0x4]
14:06:02:187 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A8240B4[0x4]
14:06:02:187 4788 TDL3_IrpHookDetect: New IrpHandler addr: 8A8828C8
14:06:02:187 4788 KLMD_ReadMem: Trying to ReadMemory 0x8A8828C8[0x400]
14:06:02:187 4788 TDL3_IrpHookDetect: TDL3 is already cured
14:06:02:187 4788 KLMD_ReadMem: Trying to ReadMemory 0xF74AF864[0x400]
14:06:02:187 4788 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
14:06:02:187 4788 TDL3_FileDetect: Processing driver: atapi
14:06:02:187 4788 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\tsk7.tmp
14:06:02:187 4788 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\tsk7.tmp
14:06:02:203 4788 TDL3_FileDetect: C:\WINDOWS\system32\drivers\tsk7.tmp - Verdict: Clean
14:06:02:203 4788 UtilityBootReinit: Reboot required for cure complete..
14:06:02:203 4788 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000
14:06:02:203 4788 UtilityBootReinit: KLMD drop success
14:06:02:203 4788 KLMD_ApplyPendList: Pending buffer(6ABF_6C45, 600) dropped successfully
14:06:02:203 4788 UtilityBootReinit: Cure on reboot scheduled successfully
14:06:02:203 4788
14:06:02:203 4788 Completed
14:06:02:203 4788
14:06:02:203 4788 Results:
14:06:02:203 4788 Memory objects infected / cured / cured on reboot: 1 / 1 / 0
14:06:02:203 4788 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:06:02:203 4788 File objects infected / cured / cured on reboot: 1 / 0 / 1
14:06:02:203 4788
14:06:02:203 4788 UnloadDriverW: NtUnloadDriver error 1
14:06:02:203 4788 KLMD_Unload: UnloadDriverW(klmd21) error 1
14:06:02:203 4788 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
14:06:02:203 4788 UtilityDeinit: KLMD(ARK) unloaded successfully




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:45 PM, on 2/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
h:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {969F6D55-0B76-4956-8F31-2A995769E43C} - C:\Program Files\Causes\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FCTBPos00Pos - {AAAC503B-6F0F-4F48-8055-289B8A5EF5C0} - C:\Program Files\Causes\Toolbar.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Causes - {5D51B4F2-CC28-4488-9AB3-BE7E40EB3293} - C:\Program Files\Causes\Toolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; msn OptimizedIE8;ENUS)" -"http://www.myhuntinggames.com/bear-hunting-games.html"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/tes ... eGames.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.34.14/ttinst.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ThreatFire - PC Tools - h:\Program Files\ThreatFire\TFService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O24 - Desktop Component 0: (no name) - http://c1.neweggimages.com/WebResource/ ... 7.03.07.js

--
End of file - 9669 bytes
jkoviak111
Active Member
 
Posts: 10
Joined: February 14th, 2010, 3:33 pm

Re: Seach Redirect

Unread postby muppy03 » February 22nd, 2010, 5:27 am

Ok time to change tactics :)

Please empty this Folder.

C:\RSIT

Then re run RSIT and post both logs it produces please.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Seach Redirect

Unread postby jkoviak111 » February 22nd, 2010, 12:44 pm

Ok, here you go. I should let you know that the tdsskiller scan seems to have corrected my search problems. I'm not getting redirected.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Sharie at 2010-02-22 08:21:11
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (10%) free of 35 GB
Total RAM: 2046 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:38 AM, on 2/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
h:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Sharie\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Sharie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {969F6D55-0B76-4956-8F31-2A995769E43C} - C:\Program Files\Causes\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FCTBPos00Pos - {AAAC503B-6F0F-4F48-8055-289B8A5EF5C0} - C:\Program Files\Causes\Toolbar.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Causes - {5D51B4F2-CC28-4488-9AB3-BE7E40EB3293} - C:\Program Files\Causes\Toolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; msn OptimizedIE8;ENUS)" -"http://www.myhuntinggames.com/bear-hunting-games.html"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/tes ... eGames.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.34.14/ttinst.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ThreatFire - PC Tools - h:\Program Files\ThreatFire\TFService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O24 - Desktop Component 0: (no name) - http://c1.neweggimages.com/WebResource/ ... 7.03.07.js

--
End of file - 9341 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DBRRJT61-Matt).job
C:\WINDOWS\tasks\User_Feed_Synchronization-{6A21BE33-9984-4500-B7D5-2AAF066A6412}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-10-04 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-12 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-08-07 138608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAC503B-6F0F-4F48-8055-289B8A5EF5C0}]
Freecause Toolbar BHO - C:\Program Files\Causes\Toolbar.dll [2009-07-24 1338368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar BHO - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll [2009-08-09 502624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-17 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-03-24 95536]
{5D51B4F2-CC28-4488-9AB3-BE7E40EB3293} - Causes - C:\Program Files\Causes\Toolbar.dll [2009-07-24 1338368]
{8dcb7100-df86-4384-8842-8fa844297b3f} - MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll [2009-08-09 502624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-02-23 69632]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-11-12 782336]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
g:\Program Files\IObit\Advanced SystemCare 3\AWC.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe [2004-07-19 306688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-12 122939]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-10-12 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-07-17 288080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [2006-01-17 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2006-01-17 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\mswinext.exe [2009-08-09 239456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe [2009-10-04 214536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files\Registry Mechanic\RegMech.exe [2009-09-11 2836440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
h:\Program Files\ThreatFire\TFTray.exe [2010-01-14 378128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-10-04 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-06 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
C:\PROGRA~1\APC\APCPOW~1\Display.exe [2004-07-21 221295]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
C:\PROGRA~1\BRODER~1\PRINTM~1\pmremind.exe [2002-02-11 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor Ver.4.lnk]
F:\PROGRA~1\PIXELA\IMAGEM~1.4\TRANSF~1\CAMERA~1.EXE [2008-09-18 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sharie^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
G:\PROGRA~1\LimeWire\LimeWire.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sharie^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sharie_2^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOWS\syste

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"G:\World of Warcraft\WoW-2.4.0-enUS-downloader.exe"="G:\World of Warcraft\WoW-2.4.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"G:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="G:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"G:\Program Files\EA Games\Command and Conquer Generals\patchget.dat"="G:\Program Files\EA Games\Command and Conquer Generals\patchget.dat:*:Enabled:patchgrabber"
"C:\Program Files\Causes\TroubleShooter.exe"="C:\Program Files\Causes\TroubleShooter.exe:*:Enabled:Causes (Helper)"
"C:\Program Files\Causes\ToolbarUpdate.exe"="C:\Program Files\Causes\ToolbarUpdate.exe:*:Enabled:Causes (Update)"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe"="C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player"
"G:\Program Files\LimeWire\LimeWire.exe"="G:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"G:\Program Files\StreamTorrent 1.0\StreamTorrent.exe"="G:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player"
"F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="F:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-21 14:55:41 ----D---- C:\32788R22FWJFW
2010-02-21 14:36:31 ----HD---- C:\WINDOWS\PIF
2010-02-21 14:33:19 ----A---- C:\TDSSKiller.2.2.4_21.02.2010_14.33.19_log.txt
2010-02-21 08:40:07 ----D---- C:\WINDOWS\ERDNT
2010-02-21 08:39:59 ----SD---- C:\ComboFix
2010-02-21 08:38:49 ----D---- C:\Qoobox
2010-02-20 07:28:51 ----D---- C:\rsit
2010-02-17 19:12:07 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-02-17 19:11:38 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-17 19:11:38 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-17 19:11:38 ----A---- C:\WINDOWS\system32\java.exe
2010-02-17 19:11:38 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-02-14 11:05:27 ----D---- C:\Program Files\Trend Micro
2010-02-14 10:26:05 ----A---- C:\WINDOWS\system32\PxSecure.dll
2010-02-14 10:26:05 ----A---- C:\WINDOWS\system32\PxSecure(2).dll
2010-02-14 10:26:00 ----D---- C:\Program Files\Prevx
2010-02-14 10:25:07 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2010-02-11 21:20:49 ----ASH---- C:\BOOT.BAK
2010-02-11 21:20:19 ----RSHD---- C:\cmdcons
2010-02-11 21:20:19 ----A---- C:\WINDOWS\UPGRADE.TXT
2010-02-11 21:20:17 ----D---- C:\WINDOWS\setup.pss
2010-02-11 21:19:57 ----D---- C:\WINDOWS\setupupd
2010-02-10 21:30:42 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 21:29:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 21:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 21:26:12 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 21:25:55 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 21:25:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 21:25:15 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 21:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 21:22:56 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2010-02-10 21:22:56 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2010-02-10 21:22:55 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-10 21:11:30 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2010-02-09 18:10:25 ----D---- C:\Documents and Settings\Sharie\Application Data\Uniblue
2010-02-08 21:35:00 ----D---- C:\Program Files\Common Files\PC Tools
2010-02-08 20:08:59 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2010-02-08 19:06:51 ----D---- C:\Documents and Settings\Sharie\Application Data\ZoomBrowser EX
2010-02-08 18:50:25 ----D---- C:\Program Files\Common Files\Canon

