Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Bot infection, multiple viruses

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 21st, 2010, 9:24 pm

OTL.txt


OTL logfile created on: 8/21/2010 6:58:58 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Adam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.59 Gb Total Space | 77.47 Gb Free Space | 34.65% Space Free | Partition Type: NTFS
Drive D: | 9.29 Gb Total Space | 1.23 Gb Free Space | 13.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.89 Gb Total Space | 1.39 Gb Free Space | 73.90% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 931.28 Gb Total Space | 785.87 Gb Free Space | 84.39% Space Free | Partition Type: FAT32

Computer Name: ADAM-PC
Current User Name: Adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Adam\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\Security\Current\Plugins\AntiMalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Webroot\Security\Current\Plugins\AntiMalware\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Stardock\MyColors\WBVista.exe ()
PRC - C:\Program Files\Stardock\MyColors\VistaSrv.exe (Stardock Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe ()
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe ()
PRC - C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe (Trend Micro Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Kodak\Printer\Center\KodakSvc.exe (Eastman Kodak Company)
PRC - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)


========== Modules (SafeList) ==========

MOD - C:\Users\Adam\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Stardock\MyColors\wblind.dll (Stardock Corporation)
MOD - C:\Program Files\Stardock\MyColors\wbhelp.dll (Stardock.Net, Inc)
MOD - C:\Windows\System32\wbload.dll ()
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (GameConsoleService) -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WindowBlinds) -- C:\Program Files\Stardock\MyColors\VistaSrv.exe (Stardock Corporation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe ()
SRV - (RUBotted) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe (Trend Micro Inc.)
SRV - (KodakSvc) -- C:\Program Files\Kodak\printer\center\KodakSvc.exe (Eastman Kodak Company)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (Rocket Division Software)


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (MEMSWEEP2) -- C:\Windows\System32\EDA5.tmp File not found
DRV - (mcdbus) -- C:\Windows\System32\DRIVERS\mcdbus.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Adam\AppData\Local\Temp\catchme.sys File not found
DRV - (mouclass) -- C:\Windows\System32\drivers\mouclass.sys ()
DRV - (ssidrv) -- C:\Windows\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfmonm) -- C:\Windows\System32\drivers\ssfmonm.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd) -- C:\Windows\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (vncmirror) -- C:\Windows\System32\drivers\vncmirror.sys (RealVNC Ltd.)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (TMPassthruMP) -- C:\Windows\System32\drivers\TMPassthru.sys (Trend Micro Inc.)
DRV - (TMPassthru) -- C:\Windows\System32\drivers\TMPassthru.sys (Trend Micro Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (MotDev) -- C:\Windows\System32\drivers\motodrv.sys (Motorola Inc)
DRV - (Alpham1) -- C:\Windows\System32\drivers\Alpham1.sys (Ideazon Corporation)
DRV - (motport) -- C:\Windows\System32\drivers\motport.sys (Motorola)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (elagopro) -- C:\Windows\System32\drivers\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr) -- C:\Windows\System32\drivers\elaunidr.sys (Gteko Ltd.)
DRV - (Alpham2) -- C:\Windows\System32\drivers\Alpham2.sys (Ideazon Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 00000000 [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}:4.0.6
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/26 12:50:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\flashcatch@flashcatch.com: C:\Program Files\FlashCatch\firefox [2009/10/17 13:26:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/01/04 18:43:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/27 18:20:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/27 18:20:42 | 000,000,000 | ---D | M]

[2010/07/27 18:21:25 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions
[2010/07/27 18:21:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/11 16:22:31 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/14 13:33:35 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\o02pp7t1.default\extensions
[2010/07/28 20:27:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\o02pp7t1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/10 11:42:38 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\o02pp7t1.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2010/07/27 18:20:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/27 18:20:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/07/22 20:07:09 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/22 20:07:10 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/07/22 20:07:11 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/07/22 17:41:04 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/07/22 17:41:04 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/07/22 17:41:04 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/07/22 17:41:04 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/07/22 17:41:04 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/07/22 17:41:04 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/07/22 17:41:04 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/08/18 21:03:37 | 000,001,339 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O3 - HKCU\..\Toolbar\WebBrowser: (FlashCatch) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - C:\Program Files\FlashCatch\flashcatch.dll (Level 9 Technology, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe ()
O4 - HKLM..\Run: [MyGarminAgent] C:\Program Files\Garmin\MyGarminAgent.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\system32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\system32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [Google Update] C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [RunSpySweeperScheduleAtStartup] C:\Windows\System32\msfeedssync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O4 - Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe File not found
O4 - Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE File not found
O4 - Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Custo ... anager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab (TPIR Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab (CDownloadCtrl Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab (DLM Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/fa ... lyfeud.cab (FamilyFeud Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GO333C~1\GoogleDesktopNetwork3.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll (Stardock)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Adam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Adam\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (y Packages settings...) - File not found
O30 - LSA: Security Packages - (ystem32\msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/20 01:22:49 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/02/06 17:34:36 | 000,000,000 | ---D | M] - I:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mp42 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/21 18:55:04 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
[2010/08/20 15:25:39 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\temp
[2010/08/20 14:58:03 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/20 14:57:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/18 21:21:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/18 21:04:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/08/16 21:29:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/16 21:29:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/16 21:29:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/16 21:28:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/16 21:22:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/16 14:24:40 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\Malware Removal assist
[2010/08/15 13:24:14 | 000,000,000 | ---D | C] -- C:\rsit
[2010/07/31 15:55:21 | 015,821,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imageres.dll
[2010/07/31 15:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{CFA6F4AE-B6D4-4F71-BBA4-ACFE805E7214}
[2010/07/29 21:12:54 | 000,000,000 | ---D | C] -- C:\AdobeTemp
[2010/07/29 12:17:17 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\VS Revo Group
[2010/07/29 12:17:08 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2010/07/29 12:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/07/28 17:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/07/27 18:21:07 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\Mozilla
[2010/07/27 13:36:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/07/27 13:05:00 | 000,206,608 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\TMPassthru.sys
[2010/07/27 13:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/26 23:08:37 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Malwarebytes
[2010/07/26 23:08:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/26 23:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/26 23:08:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/26 23:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/26 21:29:47 | 001,170,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\TDSSKiller.exe
[2010/07/25 11:45:34 | 000,045,072 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\System32\drivers\ssfmonm.sys
[2010/07/25 11:36:04 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}
[2010/07/25 11:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\webroot
[2008/11/29 23:02:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Adam\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/08/21 19:01:56 | 005,505,024 | -HS- | M] () -- C:\Users\Adam\ntuser.dat
[2010/08/21 19:01:54 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BF955419-3C2E-4DC3-86C2-CE8E1953218C}.job
[2010/08/21 19:01:17 | 000,766,976 | ---- | M] () -- C:\Windows\System32\drivers\jcbggfvh.sys
[2010/08/21 18:59:08 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1685170627-3577132848-81057928-1000UA.job
[2010/08/21 18:35:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
[2010/08/21 18:10:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/21 17:27:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/21 17:27:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/21 16:59:10 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1685170627-3577132848-81057928-1000Core.job
[2010/08/21 15:43:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/08/21 00:10:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/20 23:46:02 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Kodak AiO Scheduled Maintenance.job
[2010/08/20 18:42:05 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAdam.job
[2010/08/20 18:25:29 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/20 18:25:03 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/20 15:27:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/20 15:27:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/20 15:27:09 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/19 18:53:02 | 000,524,288 | -HS- | M] () -- C:\Users\Adam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/19 18:53:02 | 000,065,536 | -HS- | M] () -- C:\Users\Adam\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/19 18:49:14 | 003,104,629 | -H-- | M] () -- C:\Users\Adam\AppData\Local\IconCache.db
[2010/08/19 18:25:29 | 000,000,382 | ---- | M] () -- C:\Users\Adam\Desktop\Local Area Connection - Shortcut.lnk
[2010/08/18 21:05:46 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/17 10:47:58 | 003,818,412 | R--- | M] () -- C:\Users\Adam\Desktop\ComboFix.exe
[2010/08/16 21:04:58 | 002,360,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/15 13:26:24 | 000,763,574 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/15 13:26:24 | 000,645,572 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/15 13:26:24 | 000,120,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/13 19:10:33 | 000,118,064 | ---- | M] () -- C:\Users\Adam\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/12 13:29:47 | 000,000,174 | ---- | M] () -- C:\Windows\win.ini
[2010/08/09 18:49:53 | 000,002,481 | ---- | M] () -- C:\Users\Adam\Desktop\HiJackThis.lnk
[2010/07/29 12:17:09 | 000,000,951 | ---- | M] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2010/07/29 12:17:09 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2010/07/27 18:20:53 | 000,001,714 | ---- | M] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/27 18:20:53 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/27 13:12:47 | 000,000,036 | ---- | M] () -- C:\Users\Adam\AppData\Local\housecall.guid.cache
[2010/07/27 01:21:42 | 000,003,104 | ---- | M] () -- C:\Users\Adam\Documents\cc_20100727_012138.reg
[2010/07/26 23:08:24 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/26 21:45:33 | 000,034,360 | ---- | M] () -- C:\Windows\System32\drivers\mouclass.sys
[2010/07/26 19:14:06 | 000,002,400 | ---- | M] () -- C:\Users\Adam\Documents\cc_20100726_191402.reg
[2010/07/26 12:40:21 | 000,002,708 | ---- | M] () -- C:\Users\Adam\AppData\Local\d3d9caps.dat
[2010/07/25 17:11:30 | 000,210,264 | ---- | M] () -- C:\Users\Adam\Documents\cc_20100725_171117.reg
[2010/07/25 11:36:10 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk

========== Files Created - No Company Name ==========

[2010/08/19 18:25:29 | 000,000,382 | ---- | C] () -- C:\Users\Adam\Desktop\Local Area Connection - Shortcut.lnk
[2010/08/18 21:02:41 | 2145,832,960 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/16 22:07:15 | 000,002,433 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/08/16 22:07:15 | 000,001,930 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2010/08/16 22:07:15 | 000,001,077 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/08/16 22:07:15 | 000,000,764 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2010/08/16 21:29:12 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/16 21:29:11 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/16 21:29:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/16 21:29:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/16 21:29:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/16 18:57:07 | 003,818,412 | R--- | C] () -- C:\Users\Adam\Desktop\ComboFix.exe
[2010/08/15 13:29:41 | 000,293,376 | ---- | C] () -- C:\Users\Adam\Desktop\gmer.exe
[2010/07/29 12:17:09 | 000,000,951 | ---- | C] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2010/07/29 12:17:09 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2010/07/27 18:20:53 | 000,001,714 | ---- | C] () -- C:\Users\Adam\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/27 18:20:53 | 000,001,690 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/07/27 13:12:47 | 000,000,036 | ---- | C] () -- C:\Users\Adam\AppData\Local\housecall.guid.cache
[2010/07/27 13:03:57 | 000,002,481 | ---- | C] () -- C:\Users\Adam\Desktop\HiJackThis.lnk
[2010/07/27 01:21:41 | 000,003,104 | ---- | C] () -- C:\Users\Adam\Documents\cc_20100727_012138.reg
[2010/07/26 23:08:24 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/26 19:14:04 | 000,002,400 | ---- | C] () -- C:\Users\Adam\Documents\cc_20100726_191402.reg
[2010/07/25 17:11:20 | 000,210,264 | ---- | C] () -- C:\Users\Adam\Documents\cc_20100725_171117.reg
[2010/07/25 11:45:35 | 000,028,176 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll
[2010/07/25 11:45:35 | 000,015,224 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe
[2010/07/25 11:36:10 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/07/22 12:00:54 | 000,766,976 | ---- | C] () -- C:\Windows\System32\drivers\jcbggfvh.sys
[2010/06/20 18:33:14 | 000,000,991 | ---- | C] () -- C:\Windows\EFXP.ini
[2010/06/19 22:18:14 | 000,000,982 | ---- | C] () -- C:\Windows\EF.ini
[2010/06/07 18:44:52 | 000,000,092 | ---- | C] () -- C:\Users\Adam\AppData\Local\fusioncache.dat
[2010/05/30 10:52:16 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/05/30 10:47:05 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/04/03 18:35:16 | 000,000,270 | ---- | C] () -- C:\Windows\SStylerPro.ini
[2009/09/10 17:50:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/24 22:04:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/09 09:55:58 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2009/01/20 17:00:41 | 000,000,385 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/01/19 15:52:32 | 000,000,366 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\wklnhst.dat
[2009/01/18 18:47:46 | 000,870,128 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\mcs.rma
[2009/01/18 18:47:46 | 000,000,004 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\1EBE0A
[2009/01/05 11:14:46 | 000,000,110 | ---- | C] () -- C:\Windows\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
[2008/12/07 01:04:17 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/11/29 23:02:44 | 000,000,033 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.log
[2008/11/29 23:02:19 | 000,087,608 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\ezpinst.exe
[2008/11/29 23:02:19 | 000,007,824 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.cat
[2008/11/29 23:02:19 | 000,001,144 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\pcouffin.inf
[2008/11/28 00:52:08 | 000,237,568 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/28 00:40:11 | 000,012,800 | ---- | C] () -- C:\Windows\System32\EKDeviceServices.dll
[2008/11/27 20:27:37 | 000,131,160 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\UserTile.png
[2008/11/27 20:08:07 | 000,002,708 | ---- | C] () -- C:\Users\Adam\AppData\Local\d3d9caps.dat
[2008/11/24 21:36:38 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/24 21:36:36 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/11/24 16:32:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/11/06 10:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 10:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 10:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 10:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/03/20 01:13:03 | 000,000,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/03/20 01:02:48 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/03/20 01:02:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008/01/20 20:23:20 | 000,034,360 | ---- | C] () -- C:\Windows\System32\drivers\mouclass.sys
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/02/05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/15 12:35:56 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005/07/15 12:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll

========== LOP Check ==========

[2009/02/23 21:23:34 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Alloysoft
[2009/02/12 17:05:01 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Amaranth Games
[2008/12/18 19:58:41 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Anonymizer
[2009/02/18 14:56:03 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Ashtons. Family Resort
[2009/09/21 19:21:28 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Babylonia
[2009/02/04 16:52:49 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\BeachPartyCraze
[2009/01/23 13:48:03 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\blg
[2010/02/28 17:04:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Boomzap
[2009/06/16 21:08:03 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DonationCoder
[2009/01/25 23:11:38 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\GameInvest
[2010/03/21 16:53:47 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\GARMIN
[2009/02/11 15:40:06 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2009/01/06 20:50:02 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Gogii Games
[2009/12/13 20:28:33 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Ideazon
[2008/12/18 12:33:17 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ImgBurn
[2009/11/22 22:52:15 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\IObit
[2009/02/11 10:27:26 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Jane s Hotel Family Hero
[2008/11/27 20:14:44 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Leadertech
[2009/01/26 22:50:43 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Ludia
[2009/10/22 23:47:58 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Maxthon2
[2009/02/22 22:45:25 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Meda MP3 Joiner 1.2
[2010/06/13 22:42:55 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Mind Control Software
[2009/09/08 00:21:48 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\MobMapUpdater
[2008/11/29 22:00:27 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\muvee Technologies
[2009/10/22 20:43:59 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\MxBoost
[2010/07/26 19:20:01 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\NCH Swift Sound
[2009/02/21 13:27:45 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Oberon Games
[2010/05/17 22:10:43 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\OpenOffice.org
[2010/02/28 14:01:23 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\PlayFirst
[2008/11/29 13:46:31 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Pogo Games
[2010/07/27 19:39:33 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Red Kawa
[2010/07/10 19:08:55 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\RiffTrax
[2009/11/07 11:07:27 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\runic games
[2010/05/29 16:34:05 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Skinux
[2010/04/11 16:09:30 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Stardock
[2009/01/19 15:52:37 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Template
[2010/03/05 08:30:40 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\TreeCardGames
[2010/06/07 18:45:46 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Turbine
[2009/01/01 19:20:10 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Valusoft
[2008/11/30 01:58:30 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Video DVD Maker FREE
[2009/02/16 23:31:19 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ViquaSoft
[2008/11/30 00:37:07 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Vso
[2008/11/28 01:47:55 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\WildTangent
[2008/11/28 21:36:29 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\WinBatch
[2010/03/28 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\XWindows Dock
[2010/01/21 21:49:14 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\yess
[2009/02/18 15:52:41 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Youdagames
[2010/08/19 19:05:25 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/21 19:01:54 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BF955419-3C2E-4DC3-86C2-CE8E1953218C}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/03/20 01:22:49 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/06/20 16:01:23 | 062,574,570 | ---- | M] () -- C:\backup.dpb
[2009/01/20 22:55:08 | 058,813,169 | ---- | M] () -- C:\backup.dpb.bak
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/03/20 01:53:35 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/08/18 21:24:37 | 000,025,095 | ---- | M] () -- C:\combofix1.txt
[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/02/10 00:38:14 | 000,009,908 | ---- | M] () -- C:\coreuninstall.log
[2010/05/29 16:30:11 | 000,000,045 | ---- | M] () -- C:\error.log
[2001/09/05 22:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2010/08/20 15:27:09 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/10 00:56:45 | 000,000,164 | ---- | M] () -- C:\install.dat
[2008/11/30 11:58:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/27 20:11:26 | 000,219,168 | ---- | M] () -- C:\khalinstall.log
[2008/11/30 11:58:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/11/22 09:43:04 | 000,000,023 | ---- | M] () -- C:\nxsystem.cfg
[2010/08/20 15:27:07 | 2459,705,344 | -HS- | M] () -- C:\pagefile.sys
[2009/02/01 20:26:01 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG1
[2009/02/01 20:26:01 | 000,000,000 | -H-- | M] () -- C:\ProgramData.LOG2
[2008/11/29 01:47:50 | 000,000,574 | ---- | M] () -- C:\RHDSetup.log
[2009/02/21 03:47:32 | 000,000,000 | ---- | M] () -- C:\snatch_log.txt
[2010/07/26 21:42:32 | 000,063,584 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_26.07.2010_21.39.05_log.txt
[2010/07/26 22:12:23 | 000,061,848 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_26.07.2010_22.09.37_log.txt
[2010/07/27 18:03:40 | 000,124,704 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_27.07.2010_13.34.54_log.txt
[2010/07/28 17:34:40 | 000,062,328 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_28.07.2010_17.33.56_log.txt
[2010/07/28 17:39:48 | 000,063,006 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_28.07.2010_17.38.50_log.txt
[2008/11/29 01:49:44 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log
[2010/07/22 12:00:48 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/11/02 06:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/13 09:20:35 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2009/07/31 14:58:00 | 000,192,512 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
[2006/11/02 06:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 00:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 00:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2010/07/19 09:52:26 | 000,028,176 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\wrLZMA.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 21:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 21:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 21:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 00:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 20:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 03:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-29 18:35:02

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:19C3BC3A
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:6BD304B9
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:7F4DB476
@Alternate Data Stream - 500 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:D4D3884D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:A636021B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:C43BFB01
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5F1019FF
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:59846E5E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:35A81752
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D8DB81DC
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E5294695
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:0C988F7D
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:1D9ED8F7
< End of report >
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut
Advertisement
Register to Remove

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 21st, 2010, 9:25 pm

Extras.txt


OTL Extras logfile created on: 8/21/2010 6:58:58 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Adam\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.59 Gb Total Space | 77.47 Gb Free Space | 34.65% Space Free | Partition Type: NTFS
Drive D: | 9.29 Gb Total Space | 1.23 Gb Free Space | 13.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.89 Gb Total Space | 1.39 Gb Free Space | 73.90% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 931.28 Gb Total Space | 785.87 Gb Free Space | 84.39% Space Free | Partition Type: FAT32

Computer Name: ADAM-PC
Current User Name: Adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B0F959C-AEF5-4FFF-A940-0130C74FEBA2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14568509-2267-4615-9422-393DE80FF223}" = lport=138 | protocol=17 | dir=in | app=system |
"{22FB66F5-6C14-4F56-97F8-A5D97ADB9894}" = rport=445 | protocol=6 | dir=out | app=system |
"{2A6232CF-8470-4278-BFF1-238DD5F9BECB}" = lport=445 | protocol=6 | dir=in | app=system |
"{2EE07C29-5D39-4063-99D8-A91B707C511C}" = lport=137 | protocol=17 | dir=in | app=system |
"{3357A057-5D27-4104-AAEC-E32F754F9225}" = lport=6886 | protocol=6 | dir=in | name=blizzard downloader |
"{3CFE84F5-262E-4287-B7A8-19EE1472CA98}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C7EADE4-0561-4BAA-844A-43555941D8ED}" = lport=6889 | protocol=6 | dir=in | name=blizzard downloader |
"{4E3CA08B-4868-4C87-9BFC-E3BA7FC1C2DB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{560A39C6-9367-4C87-881B-46F1F49138A9}" = rport=139 | protocol=6 | dir=out | app=system |
"{5E15DEC4-2FDC-4CDA-9C83-158891261110}" = rport=137 | protocol=17 | dir=out | app=system |
"{60730689-7EEC-4FEB-94C8-43C178C2154A}" = lport=6882 | protocol=6 | dir=in | name=blizzard downloader |
"{6C398A80-0039-4FC0-9C98-4D9CA168B9B6}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader |
"{7A0C95D8-3D53-4C22-BDF1-CBA578A50F92}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80865D9B-2E5B-4EAD-853C-F6C29305CE9A}" = lport=6888 | protocol=6 | dir=in | name=blizzard downloader |
"{81EF40A3-3956-4DF8-9FD5-C31A4D18CE78}" = rport=10243 | protocol=6 | dir=out | app=system |
"{86934FE8-B9F7-48F2-91CF-85B15704E200}" = lport=6887 | protocol=6 | dir=in | name=blizzard downloader |
"{87A9688E-DAD2-4112-A6FE-EDCED3B37E72}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92169A55-0B9F-47FB-9886-C7899A21F7F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{95F7ACA8-1479-439D-9828-871674F55E7C}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader |
"{9A993BC9-FA0A-4EE8-8D7F-828BADAAAB90}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A068FA88-614F-4EDC-A812-35E8C20DFFCF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2653055-3AA9-4E5E-B728-25DD0D445F71}" = lport=8080 | protocol=6 | dir=in | name=vlc media player |
"{A3DEE191-4FCE-4BF8-A166-CAB7E47C89EB}" = rport=138 | protocol=17 | dir=out | app=system |
"{ADCB463A-4E31-42F2-BA0F-0727C7CE190D}" = lport=6885 | protocol=6 | dir=in | name=blizzard downloader |
"{BF365F05-22FE-4F16-B06E-1BC474D63326}" = lport=6884 | protocol=6 | dir=in | name=blizzard downloader |
"{C044590B-24A2-4D80-B3C5-F0D82997A607}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C4864EED-7918-43C5-B9C8-DB3866AF7E61}" = lport=41525 | protocol=6 | dir=in | name=utor1 |
"{D0981FE2-C98D-48F9-8EBA-F3C7FDE3B775}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader |
"{E52B9D0B-E82E-46B1-86A3-9FD95FE8E3B4}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{E73610ED-983F-489E-9743-5C0209D0C2B6}" = lport=139 | protocol=6 | dir=in | app=system |
"{E7F62604-67DC-4C6E-BC17-70359BA59746}" = lport=6890 | protocol=6 | dir=in | name=blizzard downloader |
"{ECFF8D3D-CBF8-4EB2-9B60-21305A5E3ACA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F3BAFA92-4DB3-4BA8-AE72-C92ACEF8CC42}" = lport=6883 | protocol=6 | dir=in | name=blizzard downloader |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B68394-6D26-4CA1-ADF1-A7A377DAEC17}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{02055229-8259-4F3F-B796-FD4E92C48C5E}" = protocol=17 | dir=in | app=c:\program files\sightspeed\sightspeed.exe |
"{028873B0-245D-4625-A5D4-6DC2660962B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{02BBD860-61AF-4767-B8BF-6D4A8B904A13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{04B2E2EC-29C8-405C-959F-D497A464E975}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.4.3-to-3.0.2-enus-win-final-downloader.exe |
"{05593316-BEDA-487F-8350-6BC12AD3FFEE}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{05EFC512-FE74-4EA3-9F88-CADE8E56F5D4}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{060B066E-4E5A-459D-9259-BAB771AB89E9}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
"{06905946-AB80-420B-85D0-5C6793361370}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{079BA40A-BC22-4C94-960B-C35E3BC2AE5D}" = protocol=17 | dir=in | app=c:\ut2004\system\ut2004.exe |
"{09240517-C5D0-4FF6-88C5-AA9C474F6B53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0A8F7342-5316-47A4-8CB8-6D6574D4E53C}" = protocol=6 | dir=in | app=c:\ut2004\system\ut2004.exe |
"{141F248F-EE03-46DC-80F7-A30781C62063}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{1ABDF049-62CD-450E-8D2E-78738A6237A9}" = protocol=6 | dir=out | app=system |
"{1AD6F6A6-4195-44D9-8925-6400DEF7C7F2}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe |
"{1D726BC8-8CD7-4DA4-82FE-F58539BC92AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1FF82E21-F412-44A2-88A8-C4B2F222A979}" = protocol=6 | dir=in | app=c:\users\adam\appdata\roaming\maxthon2\maxthon.exe |
"{237A28D8-1E69-4210-B14B-EB65C4045128}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{244C4382-AF0A-4F2B-977D-39AAF81E8D8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27C53C11-F376-4998-A356-5846A3666DF8}" = protocol=6 | dir=in | app=c:\program files\7-zip\7zfm.exe |
"{2815A066-E7C6-448D-8C12-1701AD490793}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2889F607-E7B6-4F63-B26F-7AE9E2801D35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2C6877CC-F265-4F52-8B60-479DD685C8A7}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{2C6DC0FD-4F74-4821-8AEA-9BA977F90F67}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{2F4DB37F-A56A-46B7-A6AF-98FD3E9A4A8B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3045640E-0F90-4504-93DF-F9F683C5863A}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{3061146F-CA63-4568-8A0E-DF61BA837E2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3135557E-6026-49B2-B720-CCC09D1A2E74}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{3451AF84-2123-442C-8457-1DEE7D1330A4}" = protocol=17 | dir=in | app=c:\users\adam\appdata\roaming\maxthon2\maxthon.exe |
"{39D64AF6-74E3-4D6D-A56C-3C7642E930F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3A96D6C6-ADBA-46D8-A2D9-BB36BC7A9CD3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3D175AA6-DAB3-4BBB-8F47-52FFD5A6D60B}" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"{3D29B4D4-2A7F-4AF6-A3B9-1CD8D6213192}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{3DA622BD-B5C6-4806-AD8F-5D7456CCC392}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{406656EF-2E65-4AAC-B557-323D224029D6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4304DF5F-25AE-4EF9-8960-673BD6519516}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-enus-downloader.exe |
"{460DBE94-63B5-49E5-A763-53031C0B3939}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{47DA494D-4EEB-41A7-A90B-CBA10BE6551B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{47DA5FD9-7508-4499-A448-A5CFA1DCAF5E}" = protocol=17 | dir=in | app=c:\program files\7-zip\7zfm.exe |
"{483C8886-EE7D-4C96-BD96-0F9B5BF90FE3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4C2248A5-02A5-4000-A4A5-BC249C8F3F72}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{4DC8CADB-CDF2-4D45-A28E-9AD65CC36FEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F6B0B0A-5C23-4175-9AB9-97CBEF3E05FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4F6B8E22-ABAB-4249-A209-2A8E3F9C574B}" = protocol=17 | dir=in | app=c:\users\adam\desktop\utorrent-1.8.2.upx.exe |
"{54BA1E3D-FFAB-4F45-AE6D-82D51D68F400}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{54F39E1B-0CEF-47D7-8885-BD31CCC28F8B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{550860ED-0068-4771-9970-2A4A0BDF8AD0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{571749D6-B159-4147-9BFA-24B552CCCB70}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{5729CD29-7082-463A-930B-84B1E10D9FA8}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{574BAE36-9801-4158-8677-933C4DA529BF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{59F90B00-9126-4435-95D6-6337DD514F88}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{5CFB2BB8-EE17-4DD4-BDDB-9FF8202D24A3}" = protocol=6 | dir=in | app=c:\program files\thoosje vista tweaker\vista tweaker.exe |
"{5FF09291-B3F9-4E47-A470-052A41ECDD38}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61D718FD-1571-42CC-948D-C8B578CE8EE9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{663AFC6E-E6F7-4FBA-9121-FAF7C2654F68}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{66D981F5-EE27-4895-9E77-5E6FADEC71DE}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{67860565-6DAE-43E8-8852-DFE5CA529E19}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{682700DB-399D-4ED5-A405-27AA5FC74E76}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{683F44B6-E4EC-483A-93C5-D7419BF1351E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{68AA5A87-9CE3-4B98-AFB3-94B095247F78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{69446069-D0D6-4F20-9A70-567C2DD49377}" = protocol=6 | dir=in | app=c:\program files\sightspeed\sightspeed.exe |
"{6F088557-BDEF-42A5-A73A-DD97EAD5B79C}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{709A4C6C-570A-4565-9BBD-76D4F190363D}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{71B3F649-AA1D-42D7-AA77-9F601EA22939}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{72DFD863-00FC-40B9-BCEB-48631F585405}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C981873-4542-464C-B620-ECFCF82F9F0D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-enus-downloader.exe |
"{7DFFD475-705D-4934-B397-9DA8032B8370}" = protocol=6 | dir=in | app=c:\users\adam\appdata\local\temp\wzse0.tmp\symnrt.exe |
"{8940ECDB-AC26-4C9D-A885-45403423C613}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8DF4C73B-461E-4D56-BAF5-DFC1895D2ACB}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{8E6A6F79-5E51-4F09-887E-A9042B29457C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FBC2FEC-0C5C-4312-9345-7518B4B819E7}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{9105AAA5-8738-4CB7-9188-FDA6F4F4C7A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{920E2543-134C-48F3-824E-8330EAFF5563}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9280B25B-05B6-4922-B1C9-F6C600140B0B}" = protocol=6 | dir=in | app=c:\users\adam\desktop\utorrent-1.8.2.upx.exe |
"{93392191-0C59-4326-B1C9-C39E12AE4F32}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe |
"{93787E1E-634E-43E4-AA0F-7033ACCA8AC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93FDBA53-B604-4A7C-880C-35B7C6B816B6}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{95DCC472-01E1-4F02-987B-93C185C7C754}" = protocol=17 | dir=in | app=c:\users\adam\appdata\local\temp\wzse0.tmp\symnrt.exe |
"{970B6B84-FBBB-47D1-B485-1F39D91D2F4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98E1522C-DA62-49FC-AA65-2A9081AEF0EB}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{99BC6EE4-7F4E-4E72-9101-E5BD9EC65BC0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A05E12EA-BFB4-44A7-B003-EAA71E82CF15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A08364A4-862D-46A8-9E05-51FE9CE0CFBA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A088FA4A-D91C-4F59-87EC-A77EC1CCD36F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A22C2384-B20C-4982-BA26-D8171C313250}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A8520991-F67D-4B6E-A95E-13550576E842}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.4.3-to-3.0.2-enus-win-final-downloader.exe |
"{A91E3F74-ACB0-482E-B09A-028208E0C7AF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A940BE3C-8631-4FA5-AC2F-ADB0F335A6B2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-enus-downloader.exe |
"{AC725311-B567-4D11-8935-0FCDB331E76B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AD8DBEEF-0FE2-4558-95AA-EDD7D21E5A90}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{B051FC4D-7EF9-42BC-B8CE-B2287AF03B51}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-enus-downloader.exe |
"{B14E97C5-B5CB-413F-8CCD-2B82BAD59BDC}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B2C6B9CB-C6C1-42E3-AB59-9115FE48CDF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B3700F01-44F7-4F33-A37B-633C1654667F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC2AA8A6-5D8A-496B-AF81-8AF94CFB5653}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{BDF69AF1-513F-4ED8-A6A5-133302DAB530}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C0DD8129-F291-4730-9055-AE4E1CE4CD45}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C6988E3B-4B5E-4781-91B0-54ECFD59D5CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C8236922-A1BC-4BDA-8D6F-3C5F08D9C1BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CAA65A9F-CE26-4077-8753-0A503E65F6A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CEA999E8-A195-4568-91E7-363A0620C0C0}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{CF71A959-D46C-4FEA-AF8F-28866B894B2C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D27CC267-DAEB-4BD3-9430-DF3E2D343BE1}" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"{D38C90DF-DAF9-4D77-8702-264856180F31}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{D63CE307-B41F-455A-982F-185C734F13F9}" = protocol=17 | dir=in | app=c:\program files\thoosje vista tweaker\vista tweaker.exe |
"{D8195EB6-72A2-4F79-A037-2DE27E57971C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-enus-downloader.exe |
"{D95CD9A6-C9D5-4CDE-953F-2F45704BC7B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0AFBED5-D2E4-48A0-8C73-BEFFE1EF2EEF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6576B95-FDEC-46F2-B909-FFB079054E76}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{EC9E4BC6-29D7-4EE8-837B-E0301CE03EDF}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{ED801470-8577-4156-A6F0-5F975A78F1B1}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EDD4E0E0-F6C1-44CF-A9CF-F79B49A32198}" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"{F0F6F746-43B9-4276-BFF7-310BE6F03C42}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{F1060764-71A3-4620-8D6C-6C5072C21BC9}" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe |
"{F33F558A-59A5-4861-87F1-F1F46D085C58}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F3CB635F-8E9D-43B9-B7E0-53917CB399E4}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-enus-downloader.exe |
"TCP Query User{082AA8CF-002D-4BD5-9988-D15E3621F2C9}C:\program files\raven\star trek voyager elite force\stvoyhm.exe" = protocol=6 | dir=in | app=c:\program files\raven\star trek voyager elite force\stvoyhm.exe |
"TCP Query User{10206D30-2EC8-4C92-A54C-2C910B612AFB}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{28BC7871-76A4-4D90-8146-15D38F66E4D4}C:\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft public test\launcher.exe |
"TCP Query User{2D41985C-286A-4170-9AF3-7911561ECDFA}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{2F2AE769-D26B-4C8C-B03D-8FCC48F42BF9}C:\program files\unreal tournament 3\binaries\ut3.exe" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe |
"TCP Query User{32F2FA97-406C-4B4A-95A9-F8ABD266A9F9}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"TCP Query User{41621115-5880-4662-B271-4EA88EB29886}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{43FD9C99-4D90-449C-95D3-F2D92245666C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{4C02A55A-1252-4B4A-8596-4A0ADDDB7F13}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{4F1C624B-FDAB-44A9-A8EC-16A3061D9285}C:\program files\java\jre6\launch4j-tmp\stanza.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\stanza.exe |
"TCP Query User{541528BD-0656-4C48-925B-61486A803080}C:\program files\snatch_server\winsnatch.exe" = protocol=6 | dir=in | app=c:\program files\snatch_server\winsnatch.exe |
"TCP Query User{66AA0D70-86C8-4499-898F-5DD7978241E4}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{6A705F7E-B179-4A27-ACF0-2FDA334841A0}C:\program files\signal\signal.exe" = protocol=6 | dir=in | app=c:\program files\signal\signal.exe |
"TCP Query User{7DA8B2BC-7EBF-44A8-B637-C97CEA2EF73D}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"TCP Query User{82D7124F-CCFF-471C-8592-6FCC9CD8CC07}C:\program files\microsoft games\mechwarrior vengeance trial\mw4.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\mechwarrior vengeance trial\mw4.exe |
"TCP Query User{8D33C598-2D42-40E2-BB12-639A144AE14A}C:\program files\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"TCP Query User{91A1E1B5-9D76-4A67-9A28-440E2BF7F79D}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{975C4457-2AA9-4CD6-8D5F-1C75869C5FEC}C:\users\adam\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe" = protocol=6 | dir=in | app=c:\users\adam\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe |
"TCP Query User{994C83B0-7BD5-4DCF-A92C-6BD0995144E9}C:\program files\graboid\graboidvideo\1.5.0.0\graboidclient.exe" = protocol=6 | dir=in | app=c:\program files\graboid\graboidvideo\1.5.0.0\graboidclient.exe |
"TCP Query User{D70C429B-6E28-48E9-A807-1AD1939F8C90}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"TCP Query User{D9244F13-E53E-4BBC-8A04-C8D4F41E5A5D}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{EE1A470B-1C6A-4E3A-81E7-DE87F808CCA9}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{09C5E5D4-E474-4802-B2B2-BFD39CAFE841}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{0B0CF250-A490-4480-9C67-C6570828B270}C:\program files\microsoft games\mechwarrior vengeance trial\mw4.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\mechwarrior vengeance trial\mw4.exe |
"UDP Query User{0DA9B476-3D07-4E44-A1EF-7E7B65CC4D46}C:\program files\graboid\graboidvideo\1.5.0.0\graboidclient.exe" = protocol=17 | dir=in | app=c:\program files\graboid\graboidvideo\1.5.0.0\graboidclient.exe |
"UDP Query User{16F64BE7-E099-470E-875D-46BE0A190BE3}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{1A5D2D9C-8A5D-454C-84B0-3193D54AD0CD}C:\program files\snatch_server\winsnatch.exe" = protocol=17 | dir=in | app=c:\program files\snatch_server\winsnatch.exe |
"UDP Query User{1B98634F-00E5-4EC8-A12E-4CDFE9471B8E}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{2905281A-A2B0-4EF8-8196-DC75074D5DD1}C:\program files\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{379B8EDA-0146-4159-8C27-7CA249CBC3BC}C:\program files\java\jre6\launch4j-tmp\stanza.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\stanza.exe |
"UDP Query User{3D1D5367-7FBE-4574-9C36-0D37E77A93B4}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{428073A6-CFD9-4753-8F88-19E6537498CE}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{4DD72F9E-DF9F-4D6B-96C5-19B9B470C9BF}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{5FE1647B-6BF9-4424-83B3-245E1662D8DA}C:\program files\signal\signal.exe" = protocol=17 | dir=in | app=c:\program files\signal\signal.exe |
"UDP Query User{62835FB0-FC85-4569-973A-09C98919085B}C:\program files\raven\star trek voyager elite force\stvoyhm.exe" = protocol=17 | dir=in | app=c:\program files\raven\star trek voyager elite force\stvoyhm.exe |
"UDP Query User{659AC5D5-D4F3-4A0E-B19F-D1298DA694E1}C:\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft public test\launcher.exe |
"UDP Query User{736E7C08-8F97-4333-8086-5496B0E650A3}C:\program files\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"UDP Query User{75EE0B2D-F5D7-41D7-A820-DD319FD393AD}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{76B7D874-C85B-4413-BE8A-599ADAC9CFD8}C:\program files\unreal tournament 3\binaries\ut3.exe" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3\binaries\ut3.exe |
"UDP Query User{7F2380B3-1015-4E37-A7BE-B48EF16777F8}C:\users\adam\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe" = protocol=17 | dir=in | app=c:\users\adam\appdata\roaming\maxthon2\modules\mxdownloader\mxdownloadserver.exe |
"UDP Query User{8D914A0C-7AEC-4AC5-B611-86E692B53007}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |
"UDP Query User{BEA9C428-A5DD-4BA8-904F-4474D65A7990}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{E15CFE44-C215-446D-81EA-6B8262693AD8}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{E909C302-BF33-4184-8734-B186D3FAD49A}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0996C331-6DCB-4E38-A3EC-0A77ABAE1361}" = Help_CTR
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1
"{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1E2C3040-1331-4561-BAED-3A4A5E645D61}" = VLC iPhone Connection Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A97D5B3-A989-47E1-B207-1CA9E3635655}" = aioprnt
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BED0238-3A25-41AE-BC23-316914B5B048}" = aioocr
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4E5528BD-5079-4B7C-802C-80F9623F9846}" = RecipeMaster
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}" = Z Engine
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.2.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1681F-ADE1-461F-9F18-B7640507D395}" = ksdip
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{791E3D44-33D3-4446-82AD-5CD4B0169083}" = aiofw
"{79E41D91-BA1C-44B9-9358-48E598263ECF}" = center
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C84E006-D044-4441-A294-E318B147476C}" = VLC iPhone Connection Utility
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{843081BD-351F-46FC-8A17-517A0D9117A3}" = helptut
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D809E65-2088-4367-A169-D6DDDA78D6C6}" = Garmin Communicator Plugin with myGarmin Agent
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0AB2980-1FDD-4b6c-940C-FC87C84F05B7}_is1" = FlashCatch
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A1EFAC47-885A-4E74-AAA4-8B56B71B706A}" = Garmin City Navigator North America NT 2010.40
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C0251585-1BE8-4278-B3CB-964B6E01C59D}" = aioscnnr
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF055C57-A988-42E6-BDAF-E3D94C6973A8}" = LeapFrog Connect
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA2B455A-B0BE-4C5A-B73A-0615F37C81D5}" = Beowulf TM
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DC626A21-EDF1-40C7-8F2F-D2BA7535529F}" = helpug
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E1521F97-FDA4-460A-8A51-0F512552E42A}" = LeapFrog Didj Plugin
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F87F2E18-4720-4F97-B3E5-E930D649D92B}" = Mobile Mouse Server
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 4.61 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AviSynth" = AviSynth 2.5
"BFGC" = Big Fish Games: Game Manager
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Download Manager" = Download Manager 2.3.7
"DVDAlbum_is1" = DVD Album 1.2.1
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0044)
"ExpressBurn" = Express Burn
"FBReader for Windows XP" = FBReader for Windows XP
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"ImgBurn" = ImgBurn
"Impulse" = Impulse
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.6.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectDock Plus" = ObjectDock Plus
"ObjectDock Plus 2" = ObjectDock Plus 2
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
"PFConfig" = PFConfig 1.0.163
"Picasa 3" = Picasa 3
"Rhapsody" = Rhapsody
"Runic Games Torchlight" = Torchlight
"Signal" = Signal
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"ST6UNST #1" = Hero Editor V0.96
"Stanza" = Stanza
"Star Trek Voyager Elite Force" = Star Trek Voyager Elite Force
"Stardock MyColors" = Stardock MyColors
"SystemRequirementsLab" = System Requirements Lab
"UPCShell" = LeapFrog Connect
"UT2004" = Unreal Tournament 2004
"VLC Connection Utility_is1" = VLC Connection Utility 2.01
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WavePad" = WavePad Sound Editor
"Webroot Software" = Webroot Software
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"WTA-bc1a0225-a3b1-4000-aefd-f021a80d6601" = Barnyard Invasion

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"LastPass" = LastPass (uninstall only)
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 22nd, 2010, 7:21 am

Hi
My apologies again for the delay.... my work has been very busy.

A couple of things I'd like to check:
View Hidden Files & Folders Windows Vista
To view Hidden Files & Folders do the following:
Click Start
Open Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Yes to confirm
Click OK

Upload Files for Scanning
Go to VirusTotal & upload the following File/s for scanning.
  • Click Browse
  • Copy & paste the following File & Path in the text box next to File name: then click Open
    Code: Select all
    c:\windows\System32\wininit.exe
  • Click Send File
  • If confronted with two options, choose Reanalyse file now
  • Wait for scans to finish then copy & paste the URL from your browser address bar in your next reply
Kaspersky Online Scan
Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it
Go to Kaspersky website and perform an online antivirus scan
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply
Pictured tutorial if required.
This scan will take quite some time to update & scan, so be patient with it.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 22nd, 2010, 1:18 pm

ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 22nd, 2010, 1:33 pm

Attempting to Run the Kaspersky Online scan results in errors such as:

0 [ERROR: Logical error during update download]

and

Please establish an uninterrupted internet connection

whatever virus/bot is infesting my pc is causing my internet to stutter/disconnect/interrupt/and is being hijacked, so online scans are very tricky for me at this time.
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 23rd, 2010, 1:21 am

OK

Leave the Kaspersky scan. You have a relatively new infection & information is still filtering through on it. It infects critical system files such as the wininit.exe file I had you upload. It usually infects another. From the information I have seen that is usually explorer.exe
Upload Files for Scanning
Go to VirusTotal & upload the following File/s for scanning.
  • Click Browse
  • Copy & paste the following File & Path in the text box next to File name: then click Open
    Code: Select all
    C:\Windows\explorer.exe
  • Click Send File
  • If confronted with two options, choose Reanalyse file now
  • Wait for scans to finish then copy & paste the URL from your browser address bar in your next reply
Also do you have a Vista installation DVD?
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 23rd, 2010, 1:22 pm

http://www.virustotal.com/file-scan/rep ... 1282583926

No, Vista was pre-installed on this Walmart purchase, cd is not included. I do have a burned startup repair disk from an image file that i had to use recently to recover from a BSOD.
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 23rd, 2010, 7:47 pm

Hi

We need to replace the file wininit filein the recovery environment, so please do the following:

First open an elevated command prompt > Click Start then type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

Copy the contents of the code box > right click in the command window & select paste:
Code: Select all
copy c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe c:\

Then press Enter

You should see 1 file copied on the screen

Type exit to close the command window.

If you do not see 1 file copied do not continue, instead post back & let me know.

Now we need to boot into the Recovery Environment:

Tap F8 on startup & select Repair your computer from the list of startup options.

If Repair your computer is not an option on the Advanced Startup menu, insert your Windows Vista dvd & restart the computer, then when prompted, select Repair your computer
  • Select your keyboard layout
  • Enter your username & password (if you use one)
  • Then the System Recovery Options menu comes up
  • Select Command Prompt
It will open to an x:\sources> prompt
(this may vary depending if you boot from cd or an installed RE)

At the X:\sources prompt type the following (taking note of the spaces):

ren C:\Windows\System32\wininit.exe wininit.old then press Enter

copy c:\wininit.exe c:\windows\system32\wininit.exe then press Enter

exit then press Enter

You should receive a message that "1 file" has been copied.

If you do not receive a message that 1 file has been copied, the file will need to be renamed back - type:
ren c:\windows\system32\wininit.old wininit.exe then press Enter
Then type exit, reboot the system normally and report this to me.)


Reboot Normally.

Now delete the copy of ComboFix you have & download it again:
Link 1
Link 2

Re-run ComboFix & post the log if it produces one. If it doesn't produce a log then look in the C:\Qoobox folder.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 24th, 2010, 12:04 am

Done

ComboFix 10-08-23.02 - Adam 08/23/2010 20:16:41.4.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1169 [GMT -6:00]
Running from: F:\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

-- Previous Run --

c:\windows\System32\wininit.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

--------

c:\windows\system32\wininit.exe . . . is infected!!

.
-------\Legacy_JCBGGFVH
-------\Service_jcbggfvh


((((((((((((((((((((((((( Files Created from 2010-07-24 to 2010-08-24 )))))))))))))))))))))))))))))))
.

2010-08-24 03:59 . 2008-01-21 02:23 96768 ----a-w- c:\windows\system32\wininit.exe
2010-08-24 02:35 . 2010-08-24 03:36 -------- d-----w- c:\users\Adam\AppData\Local\temp
2010-08-24 02:35 . 2010-08-24 02:35 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-24 02:35 . 2010-08-24 02:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-24 01:51 . 2008-01-21 02:23 96768 ----a-w- C:\wininit.exe
2010-08-23 09:06 . 2010-08-23 09:06 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-22 17:12 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-22 17:12 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-22 17:12 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-22 17:12 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-22 17:11 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-22 17:11 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-22 17:10 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-22 17:09 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-22 17:09 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-22 17:09 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-15 19:24 . 2010-08-15 19:24 -------- d-----w- C:\rsit
2010-07-31 21:55 . 2006-11-02 09:39 15821312 ----a-w- c:\windows\system32\imageres.dll
2010-07-31 21:49 . 2010-07-31 21:49 -------- dc----w- c:\programdata\{CFA6F4AE-B6D4-4F71-BBA4-ACFE805E7214}
2010-07-30 03:12 . 2010-07-30 03:20 -------- d-----w- C:\AdobeTemp
2010-07-29 18:17 . 2010-07-29 18:17 -------- d-----w- c:\users\Adam\AppData\Local\VS Revo Group
2010-07-29 18:17 . 2009-12-30 18:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-07-29 18:17 . 2010-07-29 18:17 -------- d-----w- c:\program files\VS Revo Group
2010-07-28 23:50 . 2010-07-28 23:50 -------- d-----w- c:\program files\Sophos
2010-07-28 00:21 . 2010-07-28 00:21 -------- d-----w- c:\users\Adam\AppData\Local\Mozilla
2010-07-27 19:36 . 2010-07-28 23:39 -------- d-----w- C:\TDSSKiller_Quarantine
2010-07-27 19:05 . 2008-03-02 09:28 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-07-27 19:03 . 2010-07-27 19:04 -------- d-----w- c:\program files\Trend Micro
2010-07-27 05:08 . 2010-07-27 05:08 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
2010-07-27 05:08 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 05:08 . 2010-07-27 05:08 -------- d-----w- c:\programdata\Malwarebytes
2010-07-27 05:08 . 2010-07-27 05:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-27 05:08 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-25 17:45 . 2010-06-17 20:49 45072 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2010-07-25 17:36 . 2010-07-25 17:36 -------- dc-h--w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}
2010-07-25 17:35 . 2010-07-31 01:23 -------- d-----w- c:\programdata\webroot

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 03:34 . 2010-05-30 16:47 34805 ----a-w- c:\programdata\nvModes.dat
2010-08-24 03:29 . 2010-07-22 18:00 766976 ----a-w- c:\windows\system32\drivers\jcbggfvh.sys
2010-08-23 09:28 . 2008-03-20 07:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-23 09:09 . 2008-03-20 07:26 -------- d-----w- c:\program files\Microsoft Works
2010-08-23 09:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-22 17:13 . 2010-08-22 17:13 -------- d-----w- c:\program files\VirusTotalUploader2
2010-08-22 16:51 . 2008-11-28 01:43 113368 ----a-w- c:\users\Adam\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-20 20:48 . 2008-12-12 03:50 -------- d-----w- c:\programdata\BVRP Software
2010-08-17 04:18 . 2009-01-05 01:05 -------- d-----w- c:\users\Adam\AppData\Roaming\Skype
2010-08-17 04:17 . 2009-01-05 01:06 -------- d-----w- c:\users\Adam\AppData\Roaming\skypePM
2010-08-13 00:37 . 2009-10-03 20:41 -------- d-----w- c:\program files\Microsoft
2010-08-12 23:17 . 2008-12-08 22:37 -------- d-----w- c:\programdata\Microsoft Help
2010-08-12 23:17 . 2008-12-09 03:30 -------- d-----w- c:\program files\Microsoft.NET
2010-08-12 23:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-08-10 02:09 . 2010-04-11 22:20 -------- d--h--w- c:\programdata\{358E2726-5129-4614-9175-3CAA96153DFA}
2010-08-10 02:09 . 2010-03-29 03:51 -------- d-----w- c:\program files\Common Files\Stardock
2010-07-31 21:50 . 2010-03-29 03:38 -------- d-----w- c:\program files\Stardock
2010-07-30 03:36 . 2008-11-29 21:21 -------- d-----w- c:\program files\EA GAMES
2010-07-30 03:17 . 2008-03-20 07:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-29 00:05 . 2009-01-04 21:24 -------- d-----w- c:\program files\MagicDisc
2010-07-28 23:59 . 2008-12-11 16:55 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-07-28 23:48 . 2009-02-24 07:20 -------- d-----w- c:\program files\Rising Research
2010-07-28 23:48 . 2009-07-16 00:37 -------- d-----w- c:\program files\Audiosurf
2010-07-28 01:40 . 2010-07-06 03:34 -------- d-----w- c:\program files\The Wonderful End of the World
2010-07-28 01:39 . 2009-02-22 02:20 -------- d-----w- c:\users\Adam\AppData\Roaming\Red Kawa
2010-07-28 01:38 . 2008-12-07 22:06 -------- d-----w- c:\program files\Xilisoft
2010-07-27 07:30 . 2010-07-22 18:00 -------- d-----w- c:\programdata\Update
2010-07-27 04:05 . 2008-12-07 03:55 -------- d-----w- c:\program files\Thoosje Vista Tweaker
2010-07-27 04:04 . 2009-01-16 02:14 -------- d-----w- c:\program files\NCH Swift Sound
2010-07-27 04:03 . 2009-06-23 01:42 -------- d-----w- c:\program files\MobMapUpdater
2010-07-27 04:03 . 2009-06-27 22:47 -------- d-----w- c:\program files\Graboid
2010-07-27 03:45 . 2008-01-21 02:23 34360 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-07-27 01:20 . 2009-01-16 02:19 -------- d-----w- c:\programdata\NCH Swift Sound
2010-07-27 01:20 . 2009-01-16 02:19 -------- d-----w- c:\users\Adam\AppData\Roaming\NCH Swift Sound
2010-07-26 18:40 . 2008-11-28 02:08 2708 ----a-w- c:\users\Adam\AppData\Local\d3d9caps.dat
2010-07-25 17:49 . 2009-02-08 22:23 -------- d-----w- c:\program files\Webroot
2010-07-25 17:17 . 2008-11-28 02:38 -------- d-----w- c:\programdata\Google Updater
2010-07-22 03:30 . 2008-11-28 02:38 -------- d-----w- c:\program files\Google
2010-07-12 05:58 . 2008-03-20 07:34 -------- d-----w- c:\programdata\WildTangent
2010-07-12 04:39 . 2008-11-28 07:42 -------- d-----w- c:\program files\WildGames
2010-07-11 01:11 . 2008-12-10 06:24 -------- d-----w- c:\program files\THQ
2010-07-11 01:08 . 2009-01-21 06:18 -------- d-----w- c:\users\Adam\AppData\Roaming\RiffTrax
2010-07-08 05:47 . 2010-07-08 05:47 -------- d-----w- c:\programdata\The Game Equation
2010-07-02 17:23 . 2008-11-28 07:06 -------- d-----w- c:\program files\iTunes
2010-07-02 17:21 . 2010-07-02 17:21 -------- d-----w- c:\program files\iPod
2010-07-02 17:21 . 2008-11-28 07:01 -------- d-----w- c:\program files\Common Files\Apple
2010-07-02 17:07 . 2010-07-02 17:07 -------- d-----w- c:\program files\Bonjour
2010-06-26 06:05 . 2010-08-22 17:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-22 17:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-22 17:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-22 17:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-17 20:49 . 2009-11-06 19:00 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2010-06-17 20:49 . 2009-11-06 19:00 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2010-06-08 00:44 . 2010-06-08 00:44 92 ----a-w- c:\users\Adam\AppData\Local\fusioncache.dat
2010-05-26 17:06 . 2010-06-11 01:59 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 01:59 289792 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-24 39408]
"Google Update"="c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-24 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2010-06-26 13312]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-07-31 1626112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent.exe" [2009-06-17 331776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-07 132760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-23 30192]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2010-07-19 1266336]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13683816]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2008-11-25 356352]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"MRT"="c:\windows\system32\MRT.exe" [2010-08-03 35962312]

c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2010-3-17 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GO333C~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e7,fc,7b,ce,88,34,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-23 30192]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-08-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 13:57]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 02:38]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 02:38]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1685170627-3577132848-81057928-1000Core.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-24 18:13]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1685170627-3577132848-81057928-1000UA.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-24 18:13]

2010-08-21 c:\windows\Tasks\HPCeeScheduleForAdam.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-03-20 19:10]

2010-08-23 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2008-02-29 00:57]

2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{BF955419-3C2E-4DC3-86C2-CE8E1953218C}.job
- c:\windows\system32\msfeedssync.exe [2010-08-22 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: {51528C4F-16C1-4022-82DB-286A6F480975} = 205.171.3.65,205.171.2.65
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\o02pp7t1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Adam\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-23 21:34
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP00000013D31B343F2C0BA298 524288 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\EDA5.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2820)
c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Stardock\MyColors\VistaSrv.exe
c:\program files\Stardock\MyColors\WBVista.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Kodak\printer\center\KodakSvc.exe
c:\program files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Trend Micro\RUBotted\TMRUBotted.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-08-23 21:50:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-24 03:50
ComboFix2.txt 2010-08-19 03:20

Pre-Run: 85,512,880,128 bytes free
Post-Run: 83,880,275,968 bytes free

- - End Of File - - 20B7AA5ED93BC8655ED4318D63301744
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 24th, 2010, 1:23 am

Hi
DeFogger
Download DeFogger by jpshortstuff from here & save it to your desktop.
  • Right click DeFogger then choose Run as Administrator to run the tool
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A Finished! message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.

Before proceeding, ensure your Webroot Anti-virus & Windows Defender are properly disabled.

Please move ComboFix from your F:\ drive & place it directly onto your desktop.

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=52865
Collect::
c:\windows\system32\drivers\jcbggfvh.sys
DDS::
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Rootkit::
c:\windows\TEMP\TMP00000013D31B343F2C0BA298

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Referring to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
Update on how the computer is running / problems
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 24th, 2010, 9:06 pm

ComboFix 10-08-23.02 - Adam 08/24/2010 12:04:58.5.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1191 [GMT -6:00]
Running from: c:\users\Adam\Desktop\ComboFix.exe
Command switches used :: c:\users\Adam\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\windows\system32\drivers\jcbggfvh.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\jcbggfvh.sys

Infected copy of c:\windows\system32\wininit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\wininit.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-24 to 2010-08-24 )))))))))))))))))))))))))))))))
.

2010-08-24 18:23 . 2010-08-24 23:25 -------- d-----w- c:\users\Adam\AppData\Local\temp
2010-08-24 18:23 . 2010-08-24 18:23 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-24 18:23 . 2010-08-24 18:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-24 03:59 . 2008-01-21 02:23 96768 ----a-w- c:\windows\system32\wininit.exe
2010-08-24 01:51 . 2008-01-21 02:23 96768 ----a-w- C:\wininit.exe
2010-08-23 09:06 . 2010-08-23 09:06 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-22 17:12 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-22 17:12 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-22 17:12 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-22 17:12 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-22 17:11 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-22 17:11 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-22 17:10 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-22 17:09 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-22 17:09 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-22 17:09 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-15 19:24 . 2010-08-15 19:24 -------- d-----w- C:\rsit
2010-07-31 21:55 . 2006-11-02 09:39 15821312 ----a-w- c:\windows\system32\imageres.dll
2010-07-31 21:49 . 2010-07-31 21:49 -------- dc----w- c:\programdata\{CFA6F4AE-B6D4-4F71-BBA4-ACFE805E7214}
2010-07-30 03:12 . 2010-07-30 03:20 -------- d-----w- C:\AdobeTemp
2010-07-29 18:17 . 2010-07-29 18:17 -------- d-----w- c:\users\Adam\AppData\Local\VS Revo Group
2010-07-29 18:17 . 2009-12-30 18:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-07-29 18:17 . 2010-07-29 18:17 -------- d-----w- c:\program files\VS Revo Group
2010-07-28 23:50 . 2010-07-28 23:50 -------- d-----w- c:\program files\Sophos
2010-07-28 00:21 . 2010-07-28 00:21 -------- d-----w- c:\users\Adam\AppData\Local\Mozilla
2010-07-27 19:36 . 2010-07-28 23:39 -------- d-----w- C:\TDSSKiller_Quarantine
2010-07-27 19:05 . 2008-03-02 09:28 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-07-27 19:03 . 2010-07-27 19:04 -------- d-----w- c:\program files\Trend Micro
2010-07-27 05:08 . 2010-07-27 05:08 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
2010-07-27 05:08 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-27 05:08 . 2010-07-27 05:08 -------- d-----w- c:\programdata\Malwarebytes
2010-07-27 05:08 . 2010-07-27 05:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-27 05:08 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 23:24 . 2010-05-30 16:47 34805 ----a-w- c:\programdata\nvModes.dat
2010-08-24 23:21 . 2010-05-29 22:32 720 ----a-w- c:\programdata\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-08-23 09:28 . 2008-03-20 07:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-23 09:09 . 2008-03-20 07:26 -------- d-----w- c:\program files\Microsoft Works
2010-08-23 09:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-22 17:13 . 2010-08-22 17:13 -------- d-----w- c:\program files\VirusTotalUploader2
2010-08-22 16:51 . 2008-11-28 01:43 113368 ----a-w- c:\users\Adam\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-20 20:48 . 2008-12-12 03:50 -------- d-----w- c:\programdata\BVRP Software
2010-08-17 04:18 . 2009-01-05 01:05 -------- d-----w- c:\users\Adam\AppData\Roaming\Skype
2010-08-17 04:17 . 2009-01-05 01:06 -------- d-----w- c:\users\Adam\AppData\Roaming\skypePM
2010-08-13 00:37 . 2009-10-03 20:41 -------- d-----w- c:\program files\Microsoft
2010-08-12 23:17 . 2008-12-08 22:37 -------- d-----w- c:\programdata\Microsoft Help
2010-08-12 23:17 . 2008-12-09 03:30 -------- d-----w- c:\program files\Microsoft.NET
2010-08-12 23:16 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2010-08-10 02:09 . 2010-04-11 22:20 -------- d--h--w- c:\programdata\{358E2726-5129-4614-9175-3CAA96153DFA}
2010-08-10 02:09 . 2010-03-29 03:51 -------- d-----w- c:\program files\Common Files\Stardock
2010-07-31 21:50 . 2010-03-29 03:38 -------- d-----w- c:\program files\Stardock
2010-07-31 01:23 . 2010-07-25 17:35 -------- d-----w- c:\programdata\webroot
2010-07-30 03:36 . 2008-11-29 21:21 -------- d-----w- c:\program files\EA GAMES
2010-07-30 03:17 . 2008-03-20 07:23 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-29 00:05 . 2009-01-04 21:24 -------- d-----w- c:\program files\MagicDisc
2010-07-28 23:59 . 2008-12-11 16:55 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-07-28 23:48 . 2009-02-24 07:20 -------- d-----w- c:\program files\Rising Research
2010-07-28 23:48 . 2009-07-16 00:37 -------- d-----w- c:\program files\Audiosurf
2010-07-28 01:40 . 2010-07-06 03:34 -------- d-----w- c:\program files\The Wonderful End of the World
2010-07-28 01:39 . 2009-02-22 02:20 -------- d-----w- c:\users\Adam\AppData\Roaming\Red Kawa
2010-07-28 01:38 . 2008-12-07 22:06 -------- d-----w- c:\program files\Xilisoft
2010-07-27 19:03 . 2010-07-27 19:03 388096 ----a-r- c:\users\Adam\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-27 07:30 . 2010-07-22 18:00 -------- d-----w- c:\programdata\Update
2010-07-27 04:05 . 2008-12-07 03:55 -------- d-----w- c:\program files\Thoosje Vista Tweaker
2010-07-27 04:04 . 2009-01-16 02:14 -------- d-----w- c:\program files\NCH Swift Sound
2010-07-27 04:03 . 2009-06-23 01:42 -------- d-----w- c:\program files\MobMapUpdater
2010-07-27 04:03 . 2009-06-27 22:47 -------- d-----w- c:\program files\Graboid
2010-07-27 03:45 . 2008-01-21 02:23 34360 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-07-27 01:20 . 2009-01-16 02:19 -------- d-----w- c:\programdata\NCH Swift Sound
2010-07-27 01:20 . 2009-01-16 02:19 -------- d-----w- c:\users\Adam\AppData\Roaming\NCH Swift Sound
2010-07-26 18:40 . 2008-11-28 02:08 2708 ----a-w- c:\users\Adam\AppData\Local\d3d9caps.dat
2010-07-25 18:20 . 2009-06-23 01:42 325760 ----a-w- c:\users\Adam\AppData\Roaming\MobMapUpdater\MobMapUpdaterExternals.dll
2010-07-25 17:49 . 2009-02-08 22:23 -------- d-----w- c:\program files\Webroot
2010-07-25 17:36 . 2010-07-25 17:36 -------- dc-h--w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}
2010-07-25 17:17 . 2008-11-28 02:38 -------- d-----w- c:\programdata\Google Updater
2010-07-22 03:30 . 2008-11-28 02:38 -------- d-----w- c:\program files\Google
2010-07-19 19:06 . 2010-07-25 17:36 3198000 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\WRInstall.exe
2010-07-19 19:04 . 2010-07-25 17:27 383368 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\54E229FA\DE0A17F3\WRInstallProgressHelper.dll
2010-07-19 19:04 . 2010-07-25 17:27 433072 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\FA6F4296\DE0A17F3\WRSvcAssist.exe
2010-07-19 19:03 . 2010-07-25 17:27 1266336 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\B2785152\DE0A17F3\WRTray.exe
2010-07-19 19:01 . 2010-07-25 17:27 50984 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\C3BEFA\DE0A17F3\WRConsumerServicePS.dll
2010-07-19 18:59 . 2010-07-25 17:27 3019672 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\E3131F5C\DE0A17F3\WRConsumerService.exe
2010-07-19 18:53 . 2010-07-25 17:27 121856 -c--a-w- c:\programdata\{9A82E8DE-6B96-49B5-BA94-0EF3E3DE16D3}\OFFLINE\EA369C90\DE0A17F3\xmllite.dll
2010-07-12 05:58 . 2008-03-20 07:34 -------- d-----w- c:\programdata\WildTangent
2010-07-12 04:39 . 2008-11-28 07:42 -------- d-----w- c:\program files\WildGames
2010-07-11 01:11 . 2008-12-10 06:24 -------- d-----w- c:\program files\THQ
2010-07-11 01:08 . 2009-01-21 06:18 -------- d-----w- c:\users\Adam\AppData\Roaming\RiffTrax
2010-07-08 05:47 . 2010-07-08 05:47 -------- d-----w- c:\programdata\The Game Equation
2010-07-08 05:25 . 2008-11-29 05:06 2288360 ----a-w- c:\programdata\WildTangent\Game Console - WildGames\Downloads\en-us\Installers\SetupGamesClient.exe
2010-07-02 17:23 . 2008-11-28 07:06 -------- d-----w- c:\program files\iTunes
2010-07-02 17:21 . 2010-07-02 17:21 -------- d-----w- c:\program files\iPod
2010-07-02 17:21 . 2008-11-28 07:01 -------- d-----w- c:\program files\Common Files\Apple
2010-07-02 17:07 . 2010-07-02 17:07 -------- d-----w- c:\program files\Bonjour
2010-07-02 17:00 . 2010-07-02 17:00 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-26 06:05 . 2010-08-22 17:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-22 17:13 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-22 17:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-22 17:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-17 20:49 . 2010-07-25 17:45 45072 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2010-06-17 20:49 . 2009-11-06 19:00 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2010-06-17 20:49 . 2009-11-06 19:00 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2010-06-14 03:33 . 2010-04-11 21:43 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-14 03:18 . 2010-06-14 03:18 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-14 03:18 . 2010-06-14 03:18 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-14 03:18 . 2010-06-14 03:18 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-14 03:18 . 2010-06-14 03:18 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-06-14 03:17 . 2010-06-14 03:17 84062 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-06-14 03:17 . 2010-06-14 03:17 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-14 03:17 . 2010-06-14 03:17 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-06-14 03:17 . 2010-06-14 03:17 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-06-14 03:17 . 2010-06-14 03:17 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-14 03:17 . 2010-06-14 03:17 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-14 03:16 . 2010-06-14 03:16 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-14 03:16 . 2010-06-14 03:16 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-06-14 03:12 . 2010-04-11 21:41 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-06-14 03:11 . 2010-04-11 21:41 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-08 00:44 . 2010-06-08 00:44 92 ----a-w- c:\users\Adam\AppData\Local\fusioncache.dat
2010-06-04 23:58 . 2010-05-18 04:10 1 ----a-w- c:\users\Adam\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-29 22:15 . 2010-05-29 22:15 77824 ----a-w- c:\programdata\Kodak\EasyShareSetup\ess\bindbins\bindbins.exe
2010-05-29 22:15 . 2008-11-28 06:31 225280 ----a-w- c:\programdata\Kodak\EasyShareSetup\wtf\finish.exe
2010-05-29 22:15 . 2010-05-29 22:15 175104 ----a-w- c:\programdata\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe
2010-05-29 22:06 . 2010-05-29 22:06 45056 ----a-w- c:\programdata\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
2010-05-29 22:05 . 2008-11-28 06:11 225280 ----a-w- c:\programdata\Kodak\EasyShareSetup\wtf\start.exe
2010-05-29 22:05 . 2010-05-29 22:05 1187840 ----a-w- c:\programdata\Kodak\EasyShareSetup\$SETUP_1e0001_2ee2107a\EasyShrx.Dll
2010-05-29 22:05 . 2010-05-29 22:05 114688 ----a-w- c:\programdata\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.2.30.1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-24 39408]
"Google Update"="c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-01-24 133104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2010-06-26 13312]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-07-31 1626112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent.exe" [2009-06-17 331776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-07 132760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-23 30192]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2010-07-19 1266336]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13683816]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2008-11-25 356352]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"MRT"="c:\windows\system32\MRT.exe" [2010-08-03 35962312]

c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2010-3-17 471040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll" [2010-03-24 511344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GO333C~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\F:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e7,fc,7b,ce,88,34,ca,01

R1 tduasqbp;tduasqbp;c:\windows\system32\drivers\tduasqbp.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-23 30192]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\EDA5.tmp [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-11 42112]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-11-30 685816]
S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\printer\center\KodakSvc.exe [2008-02-29 18944]
S2 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [2008-11-06 582992]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2010-06-17 45072]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2010-07-19 3019672]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-08-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 13:57]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 02:38]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 02:38]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1685170627-3577132848-81057928-1000Core.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-24 18:13]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1685170627-3577132848-81057928-1000UA.job
- c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-24 18:13]

2010-08-21 c:\windows\Tasks\HPCeeScheduleForAdam.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-03-20 19:10]

2010-08-24 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2008-02-29 00:57]

2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{BF955419-3C2E-4DC3-86C2-CE8E1953218C}.job
- c:\windows\system32\msfeedssync.exe [2010-08-22 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {51528C4F-16C1-4022-82DB-286A6F480975} = 205.171.3.65,205.171.2.65
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9 ... ontrol.CAB
FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\o02pp7t1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Adam\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 17:24
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\EDA5.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3948)
c:\program files\Stardock\ObjectDockPlus2\ODMenu.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Stardock\MyColors\VistaSrv.exe
c:\program files\Stardock\MyColors\WBVista.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-08-24 17:38:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-24 23:37
ComboFix2.txt 2010-08-24 03:50
ComboFix3.txt 2010-08-19 03:20

Pre-Run: 81,275,170,816 bytes free
Post-Run: 91,183,632,384 bytes free

- - End Of File - - F268612EB5C7ACD37E260C056AF5E3A5
Upload was successful
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 24th, 2010, 9:45 pm

Hi

Just need to upload a couple more files before continuing:

Upload Files for Scanning
Go to VirusTotal & upload the following File/s for scanning.
  • Click Browse
  • Copy & paste the following File & Path in the text box next to File name: then click Open
    Code: Select all
    c:\program files\internet explorer\iexplore.exe
  • Click Send File
  • If confronted with two options, choose Reanalyse file now
  • Wait for scans to finish then copy & paste the URL from your browser address bar in your next reply
Please do the same for:
Code: Select all
C:\Program Files\Mozilla Firefox\firefox.exe
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 25th, 2010, 12:17 am

http://www.virustotal.com/file-scan/rep ... 1282709665

http://www.virustotal.com/file-scan/rep ... 1282709755

Still having webpage load failures and RUBotted is still reporting infections.
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut

Re: Bot infection, multiple viruses

Unread postby jmw3 » August 25th, 2010, 1:29 am

Hi

OK, ComboFix has been updated to deal with this, so hopefully one more run. It may delete the Firefox.exe file, so Firefox may have to be re-installed.
Delete the copy of ComboFix you have & download it again:
Link 1
Link 2
Don't run it just yet.

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=52865
Driver::
tduasqbp
Collect::
c:\windows\system32\drivers\tduasqbp.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Referring to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Bot infection, multiple viruses

Unread postby ihisatsu » August 25th, 2010, 9:58 am

Scanning now, will post soon
ihisatsu
Regular Member
 
Posts: 44
Joined: July 27th, 2010, 8:48 pm
Location: cedar city, ut
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware