Hey thanks for the help so far
.
Heres the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:07 PM, on 6/19/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\hp\support\hpsysdrv.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
C:\Users\sanhanin\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\hp\kbd\kbd.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\sanhanin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sanhanin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] C:\PROGRA~1\MICROS~3\Office14\GROOVEMN.EXE
O4 - HKCU\..\Run: [Google Update] "C:\Users\sanhanin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: OfficeSAS.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: S&end to OneNote -
res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 6555 bytes
And heres the ComboFix log:
ComboFix 09-06-18.02 - sanhanin 06/19/2009 12:47.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.894.460 [GMT -7:00]
Running from: c:\users\sanhanin\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *On-access scanning disabled* (Outdated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Sunbelt VIPRE *disabled* (Outdated) {9817B764-AE4E-4B29-AEE7-725B7A50BD48}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-4176474357-2021797294-3589835384-500
c:\$recycle.bin\S-1-5-21-517598597-2044576067-1855070888-1000
c:\$recycle.bin\S-1-5-21-517598597-2044576067-1855070888-500
C:\juxdjt.exe
c:\program files\podmena
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500\desktop.ini
c:\$recycle.bin\S-1-5-21-4176474357-2021797294-3589835384-500\desktop.ini
c:\$recycle.bin\S-1-5-21-517598597-2044576067-1855070888-1000\desktop.ini
c:\$recycle.bin\S-1-5-21-517598597-2044576067-1855070888-500\desktop.ini
c:\program files\podmena\podmena.dll
c:\program files\podmena\podmena.sys
c:\windows\zaponce53290.dat
D:\Desktop.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PODMENADRV
-------\Service_podmena
-------\Service_podmenadrv
((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.
2009-06-19 19:57 . 2009-06-19 19:57 -------- d-----w- C:\WTablet
2009-06-19 19:54 . 2009-06-19 19:57 -------- d-----w- c:\users\sanhanin\AppData\Local\temp
2009-06-19 18:56 . 2009-06-19 18:56 -------- d-----w- c:\users\sanhanin\AppData\Roaming\Nexon
2009-06-19 18:45 . 2009-06-19 18:45 -------- d-----w- c:\programdata\TuneUp Software
2009-06-19 18:41 . 2009-06-19 18:41 -------- d-----w- c:\users\sanhanin\AppData\Roaming\TuneUp Software
2009-06-19 18:40 . 2009-06-19 18:41 -------- d-----w- c:\program files\Windows MatriX Tune Up
2009-06-17 18:25 . 2008-01-19 07:34 15872 ----a-w- c:\windows\system32\hcrstco.dll
2009-06-16 18:22 . 2009-06-16 18:27 -------- d-----w- c:\program files\RegCure
2009-06-16 18:18 . 2009-06-16 18:18 -------- d-----w- c:\program files\Zone Labs
2009-06-16 18:18 . 2009-06-16 18:18 -------- d-----w- c:\programdata\CheckPoint
2009-06-16 18:17 . 2009-06-16 18:18 -------- d-----w- c:\windows\Internet Logs
2009-06-16 17:36 . 2006-11-02 09:39 15821312 ----a-w- c:\windows\system32\imageres.dll
2009-06-16 03:31 . 2009-06-16 03:31 -------- d-----w- c:\users\sanhanin\AppData\Roaming\WallpaperSS
2009-06-16 03:05 . 2009-06-17 18:49 -------- d-----w- c:\program files\MP3 WAV Converter
2009-06-16 01:33 . 2009-06-16 01:33 229888 ----a-w- c:\windows\system32\msshsq.dll
2009-06-15 22:09 . 2009-06-15 22:09 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-06-15 22:09 . 2009-06-15 22:09 -------- d-----w- c:\windows\PCHEALTH
2009-06-15 22:09 . 2009-06-15 22:09 -------- d-----w- c:\program files\Microsoft.NET
2009-06-15 22:09 . 2009-06-15 22:09 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-15 22:09 . 2009-06-15 22:09 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-15 22:08 . 2009-06-15 22:08 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-15 22:07 . 2009-06-15 22:07 -------- d-----w- c:\program files\Microsoft Analysis Services
2009-06-15 22:06 . 2009-06-15 22:06 -------- d-----w- c:\users\sanhanin\AppData\Local\Microsoft Help
2009-06-15 22:05 . 2009-06-15 22:14 -------- d-----w- c:\programdata\Microsoft Help
2009-06-15 22:04 . 2009-06-15 22:04 -------- d--h--r- C:\MSOCache
2009-06-15 03:27 . 2009-06-15 03:27 34816 ----a-w- c:\users\sanhanin\AppData\Roaming\Thinstall\LimeWire PRO 5.1.3\1000000900002i\mfpmp.exe
2009-06-15 03:27 . 2009-06-15 03:27 34816 ----a-w- c:\users\sanhanin\AppData\Roaming\Thinstall\LimeWire PRO 5.1.3\10000002c00002i\wmplayer.exe
2009-06-15 02:38 . 2009-06-19 18:37 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-15 02:36 . 2009-06-19 18:37 -------- d-----w- c:\programdata\Lavasoft
2009-06-14 23:22 . 2009-06-14 23:22 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-14 23:22 . 2009-06-14 23:22 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-14 23:22 . 2009-06-14 23:22 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-14 23:22 . 2009-06-14 23:22 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-14 23:22 . 2009-06-14 23:22 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-14 23:22 . 2009-06-14 23:22 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-14 23:22 . 2009-06-14 23:22 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-14 22:47 . 2009-06-14 22:47 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-06-14 22:47 . 2009-06-14 22:47 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 22:47 . 2009-06-14 22:47 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-14 22:46 . 2009-06-14 22:46 268800 ----a-w- c:\windows\system32\es.dll
2009-06-14 02:22 . 2007-07-23 16:23 21632 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2009-06-14 02:22 . 2007-07-23 16:23 19840 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2009-06-14 02:22 . 2007-07-23 16:23 12416 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2009-06-14 02:22 . 2009-06-14 02:22 -------- d-----w- c:\program files\LG Electronics
2009-06-14 02:22 . 2009-06-14 02:22 -------- d-----w- c:\program files\Verizon Wireless
2009-06-14 02:19 . 2009-06-14 02:19 -------- d-----w- c:\program files\BitPim
2009-06-14 01:53 . 2009-06-14 01:53 -------- d-----w- c:\program files\Audacity
2009-06-14 00:46 . 2009-06-14 00:46 34816 ----a-w- c:\users\sanhanin\AppData\Roaming\Thinstall\LimeWire PRO 5.1.3\1000000900003i\ipconfig.exe
2009-06-13 17:18 . 2009-06-13 17:19 -------- d-----w- c:\programdata\NVIDIA
2009-06-13 16:29 . 2009-06-13 17:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-13 16:29 . 2009-06-13 16:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-13 16:05 . 2009-06-19 18:37 -------- d-----w- c:\program files\Ace Utilities
2009-06-13 15:36 . 2009-06-13 15:36 223232 ----a-w- c:\windows\system32\SLC.dll
2009-06-13 15:36 . 2009-06-13 15:36 268288 ----a-w- c:\windows\system32\mcbuilder.exe
2009-06-13 15:36 . 2009-06-13 15:36 33280 ----a-w- c:\windows\system32\slwmi.dll
2009-06-13 15:36 . 2009-06-13 15:36 566784 ----a-w- c:\windows\system32\SLCommDlg.dll
2009-06-13 15:36 . 2009-06-13 15:36 351232 ----a-w- c:\windows\system32\SLUI.exe
2009-06-13 15:36 . 2009-06-13 15:36 186368 ----a-w- c:\windows\system32\SLLUA.exe
2009-06-13 15:36 . 2009-06-13 15:36 57856 ----a-w- c:\windows\system32\SLUINotify.dll
2009-06-13 15:36 . 2009-06-13 15:36 2605568 ----a-w- c:\windows\system32\SLsvc.exe
2009-06-13 15:36 . 2009-06-13 15:36 39936 ----a-w- c:\windows\system32\slcinst.dll
2009-06-13 15:32 . 2009-06-13 15:32 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-06-13 15:32 . 2009-06-13 15:32 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-06-13 15:32 . 2009-06-13 15:32 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-06-13 15:31 . 2009-06-13 15:31 441856 ----a-w- c:\windows\system32\win32spl.dll
2009-06-13 15:31 . 2009-06-13 15:31 37376 ----a-w- c:\windows\system32\printcom.dll
2009-06-13 15:30 . 2009-06-13 15:30 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-06-13 15:30 . 2009-06-13 15:30 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2009-06-13 15:29 . 2009-06-13 15:29 11776 ----a-w- c:\windows\system32\sbunattend.exe
2009-06-13 15:27 . 2009-06-13 15:27 290304 ----a-w- c:\windows\system32\drivers\srv.sys
2009-06-13 15:27 . 2009-02-11 19:48 109088 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2009-06-13 15:25 . 2009-06-13 15:25 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2009-06-13 15:25 . 2009-06-13 15:25 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2009-06-13 15:24 . 2007-11-08 00:31 1191936 ----a-w- c:\windows\RtlUpd.exe
2009-06-13 15:24 . 2007-07-25 16:33 135168 ----a-w- c:\windows\system32\SRSWOW.dll
2009-06-13 15:24 . 2006-12-13 17:30 339968 ----a-w- c:\windows\system32\SRSTSXT.dll
2009-06-13 15:24 . 2008-01-15 18:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe
2009-06-13 15:24 . 2009-06-13 15:24 315392 ----a-w- c:\windows\HideWin.exe
2009-06-13 15:24 . 2009-06-13 15:24 269824 ----a-w- c:\windows\system32\schannel.dll
2009-06-13 15:17 . 2009-06-13 15:17 -------- d-----w- c:\users\sanhanin\AppData\Roaming\WinBatch
2009-06-13 02:39 . 2009-06-13 02:39 -------- d-----w- c:\users\sanhanin\AppData\Roaming\GRETECH
2009-06-13 02:39 . 2009-06-13 02:39 -------- d-----w- c:\program files\GRETECH
2009-06-13 00:24 . 2008-04-26 22:14 58792 ----a-w- c:\windows\system32\wbload.dll
2009-06-13 00:24 . 2008-04-26 22:14 42672 ----a-w- c:\windows\system32\wbsys.dll
2009-06-12 22:41 . 2009-06-12 22:41 -------- d-----w- c:\program files\Trend Micro
2009-06-12 21:23 . 2009-06-12 21:23 -------- d-----w- c:\users\sanhanin\AppData\Roaming\Malwarebytes
2009-06-12 21:23 . 2009-05-26 20:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-12 21:23 . 2009-06-12 21:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-12 21:23 . 2009-06-12 21:23 -------- d-----w- c:\programdata\Malwarebytes
2009-06-12 21:23 . 2009-05-26 20:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-12 19:39 . 2009-06-12 19:39 -------- d-----w- c:\users\sanhanin\AppData\Roaming\AdobeUM
2009-06-12 19:39 . 2009-06-12 19:39 3072 ----a-w- C:\jyvuulhc.exe
2009-06-12 19:38 . 2009-06-12 19:38 179 ----a-w- C:\d45.bat
2009-06-12 19:38 . 2009-06-12 19:39 -------- d-----w- c:\users\sanhanin\AppData\Local\Adobe
2009-06-12 18:57 . 2009-06-12 18:57 -------- d-----w- c:\windows\Sun
2009-06-12 18:00 . 2009-06-12 18:00 -------- d-----w- c:\users\Administrator\AppData\Local\Hewlett-Packard
2009-06-12 18:00 . 2009-06-12 18:00 -------- d-----w- c:\users\Administrator\AppData\Roaming\Hewlett-Packard
2009-06-12 17:59 . 2009-06-12 21:12 72192 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-12 17:59 . 2009-06-12 17:59 -------- d-----w- c:\users\Administrator\AppData\Roaming\Sunbelt
2009-06-12 17:43 . 2009-05-13 15:23 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090612.003\NAVEX15.SYS
2009-06-12 17:43 . 2009-05-13 15:23 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090612.003\NAVEX32A.DLL
2009-06-12 17:43 . 2009-05-13 15:23 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090612.003\NAVENG.SYS
2009-06-12 17:43 . 2009-05-13 15:23 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090612.003\EECTRL.SYS
2009-06-12 17:43 . 2009-05-13 15:23 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090612.003\ECMSVR32.DLL
2009-06-12 17:43 . 2009-05-13 15:23 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090612.003\NAVENG32.DLL
2009-06-12 17:43 . 2009-05-13 15:23 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090612.003\ERASER.SYS
2009-06-12 17:43 . 2009-05-13 15:23 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20090612.003\CCERASER.DLL
2009-06-12 17:37 . 2009-06-12 17:44 -------- d-----w- c:\users\sanhanin\AppData\Roaming\Skype
2009-06-12 17:35 . 2009-06-12 17:35 -------- d-----w- c:\users\sanhanin\AppData\Roaming\Sunbelt
2009-06-12 17:35 . 2009-06-12 17:35 -------- d-----w- c:\programdata\Sunbelt
2009-06-12 17:33 . 2009-05-13 15:23 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp434d.tmp\NAVEX32A.DLL
2009-06-12 17:33 . 2009-05-13 15:23 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp434d.tmp\NAVENG.SYS
2009-06-12 17:33 . 2009-05-13 15:23 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp434d.tmp\NAVEX15.SYS
2009-06-12 17:33 . 2009-05-13 15:23 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp434d.tmp\NAVENG32.DLL
2009-06-12 17:33 . 2009-05-13 15:23 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp434d.tmp\EECTRL.SYS
2009-06-12 17:33 . 2009-05-13 15:23 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp434d.tmp\ECMSVR32.DLL
2009-06-12 17:33 . 2009-05-13 15:23 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp434d.tmp\ERASER.SYS
2009-06-12 17:33 . 2009-05-13 15:23 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp434d.tmp\CCERASER.DLL
2009-06-12 17:31 . 2009-06-12 09:16 1317 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\tmp1d6d.tmp\cur.scr
2009-06-12 17:29 . 2008-10-09 17:21 202928 ----a-w- c:\windows\system32\drivers\sbtis.sys
2009-06-12 17:29 . 2009-06-12 17:29 -------- d-----w- c:\program files\Sunbelt Software
2009-06-12 17:28 . 2009-06-12 17:28 -------- d-----w- c:\programdata\Stardock
2009-06-12 17:26 . 2007-06-05 18:26 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2009-06-12 17:25 . 2009-06-12 17:25 34816 ----a-w- c:\users\sanhanin\AppData\Roaming\Thinstall\LimeWire PRO 5.1.3\1000000600002i\verclsid.exe
2009-06-12 17:22 . 2009-06-17 18:30 -------- d-----w- c:\users\sanhanin\AppData\Roaming\LimeWire
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 17:32 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-18 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-18 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-18 18:47 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-18 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-18 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-18 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-18 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-18 18:45 . 2009-06-18 18:45 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-06-18 18:40 . 2006-11-02 10:32 101376 ----a-w- c:\windows\system32\ifxcardm.dll
2009-06-18 18:39 . 2006-11-02 10:32 79872 ----a-w- c:\windows\system32\axaltocm.dll
2009-06-16 01:33 . 2007-01-10 00:43 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 22:10 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-06-14 06:17 . 2009-06-12 17:58 -------- d-----w- c:\users\Administrator\AppData\Roaming\WTablet
2009-06-14 02:22 . 2007-01-10 00:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-14 02:22 . 2007-01-10 00:35 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-13 15:24 . 2007-01-10 00:35 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-06-13 15:24 . 2007-01-10 00:35 -------- d-----w- c:\program files\Realtek
2009-06-12 19:30 . 2007-01-10 00:49 -------- d-----w- c:\program files\Yahoo!
2009-06-12 19:29 . 2007-01-10 00:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-12 19:24 . 2007-01-10 00:51 -------- d-----w- c:\programdata\Symantec
2009-06-12 17:02 . 2007-01-10 00:39 -------- d-----w- c:\programdata\WildTangent
2009-06-12 17:02 . 2007-01-10 00:36 -------- d-----w- c:\program files\HP Games
2009-06-12 10:24 . 2009-06-12 10:24 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2009-06-12 10:19 . 2009-06-12 10:19 613888 ----a-w- c:\windows\system32\wpd_ci.dll
2009-06-12 09:39 . 2009-06-12 09:39 72704 ----a-w- c:\windows\system32\admparse.dll
2009-06-12 09:39 . 2009-06-12 09:39 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-12 09:39 . 2009-06-12 09:39 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-12 09:39 . 2009-06-12 09:39 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-06-12 09:39 . 2009-06-12 09:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-12 09:39 . 2009-06-12 09:39 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-06-12 08:13 . 2009-06-12 08:12 1820 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_RQ404AA-ABA a1742n_YC_0Pavi_QMXX703_E71NAv3PrA4_49_INODUSM3_SASUSTek Computer INC._V1.05_B5.04_T061215_WUH0_L409_M895_J320_7AMD_8Athlon 64 X2 Dual Core_92_#070322_N10DE0269_Z14F12F20_G10DE0241.MRK
2009-06-12 07:36 . 2007-01-10 01:05 -------- d-----w- c:\programdata\Hewlett-Packard
2009-06-12 07:25 . 2009-06-12 07:25 -------- d-sh--we c:\programdata\Templates
2009-06-12 07:25 . 2009-06-12 07:25 -------- d-sh--we c:\programdata\Start Menu
2009-06-12 07:25 . 2009-06-12 07:25 -------- d-sh--we c:\programdata\Favorites
2009-06-12 07:25 . 2009-06-12 07:25 -------- d-sh--we c:\programdata\Documents
2009-06-12 07:25 . 2009-06-12 07:25 -------- d-sh--we c:\programdata\Desktop
2009-05-13 15:23 . 2007-01-10 00:54 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys
2009-05-13 15:23 . 2007-01-10 00:54 101936 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys
2009-05-13 15:23 . 2007-01-10 00:54 89104 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys
2009-05-13 15:23 . 2007-01-10 00:54 876144 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys
2009-05-13 15:23 . 2007-01-10 00:54 259368 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll
2009-05-13 15:23 . 2007-01-10 00:54 2414128 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll
2009-05-13 15:23 . 2007-01-10 00:54 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll
2009-05-13 15:23 . 2007-01-10 00:54 1181040 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll
2009-04-30 20:56 . 2009-04-30 20:56 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-04-17 20:53 . 2009-04-17 20:53 40960 ----a-w- c:\windows\system32\VBAME.DLL
2009-04-08 22:49 . 2009-04-08 22:49 1064296 ----a-w- c:\windows\system32\WebServices.dll
2009-04-08 22:37 . 2009-04-08 22:37 4319136 ----a-w- c:\windows\system32\OSPPSVC.EXE
2009-04-08 22:37 . 2009-04-08 22:37 192432 ----a-w- c:\windows\system32\OSPPRUN.EXE
2009-04-08 22:37 . 2009-04-08 22:37 1423256 ----a-w- c:\windows\system32\OSPPOBJS.DLL
2009-04-08 22:37 . 2009-04-08 22:37 1156016 ----a-w- c:\windows\system32\OSPPCEXT.DLL
2009-04-08 22:37 . 2009-04-08 22:37 110472 ----a-w- c:\windows\system32\OSPPC.DLL
2009-04-08 22:37 . 2009-04-08 22:37 114568 ----a-w- c:\windows\system32\wbem\OSPPWMI.DLL
2009-04-08 22:26 . 2009-04-08 22:26 31616 ----a-w- c:\windows\system32\FM20ENU.DLL
2009-04-08 22:26 . 2009-04-08 22:26 1204072 ----a-w- c:\windows\system32\FM20.DLL
2009-03-27 10:13 . 2009-03-27 10:13 761152 ----a-w- c:\windows\system32\msvcr100.dll
2009-03-27 10:13 . 2009-03-27 10:13 425296 ----a-w- c:\windows\system32\msvcp100.dll
2009-03-27 10:13 . 2009-03-27 10:13 250704 ----a-w- c:\windows\system32\msvcm100.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-04-08 23:05 739688 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\sanhanin\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-12 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2009-06-10 959784]
"GrooveMonitor"="c:\progra~1\MICROS~3\Office14\GROOVEMN.EXE" [2009-04-26 875392]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2007-1-9 34520]
OfficeSAS.lnk - c:\program files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe [2009-4-8 122264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D3CB7BCA-2A55-476D-9469-3B3078F00DC5}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{E0CA1319-A0F9-49FB-AEAC-0EF89D7030E3}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{5FB38725-ECD7-465C-A88B-E6B4CD69705E}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{CBA57245-AA14-4C25-A257-FDDB902B47D9}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{D9237460-F2FD-47A4-B3FB-9395A13A0EC1}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{31980B3F-A038-4371-A9C4-052FBE28D838}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{71966ED2-68A6-4085-B724-43808D160F5E}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{09CEA97C-C3D5-40D4-881C-2477E2BBD722}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EF7B4E1D-E9F5-4C97-974A-AA7D53D774E1}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{DAF5A5F6-1E4C-4488-849D-EE15AC1BBFC1}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{FA921A27-FE78-48A6-B47B-40565ACACF98}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6538BE25-A5AF-4017-96CB-56A47A1FB704}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D2265865-18A5-4555-B9B9-E1B56E24D98B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5EADA479-CAA6-43FA-9DF5-E8B2FA286FFD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{46DEAF41-03DC-4EE6-A34A-08BD01861A4C}"= UDP:c:\program files\Microsoft Office\Office14\GROOVE.EXE:Microsoft SharePoint Workspace
"{E75255B6-99F4-4D27-882F-A2AF1F5284DF}"= TCP:c:\program files\Microsoft Office\Office14\GROOVE.EXE:Microsoft SharePoint Workspace
"{B757CBB2-6863-442E-8830-1559765DBC63}"= UDP:c:\program files\Microsoft Office\Office14\ONENOTE.EXE:Microsoft Office OneNote
"{C073352E-F3F1-4FF4-98C2-EECCC53C4BE2}"= TCP:c:\program files\Microsoft Office\Office14\ONENOTE.EXE:Microsoft Office OneNote
"{A3052AE2-EE6E-436F-8AA5-F2BE862EC714}"= TCP:6004|c:\program files\Microsoft Office\Office14\outlook.exe:Microsoft Office Outlook
"{E00FCECA-533D-4915-B70E-22F9DA1A337F}"= UDP:c:\users\sanhanin\Desktop\LimeWire PRO 5.1.3.exe:LimeWire
"{092B6AAE-20D3-45CB-92D4-65D71DDCFD8B}"= TCP:c:\users\sanhanin\Desktop\LimeWire PRO 5.1.3.exe:LimeWire
"TCP Query User{19AA227A-3A79-4CDA-9DAE-CC713903D121}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{2EC5730A-2233-4790-AC7C-CB9EAEDC1B21}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 sbtis;sbtis;c:\windows\System32\drivers\sbtis.sys [6/12/2009 10:29 AM 202928]
R2 osppsvc;Office Software Protection Platform;c:\windows\System32\OSPPSVC.EXE [4/8/2009 3:37 PM 4319136]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [6/10/2009 6:00 AM 980264]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [6/13/2009 9:29 AM 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [6/12/2009 2:11 AM 3032360]
R3 A5AGU;D-Link Wireless LAN 802.11 USB device driver;c:\windows\System32\drivers\AGUx86.sys [8/6/2008 6:09 PM 905728]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\System32\drivers\wacmoumonitor.sys [6/12/2009 2:11 AM 15144]
S2 AeLookupSvcALG;Application Experience AeLookupSvcALG; [x]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [4/25/2009 6:18 PM 33480048]
--- Other Services/Drivers In Memory ---
*Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226ED}
*Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226EE}
.
Contents of the 'Scheduled Tasks' folder
2009-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-517598597-2044576067-1855070888-1000.job
- c:\users\sanhanin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-12 17:06]
2009-06-19 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 18:23]
2009-06-17 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 18:23]
2009-06-19 c:\windows\Tasks\User_Feed_Synchronization-{B2BDD502-2609-4C28-AC6C-578A469927F8}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-<NO NAME> - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopmStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopmDefault_Page_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: S&end to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-19 12:57
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wisptis.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\System32\wisptis.exe
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\rundll32.exe
c:\program files\Microsoft Office\Office14\GROOVEMN.EXE
c:\program files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
c:\program files\Common Files\microsoft shared\ink\InputPersonalization.exe
c:\hp\KBD\kbd.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-06-19 13:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-19 20:02
Pre-Run: 255,941,361,664 bytes free
Post-Run: 254,720,905,216 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
377 --- E O F --- 2009-06-19 17:27