======List of files/folders modified in the last 1 months======

2010-02-22 08:21:22 ----D---- C:\WINDOWS\Prefetch
2010-02-22 08:15:30 ----D---- C:\WINDOWS\SYSTEM32
2010-02-22 08:15:29 ----D---- C:\WINDOWS\Temp
2010-02-22 08:09:41 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem #2.txt
2010-02-22 08:07:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-22 08:07:37 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-21 21:26:23 ----A---- C:\WINDOWS\bdagent.INI
2010-02-21 14:37:14 ----A---- C:\WINDOWS\SYSTEM.INI
2010-02-21 14:36:31 ----D---- C:\WINDOWS
2010-02-21 14:33:21 ----D---- C:\WINDOWS\system32\DRIVERS
2010-02-21 14:26:58 ----D---- C:\WINDOWS\system32\CONFIG
2010-02-21 14:26:17 ----D---- C:\WINDOWS\system32\WBEM
2010-02-21 14:26:16 ----D---- C:\WINDOWS\Registration
2010-02-21 14:25:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-21 14:25:53 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-20 15:44:45 ----RASH---- C:\boot.ini
2010-02-20 15:44:45 ----A---- C:\WINDOWS\WIN.INI
2010-02-20 15:35:27 ----D---- C:\WINDOWS\pss
2010-02-18 22:13:26 ----D---- C:\WINDOWS\system32\FxsTmp
2010-02-17 19:16:35 ----SHD---- C:\WINDOWS\Installer
2010-02-17 19:16:34 ----HD---- C:\Config.Msi
2010-02-17 19:12:02 ----D---- C:\Program Files\Common Files\Java
2010-02-17 19:11:00 ----D---- C:\Program Files\Java
2010-02-17 18:44:36 ----D---- C:\Documents and Settings\Sharie\Application Data\Mozilla
2010-02-17 18:44:02 ----D---- C:\Program Files\Mozilla Firefox
2010-02-15 20:07:27 ----RD---- C:\Program Files
2010-02-15 20:04:37 ----D---- C:\Program Files\Kodak
2010-02-14 20:02:34 ----SD---- C:\Documents and Settings\Sharie\Application Data\Microsoft
2010-02-14 10:25:50 ----A---- C:\WINDOWS\wininit.ini
2010-02-14 08:43:49 ----D---- C:\Program Files\Google
2010-02-14 08:19:57 ----HD---- C:\WINDOWS\INF
2010-02-12 03:01:34 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-11 20:47:19 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2010-02-11 19:32:59 ----D---- C:\Program Files\Common Files
2010-02-11 19:25:50 ----D---- C:\Program Files\Hunting Unlimited
2010-02-11 19:20:11 ----D---- C:\WINDOWS\network diagnostic
2010-02-11 19:17:38 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-11 19:10:58 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-10 21:30:40 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 21:30:02 ----A---- C:\WINDOWS\imsins.BAK
2010-02-09 18:39:51 ----A---- C:\WINDOWS\CRC.INI
2010-02-09 04:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-02-09 04:31:50 ----SD---- C:\WINDOWS\Tasks
2010-02-08 21:42:18 ----D---- C:\Program Files\Registry Mechanic
2010-02-01 11:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-23 03:20:02 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-23 03:02:47 ----D---- C:\Program Files\Internet Explorer
2010-01-23 03:02:33 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 pxrts;pxrts; C:\WINDOWS\System32\drivers\pxrts.sys [2010-02-14 47664]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-12 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-12 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-12 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-12 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-12 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-12 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-12 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-12 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-12 100603]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-12-10 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-01-18 53248]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-01-18 11904]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-15 61157]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 pxkbf;pxkbf; C:\WINDOWS\System32\drivers\pxkbf.sys [2010-02-14 24368]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-10-29 260096]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-11-17 68954]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2004-07-21 176241]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-17 153376]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-10-07 413696]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-08-07 242048]
R2 ThreatFire;ThreatFire; h:\Program Files\ThreatFire\TFService.exe [2010-01-14 70928]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-11-12 1638240]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 xaxnynxlvyis;xaxnynxlvyis; C:\WINDOWS\system32\drivers\xaxnynxlvyis.sys [2010-02-10 8576]
S3 xsqjbivrbiuh;xsqjbivrbiuh; C:\WINDOWS\system32\drivers\xsqjbivrbiuh.sys [2010-02-10 8576]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2010-02-22 08:21:46

======Uninstall list======

"The Enchanted Unicorn"-->g:\Program Files\Viva Media\The Enchanted Unicorn\uninst.exe
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
APC PowerChute Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
Babysitter-->"g:\Tivola\Babysitter\uninstall.exe"
Backyard Soccer MLS Edition-->C:\WINDOWS\IsUninst.exe -fC:\HEGames\SoccerMLS\Uninst.isu -c"C:\HEGames\SoccerMLS\Uninst.dll
Barbie as The Island Princess-->C:\Program Files\Activision\Barbie as The Island Princess\uninst.exe
BitDefender Antivirus 2008-->MsiExec.exe /I{4A56DAB1-2680-4B8A-AD84-77EECFB94D7B}
BitDefender Antivirus 2009-->MsiExec.exe /X{A1FA92EE-84A3-447D-A6C6-4514B5936DC2}
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Causes-->C:\Program Files\Causes\Uninst.exe
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Support 5.0.0 (630)-->rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
Disney Pirates of the Caribbean Online-->C:\Program Files\Disney\Disney Online\PiratesOnline\uninst.exe
Disney Princess - Enchanted Journey-->C:\Program Files\InstallShield Installation Information\{E375D72E-5343-4F73-986C-1B00C35F1DFC}\setup.exe -runfromtemp -l0x0009 Disney Princess - Enchanted Journey -removeonly
Disney's Toontown Online-->C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
Dora Backpack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D859D35F-E947-4F2A-8591-C76A4D116178}\setup.exe" -l0x9 -uninst
Dora Lost City-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{747C231B-062D-4586-8221-8E7870987D5B}\setup.exe" -l0x9 -uninst
Dora the Explorer: Animal Adventures-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A34CCD1C-7738-47B9-863D-8E0C478FB8F7}\setup.exe" -l0x9 -uninst
Duck Hunter Pro-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Head Games\Duck Hunter Pro\DeIsL3.isu" -cC:\PROGRA~1\HEADGA~1\DUCKHU~1\_ISREG32.DLL
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt-->MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
Fashion Craze-->C:\Program Files\Viva Media\FashionCraze\Uninstall.exe
Finding Doggy-->C:\Program Files\Viva Media\FindingDoggy\Uninstall.exe
Game Booster-->"g:\Program Files\IObit\Game Booster\unins000.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
H&R Block Tax Offer-->MsiExec.exe /X{901D1286-529B-48A9-8DDD-4A60CF9E9BF1}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Cameras 9.0-->C:\Program Files\HP\Digital Imaging\{99999999-9999-9999-9999-999999999999}\setup\hpzscr01.exe -datfile hpiscr06.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Hunting Unlimited 2010-->"g:\Program Files\Games Of The Month\Hunting Unlimited 2010\unins000.exe"
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kidz Cam Photo Editing Software -->C:\PROGRA~1\KIDZCA~1\Setup.exe /remove /q0
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140010_336a89\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware-->"g:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Default Manager-->MsiExec.exe /X{61BEA823-ECAF-49F1-8378-A59B3B8AD247}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Money Investment Toolbox-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MSN Toolbar Platform-->MsiExec.exe /I{547C4A03-8402-49E9-9E94-112929185B1E}
MSN Toolbar-->C:\Program Files\MSN Toolbar Installer\InstallManager.exe /UNINSTALL
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
My Way Search Assistant-->rundll32 C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll,O
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Oregon Trail(R) 5-->f:\program files\OregonTrail5\uninstall.exe
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK-->MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PowerDVD 5.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Prevx-->"C:\Program Files\Prevx\prevx.exe" /prop UNINSTALL=Y
PrintMaster 12-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A304FDE-F4E3-446D-AA0D-31425C897B71}\setup.exe" -l0x9 anything
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Reader Rabbit Math Ages 4-6-->C:\Program Files\The Learning Company\Reader Rabbit Math Ages 4-6\uninstal.exe
Reader Rabbit Reading Ages 4-6-->C:\Program Files\The Learning Company\Reader Rabbit Reading Ages 4-6\uninstal.exe
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Sid Meier's Civilization 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
SimCity 4 Deluxe-->H:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
SKIN0001-->MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
StreamTorrent 1.0-->"g:\Program Files\StreamTorrent 1.0\uninstall.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
ThreatFire-->"h:\Program Files\ThreatFire\unins000.exe"
Uninstall Dual Mode Camera-->"C:\Program Files\JL2005C\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Xfire (remove only)-->"G:\Program Files\Xfire\uninst.exe"
Your Pet Obedience School-->"g:\Program Files\Your Pet Obedience School\unins000.exe"
Zuma Deluxe 1.0-->C:\Program Files\PopCap Games\Zuma Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Zuma Deluxe\Install.log"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: BitDefender Antivirus

======System event log======

Computer Name: DBRRJT61
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 10811
Source Name: Service Control Manager
Time Written: 20100211190028.000000-480
Event Type: error
User:

Computer Name: DBRRJT61
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 10808
Source Name: Service Control Manager
Time Written: 20100211190028.000000-480
Event Type: error
User:

Computer Name: DBRRJT61
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 10805
Source Name: Service Control Manager
Time Written: 20100211190028.000000-480
Event Type: error
User:

Computer Name: DBRRJT61
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 10802
Source Name: Service Control Manager
Time Written: 20100211190028.000000-480
Event Type: error
User:

Computer Name: DBRRJT61
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 10799
Source Name: Service Control Manager
Time Written: 20100211190028.000000-480
Event Type: error
User:

=====Application event log=====

Computer Name: DBRRJT61
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16674, faulting module flash9f.ocx, version 9.0.124.0, fault address 0x0003da6b.

Record Number: 507
Source Name: Application Error
Time Written: 20080703192620.000000-420
Event Type: error
User:

Computer Name: DBRRJT61
Event Code: 1517
Message: Windows saved user DBRRJT61\Sharie_2 registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 487
Source Name: Userenv
Time Written: 20080701191659.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DBRRJT61
Event Code: 11904
Message: Product: SolutionCenter -- Error 1904. Module C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx failed to register. HRESULT -2147220473. Contact your support personnel.

Record Number: 465
Source Name: MsiInstaller
Time Written: 20080630192856.000000-420
Event Type: error
User: DBRRJT61\Sharie_2

Computer Name: DBRRJT61
Event Code: 1001
Message: Fault bucket 767637487.

Record Number: 452
Source Name: Application Hang
Time Written: 20080630072332.000000-420
Event Type: error
User:

Computer Name: DBRRJT61
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 451
Source Name: Application Hang
Time Written: 20080630072328.000000-420
Event Type: error
User:

=====Security event log=====

Computer Name: DBRRJT61
Event Code: 528
Message: Successful Logon:

User Name: Sharie

Domain: DBRRJT61

Logon ID: (0x0,0x10F6F3CF)

Logon Type: 2

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name: DBRRJT61

Logon GUID: -

Record Number: 57314
Source Name: Security
Time Written: 20100218171545.000000-480
Event Type: audit success
User: DBRRJT61\Sharie

Computer Name: DBRRJT61
Event Code: 680
Message: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Logon account: Sharie

Source Workstation: DBRRJT61

Error Code: 0x0


Record Number: 57313
Source Name: Security
Time Written: 20100218171545.000000-480
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: DBRRJT61
Event Code: 529
Message: Logon Failure:

Reason: Unknown user name or bad password

User Name: Sharie

Domain: DBRRJT61

Logon Type: 2

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name: DBRRJT61

Record Number: 57312
Source Name: Security
Time Written: 20100218171543.000000-480
Event Type: audit failure
User: NT AUTHORITY\SYSTEM

Computer Name: DBRRJT61
Event Code: 680
Message: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Logon account: Sharie

Source Workstation: DBRRJT61

Error Code: 0xC000006A


Record Number: 57311
Source Name: Security
Time Written: 20100218171543.000000-480
Event Type: audit failure
User: NT AUTHORITY\SYSTEM

Computer Name: DBRRJT61
Event Code: 576
Message: Special privileges assigned to new logon:

User Name: NETWORK SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E4)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeChangeNotifyPrivilege

Record Number: 57310
Source Name: Security
Time Written: 20100218165017.000000-480
Event Type: audit success
User: NT AUTHORITY\NETWORK SERVICE

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;C:\WINDOWS\system32;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------
jkoviak111
Active Member
 
Posts: 10
Joined: February 14th, 2010, 3:33 pm

Re: Seach Redirect

Unread postby muppy03 » February 22nd, 2010, 5:19 pm

I would like you to try and remove Combofix from your desktop again, I gather the machine has been restarted since your last attempt. If not reboot computer first.

Please re-down load but this time You must rename it before saving it... Rename it: HITMAN.EXE and Save it to your desktop.. If all goes well run the renamed version as per the earlier directions again making sure antivirus and antispyware are disabled.


Please reply with:-
  • Combofix log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Seach Redirect

Unread postby jkoviak111 » February 22nd, 2010, 8:19 pm

Ok, success. I had to run in safe mode. It's the only way I can access Administrator account. I guess that's what it took.


omboFix 10-02-21.02 - Administrator 02/22/2010 15:54:32.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1764 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\_002938_.tmp.dll
c:\windows\system32\_002939_.tmp.dll
c:\windows\system32\_002940_.tmp.dll
c:\windows\system32\_002941_.tmp.dll
c:\windows\system32\_002948_.tmp.dll
c:\windows\system32\_002949_.tmp.dll
c:\windows\system32\_002950_.tmp.dll
c:\windows\system32\_002951_.tmp.dll
c:\windows\system32\_002953_.tmp.dll
c:\windows\system32\_002954_.tmp.dll
c:\windows\system32\_002957_.tmp.dll
c:\windows\system32\_002958_.tmp.dll
c:\windows\system32\_002960_.tmp.dll
c:\windows\system32\_002961_.tmp.dll
c:\windows\system32\_002962_.tmp.dll
c:\windows\system32\_002964_.tmp.dll
c:\windows\system32\_002967_.tmp.dll
c:\windows\system32\_002968_.tmp.dll
c:\windows\system32\_002972_.tmp.dll
c:\windows\system32\_002973_.tmp.dll
c:\windows\system32\_002975_.tmp.dll
c:\windows\system32\_002978_.tmp.dll
c:\windows\system32\_002980_.tmp.dll
c:\windows\system32\_002981_.tmp.dll
c:\windows\system32\_002982_.tmp.dll
c:\windows\system32\_002983_.tmp.dll
c:\windows\system32\_002984_.tmp.dll
c:\windows\system32\_002987_.tmp.dll
c:\windows\system32\_002988_.tmp.dll
c:\windows\system32\_002989_.tmp.dll
c:\windows\system32\_002990_.tmp.dll
c:\windows\system32\_002991_.tmp.dll
c:\windows\system32\_002996_.tmp.dll
c:\windows\system32\_002998_.tmp.dll
c:\windows\system32\drivers\xaxnynxlvyis.sys
c:\windows\system32\drivers\xsqjbivrbiuh.sys
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_xaxnynxlvyis
-------\Legacy_xsqjbivrbiuh
-------\Service_xaxnynxlvyis
-------\Service_xsqjbivrbiuh


((((((((((((((((((((((((( Files Created from 2010-01-23 to 2010-02-23 )))))))))))))))))))))))))))))))
.

2010-02-22 23:33 . 2010-02-22 23:33 109528 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-22 23:32 . 2010-02-22 23:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2010-02-22 23:21 . 2010-02-22 23:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-21 22:36 . 2010-02-21 22:36 -------- d--h--w- c:\windows\PIF
2010-02-21 22:26 . 2010-02-21 22:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-20 16:27 . 2010-02-20 16:27 503808 ----a-w- c:\documents and settings\Sharie_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16fd6ca0-n\msvcp71.dll
2010-02-20 16:27 . 2010-02-20 16:27 348160 ----a-w- c:\documents and settings\Sharie_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16fd6ca0-n\msvcr71.dll
2010-02-20 16:27 . 2010-02-20 16:27 499712 ----a-w- c:\documents and settings\Sharie_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16fd6ca0-n\jmc.dll
2010-02-20 16:27 . 2010-02-20 16:27 61440 ----a-w- c:\documents and settings\Sharie_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-313c5f7a-n\decora-sse.dll
2010-02-20 16:27 . 2010-02-20 16:27 12800 ----a-w- c:\documents and settings\Sharie_2\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-313c5f7a-n\decora-d3d.dll
2010-02-20 15:43 . 2010-02-20 15:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-20 15:28 . 2010-02-22 16:21 -------- d-----w- C:\rsit
2010-02-18 03:12 . 2010-02-18 03:12 503808 ----a-w- c:\documents and settings\Sharie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-516e0d39-n\msvcp71.dll
2010-02-18 03:12 . 2010-02-18 03:12 348160 ----a-w- c:\documents and settings\Sharie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-516e0d39-n\msvcr71.dll
2010-02-18 03:12 . 2010-02-18 03:12 499712 ----a-w- c:\documents and settings\Sharie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-516e0d39-n\jmc.dll
2010-02-18 03:12 . 2010-02-18 03:12 61440 ----a-w- c:\documents and settings\Sharie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1dbaab05-n\decora-sse.dll
2010-02-18 03:12 . 2010-02-18 03:12 12800 ----a-w- c:\documents and settings\Sharie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1dbaab05-n\decora-d3d.dll
2010-02-18 03:11 . 2010-02-18 03:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-18 02:44 . 2010-02-18 02:44 -------- d-----w- c:\documents and settings\Sharie\Local Settings\Application Data\Mozilla
2010-02-14 19:05 . 2010-02-14 19:05 -------- d-----w- c:\program files\Trend Micro
2010-02-14 18:26 . 2010-02-21 17:00 55184 ----a-w- c:\windows\system32\PxSecure(2).dll
2010-02-14 18:26 . 2010-02-14 18:26 55184 ----a-w- c:\windows\system32\PxSecure.dll
2010-02-14 18:26 . 2010-02-14 18:26 47664 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-02-14 18:26 . 2010-02-14 18:26 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-02-14 18:26 . 2010-02-14 18:26 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-02-14 18:26 . 2010-02-14 18:26 -------- d-----w- c:\program files\Prevx
2010-02-14 18:25 . 2010-02-22 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-02-11 05:22 . 2009-08-05 03:44 2189184 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-11 05:22 . 2009-08-04 15:13 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-11 05:22 . 2009-08-04 15:13 2145280 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-11 05:22 . 2009-08-04 14:20 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-11 05:22 . 2009-08-04 14:20 2023936 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-11 05:22 . 2009-08-04 14:20 2066048 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-11 05:11 . 2010-01-15 00:08 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2010-02-11 05:11 . 2010-01-15 00:08 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2010-02-11 05:11 . 2010-01-15 00:08 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2010-02-11 05:11 . 2010-02-11 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-02-11 04:52 . 2010-02-11 04:52 -------- d-----w- c:\documents and settings\Sharie\Local Settings\Application Data\WMTools Downloaded Files
2010-02-11 03:56 . 2010-02-11 03:56 -------- d-----w- c:\documents and settings\Sharie\Pavark
2010-02-11 02:33 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-11 02:33 . 2001-08-18 06:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-11 02:33 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-02-11 02:33 . 2001-08-18 06:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-02-11 02:33 . 2001-08-18 06:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-02-11 02:33 . 2001-08-18 06:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-02-11 02:33 . 2001-08-17 20:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-02-11 02:33 . 2004-08-04 05:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-02-11 02:33 . 2004-08-04 05:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-02-11 02:33 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2010-02-11 02:31 . 2004-08-04 05:29 11775 ----a-w- c:\windows\system32\dllcache\wadv05nt.sys
2010-02-11 02:30 . 2001-08-17 21:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-02-11 02:29 . 2004-08-04 11:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2010-02-11 02:28 . 2001-08-17 20:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2010-02-11 02:27 . 2001-08-18 06:36 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-02-11 02:26 . 2001-08-17 21:53 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys
2010-02-11 02:25 . 2001-08-17 22:56 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2010-02-11 02:24 . 2001-08-17 21:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2010-02-11 02:23 . 2001-08-18 06:36 62496 ----a-w- c:\windows\system32\dllcache\s3mtrio.dll
2010-02-11 02:22 . 2001-08-17 21:28 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-02-11 02:21 . 2001-08-18 06:36 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll
2010-02-11 02:20 . 2001-08-18 06:36 39424 ----a-w- c:\windows\system32\dllcache\ovcoms.exe
2010-02-11 02:19 . 2001-08-17 20:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-02-11 02:18 . 2001-08-17 20:50 13664 ----a-w- c:\windows\system32\dllcache\n9i128.sys
2010-02-11 02:18 . 2001-08-17 22:56 35392 ----a-w- c:\windows\system32\dllcache\n9i128.dll
2010-02-11 02:18 . 2001-08-17 20:11 128000 ----a-w- c:\windows\system32\dllcache\n100325.sys
2010-02-11 02:18 . 2001-08-17 20:11 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2010-02-11 02:18 . 2001-08-17 21:50 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys
2010-02-11 02:18 . 2001-08-18 06:36 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2010-02-11 02:18 . 2001-08-17 21:49 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
2010-02-11 02:18 . 2001-08-18 06:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-02-11 02:18 . 2001-08-17 21:50 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
2010-02-11 02:18 . 2001-08-17 20:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-02-11 02:18 . 2008-04-13 18:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2010-02-11 02:18 . 2001-08-17 21:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-02-11 02:17 . 2001-08-17 22:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-02-11 02:17 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2010-02-11 02:17 . 2001-08-17 22:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2010-02-11 02:17 . 2001-08-17 21:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2010-02-11 02:17 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2010-02-11 02:17 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2010-02-11 02:17 . 2001-08-17 21:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2010-02-11 02:15 . 2001-08-17 20:12 20573 ----a-w- c:\windows\system32\dllcache\lne100.sys
2010-02-11 02:14 . 2001-08-18 06:36 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll
2010-02-11 02:14 . 2001-08-17 21:50 38784 ----a-w- c:\windows\system32\dllcache\io8.sys
2010-02-11 02:14 . 2001-08-17 21:47 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2010-02-11 02:14 . 2001-08-18 06:36 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
2010-02-11 02:14 . 2001-08-17 22:06 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys
2010-02-11 02:14 . 2001-08-18 06:36 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2010-02-11 02:14 . 2001-08-18 06:36 45056 ----a-w- c:\windows\system32\dllcache\icam5com.dll
2010-02-11 02:14 . 2001-08-17 22:06 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2010-02-11 02:14 . 2001-08-18 06:36 61952 ----a-w- c:\windows\system32\dllcache\icam4ext.dll
2010-02-11 02:14 . 2001-08-18 06:36 91136 ----a-w- c:\windows\system32\dllcache\icam4com.dll
2010-02-11 02:14 . 2001-08-18 06:36 26624 ----a-w- c:\windows\system32\dllcache\icam3ext.dll
2010-02-11 02:14 . 2001-08-17 22:05 141056 ----a-w- c:\windows\system32\dllcache\icam3.sys
2010-02-11 02:14 . 2001-08-17 22:06 38528 ----a-w- c:\windows\system32\dllcache\ibmvcap.sys
2010-02-11 02:13 . 2001-08-17 20:12 109085 ----a-w- c:\windows\system32\dllcache\ibmtrp.sys
2010-02-11 02:13 . 2001-08-17 20:12 100936 ----a-w- c:\windows\system32\dllcache\ibmtok.sys
2010-02-11 02:13 . 2001-08-18 06:34 9216 ----a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2010-02-11 02:13 . 2001-08-17 20:11 28700 ----a-w- c:\windows\system32\dllcache\ibmexmp.sys
2010-02-11 02:13 . 2004-08-04 05:29 161020 ----a-w- c:\windows\system32\dllcache\i81xnt5.sys
2010-02-11 02:13 . 2008-04-14 00:11 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2010-02-11 02:13 . 2001-08-17 20:49 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys
2010-02-11 02:13 . 2001-08-17 22:56 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
2010-02-11 02:11 . 2001-08-18 06:36 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-02-11 02:10 . 2001-08-18 06:36 92160 ----a-w- c:\windows\system32\dllcache\fuusd.dll
2010-02-11 02:09 . 2001-08-17 20:19 63360 ----a-w- c:\windows\system32\dllcache\ess.sys
2010-02-11 02:08 . 2001-08-17 20:11 153631 ----a-w- c:\windows\system32\dllcache\el90xnd5.sys
2010-02-11 02:07 . 2001-08-18 06:36 37962 ----a-w- c:\windows\system32\dllcache\divaprop.dll
2010-02-11 02:06 . 2001-08-17 20:12 117760 ----a-w- c:\windows\system32\dllcache\d100ib5.sys
2010-02-11 02:05 . 2004-08-04 11:00 14336 ----a-w- c:\windows\system32\dllcache\chgusr.exe
2010-02-11 02:04 . 2001-08-17 21:12 10368 ----a-w- c:\windows\system32\dllcache\brusbscn.sys
2010-02-11 02:03 . 2001-08-17 20:48 281600 ----a-w- c:\windows\system32\dllcache\atimtai.sys
2010-02-11 02:02 . 2001-08-17 22:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-02-10 02:10 . 2010-02-10 02:10 -------- d-----w- c:\documents and settings\Sharie\Application Data\Uniblue
2010-02-09 05:35 . 2010-02-09 05:35 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-09 04:08 . 2010-02-09 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-02-09 03:06 . 2010-02-09 03:20 -------- d-----w- c:\documents and settings\Sharie\Application Data\ZoomBrowser EX
2010-02-09 02:50 . 2010-02-09 04:06 -------- d-----w- c:\program files\Common Files\Canon
2010-02-08 18:01 . 2010-02-08 18:01 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 23:50 . 2008-07-04 13:24 81984 ----a-w- c:\windows\system32\bdod.bin
2010-02-21 22:25 . 2008-09-01 19:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-21 22:25 . 2008-09-01 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-21 22:08 . 2008-11-17 15:55 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-18 03:12 . 2005-02-15 13:14 -------- d-----w- c:\program files\Common Files\Java
2010-02-18 03:11 . 2005-02-15 13:14 -------- d-----w- c:\program files\Java
2010-02-16 04:04 . 2008-02-24 04:03 -------- d-----w- c:\program files\Kodak
2010-02-14 16:43 . 2008-02-24 01:22 -------- d-----w- c:\program files\Google
2010-02-12 03:25 . 2008-10-11 18:00 -------- d-----w- c:\program files\Hunting Unlimited
2010-02-12 03:17 . 2009-10-06 23:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-12 03:10 . 2005-02-15 13:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 11:20 . 2009-07-05 17:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 00:49 . 2008-02-27 21:10 109528 ----a-w- c:\documents and settings\Sharie_2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-13 04:16 . 2009-12-03 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-01-13 04:15 . 2009-12-03 00:10 -------- d-----w- c:\program files\Viva Media
2010-01-10 04:32 . 2008-02-26 05:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-08 00:07 . 2009-05-23 02:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2009-05-23 02:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 01:35 . 2010-01-07 01:35 86704 ----a-w- c:\windows\system32\bda233B.tmp
2009-12-31 16:50 . 2008-11-17 15:55 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-27 18:16 . 2009-12-27 18:15 5562672 ----a-w- c:\documents and settings\Sharie\Application Data\TVU Networks\AutoUpgrade\TVUPlayer2.4.9.1.exe
2009-12-27 18:15 . 2009-12-27 18:15 -------- d-----w- c:\documents and settings\Sharie\Application Data\TVU Networks
2009-12-27 18:08 . 2009-12-27 18:08 -------- d-----w- c:\program files\Veetle
2009-12-24 02:28 . 2008-02-24 15:50 109528 ----a-w- c:\documents and settings\Sharie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-21 19:14 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-04 11:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-11-17 15:55 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2008-11-17 15:55 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-04 11:00 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2004-08-04 11:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2004-08-04 11:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-04 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 11:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-08-04 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-12 15:54 . 2010-02-20 15:41 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2008-09-29 15:39 . 2008-09-29 15:39 952 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAAC503B-6F0F-4F48-8055-289B8A5EF5C0}]
2009-07-24 17:57 1338368 ----a-w- c:\program files\Causes\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5D51B4F2-CC28-4488-9AB3-BE7E40EB3293}"= "c:\program files\Causes\Toolbar.dll" [2009-07-24 1338368]

[HKEY_CLASSES_ROOT\clsid\{5d51b4f2-cc28-4488-9ab3-be7e40eb3293}]
[HKEY_CLASSES_ROOT\FCTB000060459.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{315BC644-F418-4AD0-9E10-339AB9F84EC7}]
[HKEY_CLASSES_ROOT\FCTB000060459.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-11-12 782336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
backup=c:\windows\pss\APC UPS Status.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor Ver.4.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor Ver.4.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sharie^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sharie^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sharie_2^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 12:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 13:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-08-13 07:05 122939 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 22:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 04:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 16:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 16:36 114688 ----a-w- c:\windows\SYSTEM32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 16:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 02:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 18:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2006-01-17 21:03 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-17 21:03 135168 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-08-10 05:08 239456 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0205.2\mswinext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 21:01 13529088 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 21:01 86016 ----a-w- c:\windows\SYSTEM32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 21:01 1630208 ----a-w- c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 02:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-01 07:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2009-10-04 19:16 214536 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-09-11 19:31 2836440 ----a-w- c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 21:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 23:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire]
2010-01-15 00:08 378128 ----a-w- h:\program files\ThreatFire\TFTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-04 19:16 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 07:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\World of Warcraft\\WoW-2.4.0-enUS-downloader.exe"=
"g:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"g:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"c:\\Program Files\\Causes\\TroubleShooter.exe"=
"c:\\Program Files\\Causes\\ToolbarUpdate.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"g:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"f:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 pxscan;pxscan;c:\windows\SYSTEM32\DRIVERS\pxscan.sys [2/14/2010 10:26 AM 30280]
R3 pxkbf;pxkbf;c:\windows\SYSTEM32\DRIVERS\pxkbf.sys [2/14/2010 10:26 AM 24368]
S0 TfFsMon;TfFsMon;c:\windows\SYSTEM32\DRIVERS\TfFsMon.sys [2/10/2010 9:11 PM 51984]
S0 TfSysMon;TfSysMon;c:\windows\SYSTEM32\DRIVERS\TfSysMon.sys [2/10/2010 9:11 PM 59664]
S2 pxrts;pxrts;c:\windows\SYSTEM32\DRIVERS\pxrts.sys [2/14/2010 10:26 AM 47664]
S2 ThreatFire;ThreatFire;h:\program files\ThreatFire\TFService.exe service --> h:\program files\ThreatFire\TFService.exe service [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [1/20/2009 6:16 PM 172032]
S3 bdfm;BDFM;c:\windows\SYSTEM32\DRIVERS\bdfm.sys [9/18/2008 11:09 AM 111112]
S3 TfNetMon;TfNetMon;c:\windows\SYSTEM32\DRIVERS\TfNetMon.sys [2/10/2010 9:11 PM 33552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-02-22 c:\windows\Tasks\User_Feed_Synchronization-{6A21BE33-9984-4500-B7D5-2AAF066A6412}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
FF - ProfilePath - c:\documents and settings\Sharie\Application Data\Mozilla\Firefox\Profiles\72g4q310.default\
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\Sharie\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Advanced SystemCare 3 - g:\program files\IObit\Advanced SystemCare 3\AWC.exe
AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe
AddRemove-Zuma Deluxe 1.0 - c:\program files\PopCap Games\Zuma Deluxe\PopUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-22 16:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\COMRes.dll

- - - - - - - > 'explorer.exe'(568)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-02-22 16:02:54
ComboFix-quarantined-files.txt 2010-02-23 00:02

Pre-Run: 5,714,165,760 bytes free
Post-Run: 5,673,164,800 bytes free

- - End Of File - - 515040972768E8339294301ABCDE1A9D



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:44 PM, on 2/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
h:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {969F6D55-0B76-4956-8F31-2A995769E43C} - C:\Program Files\Causes\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FCTBPos00Pos - {AAAC503B-6F0F-4F48-8055-289B8A5EF5C0} - C:\Program Files\Causes\Toolbar.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Causes - {5D51B4F2-CC28-4488-9AB3-BE7E40EB3293} - C:\Program Files\Causes\Toolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; msn OptimizedIE8;ENUS)" -"http://www.myhuntinggames.com/bear-hunting-games.html"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/tes ... eGames.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.34.14/ttinst.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ThreatFire - PC Tools - h:\Program Files\ThreatFire\TFService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O24 - Desktop Component 0: (no name) - http://c1.neweggimages.com/WebResource/ ... 7.03.07.js

--
End of file - 9268 bytes
jkoviak111
Active Member
 
Posts: 10
Joined: February 14th, 2010, 3:33 pm

Re: Seach Redirect

Unread postby muppy03 » February 23rd, 2010, 6:09 am

Please update me on issues after doing the following!

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

StreamTorrent 1.0


I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red). Also take note that remnants of the above program/s and any other P2P program found will be removed when cleaning.

While in add/remove programs also uninstall the following:-

    My Way Search Assistant
    Viewpoint Media Player

You also have Prevx and Threatfire on board. Are you happy with both of these?

I would recommend uninstalling Prevx at the very least if it is the free version. Threatfire is also not needed. I notice it is installed on H drive?

Also you appear to have both 2008 and 2009 BitDefender Antivirus showing in your uninstall list?

Once the above is done please continue with the following and run Combofix script in normal mode.

COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    c:\windows\system32\bdod.bin
    c:\windows\system32\bda233B.tmp
    c:\windows\system32\msfeedssync.exe
     
    Folder::
    c:\program files\Spybot - Search & Destroy
    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    
    Registry::
    [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
    
    [-HKLM\~\startupfolder\C:^Documents and Settings^Sharie^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
     
    
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please reply with:-
  • Combofix log
  • New HJT log
  • Update on how things are running
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Seach Redirect

Unread postby jkoviak111 » February 23rd, 2010, 11:48 pm

Alright, I uninstalled Stream Torrent...didn't know it was P2P or I would have done it earlier.

Uninstalled viewpoint media.

My way search assistant wouldn't uninstall

I uninstalled Prevyx and Threatfire...I was just trying to get rid of my problems.

If Bit Defender was uninstalled I'm not sure why...maybe installation problems. It's my AV...paid. Is there a better you'd recommend?...my subscription is coming up.

Everything seems to be running well.


crosoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1536 [GMT -8:00]
Running from: c:\documents and settings\Sharie_2\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sharie_2\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FILE ::
"c:\windows\system32\bda233B.tmp"
"c:\windows\system32\bdod.bin"
"c:\windows\system32\msfeedssync.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Backups\regLocal.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Backups\regUsers.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Configuration.ini
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Excludes\Bots.sbe
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Excludes\Cookies.sbe
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Excludes\FileExt.sbe
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Excludes\Links.sbe
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Excludes\Single.sbe
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Excludes\SystemInternals.sbe
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Excludes\WaitFor.sbe
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Immunization.ini
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080901-1229.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.080901-1246.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.081017-2025.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.081017-2043.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.081208-1058.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.081208-1121.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.081208-1155.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.081208-1241.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.081208-1246.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.081208-1246.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.081213-1728.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.081213-1752.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.091006-1937.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.091006-1957.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.091226-1003.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.091226-1019.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100208-2151.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100217-1723.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.100217-1752.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.080901-1248.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.081018-0804.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.081208-1141.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.081213-1827.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.091006-2009.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.091226-1642.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.100217-1830.txt
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\SDHelper.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Update downloads.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSSAgent.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSSAgent1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSSAgent2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSSAgent3.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts12.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch10.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch11.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch13.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch14.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch15.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Statistics.ini
c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\advcheck.dll
c:\program files\Spybot - Search & Destroy\aports.dll
c:\program files\Spybot - Search & Destroy\blindman.exe
c:\program files\Spybot - Search & Destroy\Default configuration.ini
c:\program files\Spybot - Search & Destroy\DelZip179.dll
c:\program files\Spybot - Search & Destroy\Dummies\dummy.cd_clint.dll
c:\program files\Spybot - Search & Destroy\EBJIAFNIIYD.scr
c:\program files\Spybot - Search & Destroy\GEADSWLYGHMHBALHMO.scr
c:\program files\Spybot - Search & Destroy\Includes\Targets.nfo
c:\program files\Spybot - Search & Destroy\Languages\English.sbl
c:\program files\Spybot - Search & Destroy\LIIMWGMFOEPAXDY.scr
c:\program files\Spybot - Search & Destroy\LKHZWU.scr
c:\program files\Spybot - Search & Destroy\OCNUPSVNVRDRHXILN.scr
c:\program files\Spybot - Search & Destroy\OptOut.ini
c:\program files\Spybot - Search & Destroy\Plugins\Chai.dll
c:\program files\Spybot - Search & Destroy\Plugins\Fennel.dll
c:\program files\Spybot - Search & Destroy\Plugins\Mate.dll
c:\program files\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
c:\program files\Spybot - Search & Destroy\RJULLKPYGEPQYON.scr
c:\program files\Spybot - Search & Destroy\SDFiles.exe
c:\program files\Spybot - Search & Destroy\SDHelper.dll
c:\program files\Spybot - Search & Destroy\SDMain.exe
c:\program files\Spybot - Search & Destroy\SDShred.exe
c:\program files\Spybot - Search & Destroy\SDUpdate.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Spybot - Search & Destroy\Skins\Colorblind.ini
c:\program files\Spybot - Search & Destroy\Skins\Italia.ini
c:\program files\Spybot - Search & Destroy\Skins\Peace.ini
c:\program files\Spybot - Search & Destroy\SpybotSD.exe
c:\program files\Spybot - Search & Destroy\sqlite3.dll
c:\program files\Spybot - Search & Destroy\TeaTimer.exe
c:\program files\Spybot - Search & Destroy\Tools.dll
c:\program files\Spybot - Search & Destroy\unins000.exe
c:\program files\Spybot - Search & Destroy\Update.exe
c:\program files\Spybot - Search & Destroy\Updates\advcheck162.exe
c:\program files\Spybot - Search & Destroy\Updates\advcheck164.exe
c:\program files\Spybot - Search & Destroy\Updates\advcheck165.exe
c:\program files\Spybot - Search & Destroy\Updates\downloaded.ini
c:\program files\Spybot - Search & Destroy\Updates\online.ini
c:\program files\Spybot - Search & Destroy\Updates\sbsd162upd.exe
c:\program files\Spybot - Search & Destroy\Updates\sdhelper161.exe
c:\program files\Spybot - Search & Destroy\Updates\teatimer161.exe
c:\program files\Spybot - Search & Destroy\Updates\teatimer162.exe
c:\program files\Spybot - Search & Destroy\Updates\teatimer166.exe
c:\program files\Spybot - Search & Destroy\Updates\tools216.exe
c:\program files\Spybot - Search & Destroy\UWCNNISH.scr
c:\windows\system32\bda233B.tmp
c:\windows\system32\bdod.bin

.
((((((((((((((((((((((((( Files Created from 2010-01-24 to 2010-02-24 )))))))))))))))))))))))))))))))
.

2010-02-24 03:15 . 2010-02-24 03:15 109528 ----a-w- c:\documents and settings\Sharie_2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-24 02:44 . 2010-02-24 02:44 -------- d-sh--w- c:\documents and settings\Sharie_2\IECompatCache
2010-02-24 02:44 . 2010-02-24 02:44 -------- d-sh--w- c:\documents and settings\Sharie_2\PrivacIE
2010-02-24 02:30 . 2010-02-24 02:30 -------- d-----w- c:\documents and settings\Sharie_2\Local Settings\Application Data\Mozilla
2010-02-23 05:15 . 2010-02-23 05:15 -------- d-----w- c:\documents and settings\Sharie\Local Settings\Application Data\Mozilla
2010-02-23 03:53 . 2010-02-23 04:04 -------- d-----w- c:\documents and settings\Sharie_2\Local Settings\Application Data\Adobe
2010-02-23 03:37 . 2010-02-23 03:37 -------- d-----w- c:\documents and settings\Sharie_2\Local Settings\Application Data\BVRP Software
2010-02-23 03:35 . 2010-02-23 03:35 -------- d-----w- c:\documents and settings\Sharie_2\Application Data\BitDefender
2010-02-23 03:34 . 2010-02-23 03:34 -------- d-sh--w- c:\documents and settings\Sharie_2\IETldCache
2010-02-23 00:03 . 2010-02-23 00:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-02-22 23:33 . 2010-02-22 23:33 109528 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-22 23:32 . 2010-02-22 23:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BVRP Software
2010-02-22 23:21 . 2010-02-22 23:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-21 22:36 . 2010-02-21 22:36 -------- d--h--w- c:\windows\PIF
2010-02-21 22:26 . 2010-02-21 22:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-20 16:27 . 2010-02-20 16:27 503808 ----a-w- c:\documents and settings\Sharie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16fd6ca0-n\msvcp71.dll
2010-02-20 16:27 . 2010-02-20 16:27 348160 ----a-w- c:\documents and settings\Sharie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16fd6ca0-n\msvcr71.dll
2010-02-20 16:27 . 2010-02-20 16:27 499712 ----a-w- c:\documents and settings\Sharie\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16fd6ca0-n\jmc.dll
2010-02-20 16:27 . 2010-02-20 16:27 61440 ----a-w- c:\documents and settings\Sharie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-313c5f7a-n\decora-sse.dll
2010-02-20 16:27 . 2010-02-20 16:27 12800 ----a-w- c:\documents and settings\Sharie\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-313c5f7a-n\decora-d3d.dll
2010-02-20 15:43 . 2010-02-20 15:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-20 15:28 . 2010-02-22 16:21 -------- d-----w- C:\rsit
2010-02-18 03:11 . 2010-02-18 03:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-14 19:05 . 2010-02-14 19:05 -------- d-----w- c:\program files\Trend Micro
2010-02-14 18:26 . 2010-02-21 17:00 55184 ----a-w- c:\windows\system32\PxSecure(2).dll
2010-02-11 05:22 . 2009-08-05 03:44 2189184 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-11 05:22 . 2009-08-04 15:13 2145280 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-11 05:22 . 2009-08-04 15:13 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-11 05:22 . 2009-08-04 14:20 2023936 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-11 05:22 . 2009-08-04 14:20 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-11 05:22 . 2009-08-04 14:20 2066048 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-11 02:33 . 2008-04-14 00:12 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-11 02:33 . 2001-08-18 06:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-11 02:33 . 2008-04-14 00:12 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-02-11 02:33 . 2001-08-18 06:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-02-11 02:33 . 2001-08-18 06:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-02-11 02:33 . 2001-08-18 06:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-02-11 02:33 . 2001-08-17 20:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-02-11 02:33 . 2004-08-04 05:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-02-11 02:33 . 2004-08-04 05:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-02-11 02:33 . 2008-04-14 00:12 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2010-02-11 02:31 . 2004-08-04 05:29 11775 ----a-w- c:\windows\system32\dllcache\wadv05nt.sys
2010-02-11 02:30 . 2001-08-17 21:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-02-11 02:29 . 2004-08-04 11:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2010-02-11 02:28 . 2001-08-17 20:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2010-02-11 02:27 . 2001-08-18 06:36 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-02-11 02:26 . 2001-08-17 21:53 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys
2010-02-11 02:25 . 2001-08-17 22:56 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2010-02-11 02:24 . 2001-08-17 21:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2010-02-11 02:23 . 2001-08-18 06:36 62496 ----a-w- c:\windows\system32\dllcache\s3mtrio.dll
2010-02-11 02:22 . 2001-08-17 21:28 714762 ----a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2010-02-11 02:21 . 2001-08-18 06:36 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll
2010-02-11 02:20 . 2001-08-18 06:36 39424 ----a-w- c:\windows\system32\dllcache\ovcoms.exe
2010-02-11 02:19 . 2001-08-17 20:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-02-11 02:18 . 2001-08-17 20:50 13664 ----a-w- c:\windows\system32\dllcache\n9i128.sys
2010-02-11 02:18 . 2001-08-17 22:56 35392 ----a-w- c:\windows\system32\dllcache\n9i128.dll
2010-02-11 02:18 . 2001-08-17 20:11 128000 ----a-w- c:\windows\system32\dllcache\n100325.sys
2010-02-11 02:18 . 2001-08-17 20:11 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2010-02-11 02:18 . 2001-08-17 21:50 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys
2010-02-11 02:18 . 2001-08-18 06:36 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2010-02-11 02:18 . 2001-08-17 21:49 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
2010-02-11 02:18 . 2001-08-18 06:36 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-02-11 02:18 . 2001-08-17 21:50 21888 ----a-w- c:\windows\system32\dllcache\mxcard.sys
2010-02-11 02:18 . 2001-08-17 20:50 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-02-11 02:18 . 2008-04-13 18:46 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2010-02-11 02:18 . 2001-08-17 21:48 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-02-11 02:17 . 2001-08-17 22:00 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-02-11 02:17 . 2008-04-13 18:54 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2010-02-11 02:17 . 2001-08-17 22:02 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2010-02-11 02:17 . 2001-08-17 21:48 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2010-02-11 02:17 . 2008-04-13 18:46 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2010-02-11 02:17 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2010-02-11 02:17 . 2001-08-17 21:52 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2010-02-11 02:15 . 2001-08-17 20:12 20573 ----a-w- c:\windows\system32\dllcache\lne100.sys
2010-02-11 02:14 . 2001-08-18 06:36 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll
2010-02-11 02:14 . 2001-08-17 21:50 38784 ----a-w- c:\windows\system32\dllcache\io8.sys
2010-02-11 02:14 . 2001-08-17 21:47 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2010-02-11 02:14 . 2001-08-18 06:36 372824 ----a-w- c:\windows\system32\dllcache\iconf32.dll
2010-02-11 02:14 . 2001-08-17 22:06 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys
2010-02-11 02:14 . 2001-08-18 06:36 20480 ----a-w- c:\windows\system32\dllcache\icam5ext.dll
2010-02-11 02:14 . 2001-08-18 06:36 45056 ----a-w- c:\windows\system32\dllcache\icam5com.dll
2010-02-11 02:14 . 2001-08-17 22:06 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2010-02-11 02:14 . 2001-08-18 06:36 61952 ----a-w- c:\windows\system32\dllcache\icam4ext.dll
2010-02-11 02:14 . 2001-08-18 06:36 91136 ----a-w- c:\windows\system32\dllcache\icam4com.dll
2010-02-11 02:14 . 2001-08-18 06:36 26624 ----a-w- c:\windows\system32\dllcache\icam3ext.dll
2010-02-11 02:14 . 2001-08-17 22:05 141056 ----a-w- c:\windows\system32\dllcache\icam3.sys
2010-02-11 02:14 . 2001-08-17 22:06 38528 ----a-w- c:\windows\system32\dllcache\ibmvcap.sys
2010-02-11 02:13 . 2001-08-17 20:12 109085 ----a-w- c:\windows\system32\dllcache\ibmtrp.sys
2010-02-11 02:13 . 2001-08-17 20:12 100936 ----a-w- c:\windows\system32\dllcache\ibmtok.sys
2010-02-11 02:13 . 2001-08-18 06:34 9216 ----a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2010-02-11 02:13 . 2001-08-17 20:11 28700 ----a-w- c:\windows\system32\dllcache\ibmexmp.sys
2010-02-11 02:13 . 2004-08-04 05:29 161020 ----a-w- c:\windows\system32\dllcache\i81xnt5.sys
2010-02-11 02:13 . 2008-04-14 00:11 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2010-02-11 02:13 . 2001-08-17 20:49 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys
2010-02-11 02:13 . 2001-08-17 22:56 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
2010-02-11 02:11 . 2001-08-18 06:36 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-02-11 02:10 . 2001-08-18 06:36 92160 ----a-w- c:\windows\system32\dllcache\fuusd.dll
2010-02-11 02:09 . 2001-08-17 20:19 63360 ----a-w- c:\windows\system32\dllcache\ess.sys
2010-02-11 02:08 . 2001-08-17 20:11 153631 ----a-w- c:\windows\system32\dllcache\el90xnd5.sys
2010-02-11 02:07 . 2001-08-18 06:36 37962 ----a-w- c:\windows\system32\dllcache\divaprop.dll
2010-02-11 02:06 . 2001-08-17 20:12 117760 ----a-w- c:\windows\system32\dllcache\d100ib5.sys
2010-02-11 02:05 . 2004-08-04 11:00 14336 ----a-w- c:\windows\system32\dllcache\chgusr.exe
2010-02-11 02:04 . 2001-08-17 21:12 10368 ----a-w- c:\windows\system32\dllcache\brusbscn.sys
2010-02-11 02:03 . 2001-08-17 20:48 281600 ----a-w- c:\windows\system32\dllcache\atimtai.sys
2010-02-11 02:02 . 2001-08-17 22:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-02-09 05:35 . 2010-02-09 05:35 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-09 04:08 . 2010-02-09 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-02-09 02:50 . 2010-02-09 04:06 -------- d-----w- c:\program files\Common Files\Canon
2010-02-08 18:01 . 2010-02-08 18:01 664 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 01:21 . 2009-12-03 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2010-02-23 03:34 . 2008-04-10 03:37 -------- d-----w- c:\program files\Web Publish
2010-02-21 22:08 . 2008-11-17 15:55 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-02-18 03:12 . 2005-02-15 13:14 -------- d-----w- c:\program files\Common Files\Java
2010-02-18 03:11 . 2005-02-15 13:14 -------- d-----w- c:\program files\Java
2010-02-16 04:04 . 2008-02-24 04:03 -------- d-----w- c:\program files\Kodak
2010-02-14 16:43 . 2008-02-24 01:22 -------- d-----w- c:\program files\Google
2010-02-12 03:25 . 2008-10-11 18:00 -------- d-----w- c:\program files\Hunting Unlimited
2010-02-12 03:17 . 2009-10-06 23:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-12 03:10 . 2005-02-15 13:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 11:20 . 2009-07-05 17:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 00:49 . 2008-02-27 21:10 109528 ----a-w- c:\documents and settings\Sharie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-13 04:15 . 2009-12-03 00:10 -------- d-----w- c:\program files\Viva Media
2010-01-10 04:32 . 2008-02-26 05:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-08 00:07 . 2009-05-23 02:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2009-05-23 02:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2008-11-17 15:55 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-27 18:08 . 2009-12-27 18:08 -------- d-----w- c:\program files\Veetle
2009-12-21 19:14 . 2004-08-04 11:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-04 11:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-11-17 15:55 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2008-11-17 15:55 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-04 11:00 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11 . 2004-08-04 11:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07 . 2004-08-04 11:00 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 11:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2004-08-04 11:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 11:00 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07 . 2004-08-04 11:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-12 15:54 . 2010-02-20 15:41 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2008-09-29 15:39 . 2008-09-29 15:39 952 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-02-23_00.00.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-24 02:58 . 2010-02-24 02:58 16384 c:\windows\temp\Perflib_Perfdata_7c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{969F6D55-0B76-4956-8F31-2A995769E43C}"= "c:\program files\Causes\Helper.dll" [2009-07-24 201216]

[HKEY_CLASSES_ROOT\clsid\{969f6d55-0b76-4956-8f31-2a995769e43c}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{F8015C24-C4F2-4B61-98A3-8AF4B7BEEE13}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AAAC503B-6F0F-4F48-8055-289B8A5EF5C0}]
2009-07-24 17:57 1338368 ----a-w- c:\program files\Causes\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5D51B4F2-CC28-4488-9AB3-BE7E40EB3293}"= "c:\program files\Causes\Toolbar.dll" [2009-07-24 1338368]

[HKEY_CLASSES_ROOT\clsid\{5d51b4f2-cc28-4488-9ab3-be7e40eb3293}]
[HKEY_CLASSES_ROOT\FCTB000060459.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{315BC644-F418-4AD0-9E10-339AB9F84EC7}]
[HKEY_CLASSES_ROOT\FCTB000060459.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5D51B4F2-CC28-4488-9AB3-BE7E40EB3293}"= "c:\program files\Causes\Toolbar.dll" [2009-07-24 1338368]

[HKEY_CLASSES_ROOT\clsid\{5d51b4f2-cc28-4488-9ab3-be7e40eb3293}]
[HKEY_CLASSES_ROOT\FCTB000060459.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{315BC644-F418-4AD0-9E10-339AB9F84EC7}]
[HKEY_CLASSES_ROOT\FCTB000060459.IEToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-11-12 782336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
backup=c:\windows\pss\APC UPS Status.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
backup=c:\windows\pss\Event Reminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor Ver.4.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk
backup=c:\windows\pss\ImageMixer 3 SE Camera Monitor Ver.4.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sharie^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sharie_2^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 12:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2004-07-19 13:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-08-13 07:05 122939 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 22:54 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 04:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 16:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 16:36 114688 ----a-w- c:\windows\SYSTEM32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 16:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 02:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 18:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2006-01-17 21:03 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-17 21:03 135168 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-08-10 05:08 239456 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0205.2\mswinext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-16 21:01 13529088 ----a-w- c:\windows\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-16 21:01 86016 ----a-w- c:\windows\SYSTEM32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-16 21:01 1630208 ----a-w- c:\windows\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 02:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-01 07:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2009-10-04 19:16 214536 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-09-11 19:31 2836440 ----a-w- c:\program files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 21:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 23:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-04 19:16 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 07:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"g:\\World of Warcraft\\WoW-2.4.0-enUS-downloader.exe"=
"g:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"g:\\Program Files\\EA Games\\Command and Conquer Generals\\patchget.dat"=
"c:\\Program Files\\Causes\\TroubleShooter.exe"=
"c:\\Program Files\\Causes\\ToolbarUpdate.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"f:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 bdfm;BDFM;c:\windows\SYSTEM32\DRIVERS\bdfm.sys [9/18/2008 11:09 AM 111112]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [1/20/2009 6:16 PM 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-02-24 c:\windows\Tasks\User_Feed_Synchronization-{6A21BE33-9984-4500-B7D5-2AAF066A6412}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
FF - ProfilePath - c:\documents and settings\Sharie_2\Application Data\Mozilla\Firefox\Profiles\rqrblvkv.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ThreatFire - h:\program files\ThreatFire\TFTray.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\program files\Spybot - Search & Destroy\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-23 19:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-02-23 19:32:11
ComboFix-quarantined-files.txt 2010-02-24 03:32
ComboFix2.txt 2010-02-23 00:02

Pre-Run: 3,017,441,280 bytes free
Post-Run: 2,999,889,920 bytes free

- - End Of File - - 3B2940A280A0282F6919A8D4C6AC4C13


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:15 PM, on 2/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\mswinext.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {969F6D55-0B76-4956-8F31-2A995769E43C} - C:\Program Files\Causes\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FCTBPos00Pos - {AAAC503B-6F0F-4F48-8055-289B8A5EF5C0} - C:\Program Files\Causes\Toolbar.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Causes - {5D51B4F2-CC28-4488-9AB3-BE7E40EB3293} - C:\Program Files\Causes\Toolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0205.2\npwinext.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/tes ... eGames.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.34.14/ttinst.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 8327 bytes
jkoviak111
Active Member
 
Posts: 10
Joined: February 14th, 2010, 3:33 pm

Re: Seach Redirect

Unread postby muppy03 » February 24th, 2010, 5:09 am

Bit Defender is fine, was just asking about the 2 versions showing. :)

Everything seems to be running well.

Excellent, any issues at all?

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)


Once selected close all windows except HJT an click on Fix Checked

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 18.
  • Go to Java Site
  • Scroll down to where it says "JDK 6 Update 18 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE) listed below in the code box.
    Code: Select all
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 3
    Java(TM) 6 Update 7
     
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply

Please reply with:-
  • Kaspersky log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Seach Redirect

Unread postby jkoviak111 » February 25th, 2010, 8:42 am

No issues.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, February 25, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, February 25, 2010 03:44:34
Records in database: 3643383
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 130557
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:11:02

No threats found. Scanned area is clean.

Selected area has been scanned.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:02 AM, on 2/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1384.0\mswinext.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
F:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {969F6D55-0B76-4956-8F31-2A995769E43C} - C:\Program Files\Causes\Helper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FCTBPos00Pos - {AAAC503B-6F0F-4F48-8055-289B8A5EF5C0} - C:\Program Files\Causes\Toolbar.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1384.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Causes - {5D51B4F2-CC28-4488-9AB3-BE7E40EB3293} - C:\Program Files\Causes\Toolbar.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1384.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1384.0\npwinext.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1384.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/tes ... eGames.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.34.14/ttinst.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 8123 bytes
jkoviak111
Active Member
 
Posts: 10
Joined: February 14th, 2010, 3:33 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware