View Full Version : Win32.TDSS.reg (closed due to Cracks )
Hello - I hope you guys can help me. Spybot S&D found two registry keys showing win32.tdss.reg, which it could not remove, either in safe mode or on reboot.
The keys are :- HKLM\SYSTEM\ControlSet001\Services\kungsfweppmsdn
and HKLM\SYSTEM\ControlSet002\Services\kungsfweppmsdn. Both have "main\injector" subkeys. I fiddled around trying to delete them, but first get all kinds of permission and then "properties could not be saved", "error deleting key" messages.
So far, the computer seems to be running normally, but occasionally, Quickheal reports malware discovered and deleted or quarantined.
I have followed the instructions in "before you post", backed up the registry, updated definitions, and disabled teatimer. 20 years of blundering through various versions of windows :grandpa: has made me reasonably computer-savvy, so I should be able to follow most instructions OK!
Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:37, on 07/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\X2Net\Smart Address\SMARTADR.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROUI.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\UPSCHD.EXE
C:\Program Files\X2Net\Smart Address\SMARTADR.exe
C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\SCANMSG.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\OnlineNT.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Stardock\XGF\XGFRuntimeServer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Pete\AppData\Local\Temp\{DB12740C-CDBA-4CC2-8912-EDF13317341F}\Sidebar Clock.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freemov2avi.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [X2net Smart Address Monitor] C:\Program Files\X2Net\Smart Address\smartadr.exe Monitor
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Email Protection] C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
O4 - HKLM\..\Run: [Update Scheduler] C:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\QUICKH~1\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Register Genuine Fractals 6.0 Professional Edition.lnk = C:\Program Files\onOne Software\Genuine Fractals 6.0 Professional Edition\Register Genuine Fractals 6.0 Professional Edition.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\SYSTEM32\astsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: Online Protection System - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Quick Heal Antivirus Plus Mail Protection - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROXY.EXE
O23 - Service: Quick Update Service - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Quick Heal Helper Service WSC (ScanWscS) - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\scanwscs.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe
--
End of file - 11721 bytes
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
Please Download GMER to your desktop
Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.
***Please close any open programs ***
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
Hi Katana, "Yoroshiku onegaishimasu", as we say over here, thank you in advance for your help. Here are the first two logs, log.info first:-
Logfile of random's system information tool 1.06 (written by random/random)
Run by Pete at 2009-07-08 19:24:40
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 184 GB (38%) free of 477 GB
Total RAM: 3322 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:52, on 08/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\X2Net\Smart Address\SMARTADR.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROUI.EXE
C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\UPSCHD.EXE
C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\SCANMSG.EXE
C:\Program Files\X2Net\Smart Address\SMARTADR.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\QUICKH~1\QUICKH~1\OnlineNT.EXE
C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\ProgramData\Stardock\XGF\XGFRuntimeServer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\Pete\AppData\Local\Temp\{DB12740C-CDBA-4CC2-8912-EDF13317341F}\Sidebar Clock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Pete\Desktop\win32tdssremovalprocedure\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Pete.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freemov2avi.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [X2net Smart Address Monitor] C:\Program Files\X2Net\Smart Address\smartadr.exe Monitor
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Email Protection] C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
O4 - HKLM\..\Run: [Update Scheduler] C:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\QUICKH~1\QUICKH~1\CATEYE.EXE
O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Register Genuine Fractals 6.0 Professional Edition.lnk = C:\Program Files\onOne Software\Genuine Fractals 6.0 Professional Edition\Register Genuine Fractals 6.0 Professional Edition.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\SYSTEM32\astsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: Online Protection System - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Quick Heal Antivirus Plus Mail Protection - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROXY.EXE
O23 - Service: Quick Update Service - Quick Heal Technologies (P) Ltd. - C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Quick Heal Helper Service WSC (ScanWscS) - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\scanwscs.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Windows\system32\Wacom_Tablet.exe
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe
--
End of file - 11763 bytes
======Scheduled tasks folder======
C:\Windows\tasks\mondaymidnight.job
C:\Windows\tasks\Resume Quickup Download.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-01-29 1088296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-13 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-23 669168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-01 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-05 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-13 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"X2net Smart Address Monitor"=C:\Program Files\X2Net\Smart Address\smartadr.exe [2006-09-10 5533696]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"Email Protection"=C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE [2008-12-26 267640]
"Update Scheduler"=C:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE [2008-12-26 95608]
"On-Line Protection"=C:\PROGRA~1\QUICKH~1\QUICKH~1\CATEYE.EXE [2009-05-16 210296]
"Messenger"=C:\PROGRA~1\QUICKH~1\QUICKH~1\SCANMSG.EXE [2008-12-26 111992]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-12-20 2656528]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe [2008-08-14 240112]
"CPMonitor"=C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe [2009-04-21 84464]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-05 148888]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-02-03 6724128]
"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-02-03 1833504]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-01-07 1496968]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-19 39408]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-01-29 23975720]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Register Genuine Fractals 6.0 Professional Edition.lnk - C:\Program Files\onOne Software\Genuine Fractals 6.0 Professional Edition\Register Genuine Fractals 6.0 Professional Edition.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{394d1102-d085-11dd-a8ce-001cc02a26d9}]
shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7a31754-5d39-11de-b339-001cc02a26d9}]
shell\AutoRun\command - autorun.exe
======List of files/folders created in the last 1 months======
2009-07-08 19:24:40 ----D---- C:\rsit
2009-07-07 11:04:04 ----D---- C:\Windows\ERDNT
2009-07-07 11:02:51 ----D---- C:\Program Files\ERUNT
2009-07-05 13:03:39 ----D---- C:\Program Files\Trend Micro
2009-07-03 21:13:38 ----D---- C:\Users\Pete\AppData\Roaming\GHISLER
2009-07-03 21:13:38 ----D---- C:\Program Files\totalcmd
2009-07-01 23:20:22 ----D---- C:\Program Files\Enigma Software Group
2009-07-01 22:49:55 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-07-01 22:49:28 ----D---- C:\Users\Pete\AppData\Roaming\SUPERAntiSpyware.com
2009-07-01 22:49:28 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-01 22:48:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-01 18:01:06 ----D---- C:\ProgramData\Symantec
2009-07-01 07:09:18 ----D---- C:\Program Files\Norton Security Scan
2009-06-21 01:05:40 ----D---- C:\Users\Pete\AppData\Roaming\TVU networks
2009-06-20 22:53:01 ----D---- C:\Windows\system32\Adobe
2009-06-16 21:30:40 ----D---- C:\ProgramData\Apple Computer
2009-06-16 21:30:40 ----D---- C:\Program Files\QuickTime
2009-06-14 09:56:17 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-14 09:56:17 ----A---- C:\Windows\system32\EncDec.dll
2009-06-13 20:54:56 ----D---- C:\Users\Pete\AppData\Roaming\ImgBurn
2009-06-13 20:54:32 ----D---- C:\Program Files\ImgBurn
2009-06-13 14:45:13 ----D---- C:\Users\Pete\AppData\Roaming\WTablet
2009-06-13 14:43:19 ----D---- C:\Windows\system32\WTablet
2009-06-13 14:43:18 ----A---- C:\Windows\system32\Wintab32.dll
2009-06-13 14:43:18 ----A---- C:\Windows\system32\Wacom_Tablet.exe
2009-06-13 14:43:18 ----A---- C:\Windows\system32\Wacom_Tablet.dll
2009-06-13 14:43:14 ----D---- C:\Program Files\Tablet
2009-06-12 03:03:30 ----A---- C:\Windows\system32\MRT.INI
2009-06-11 09:18:21 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-11 09:18:19 ----A---- C:\Windows\system32\localspl.dll
2009-06-11 09:18:13 ----A---- C:\Windows\system32\mshtml.dll
2009-06-11 09:18:11 ----A---- C:\Windows\system32\ieframe.dll
2009-06-11 09:18:10 ----A---- C:\Windows\system32\wininet.dll
2009-06-11 09:18:10 ----A---- C:\Windows\system32\urlmon.dll
2009-06-11 09:18:09 ----A---- C:\Windows\system32\msfeeds.dll
2009-06-11 09:18:09 ----A---- C:\Windows\system32\iertutil.dll
2009-06-11 09:18:09 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-11 09:18:08 ----A---- C:\Windows\system32\occache.dll
2009-06-11 09:18:08 ----A---- C:\Windows\system32\ieUnatt.exe
2009-06-11 09:18:08 ----A---- C:\Windows\system32\ieencode.dll
2009-06-11 09:18:08 ----A---- C:\Windows\system32\ieaksie.dll
2009-06-11 09:18:07 ----A---- C:\Windows\system32\mstime.dll
2009-06-11 09:18:07 ----A---- C:\Windows\system32\jsproxy.dll
======List of files/folders modified in the last 1 months======
2009-07-08 19:24:50 ----D---- C:\Windows\Prefetch
2009-07-08 19:24:42 ----D---- C:\Windows\Temp
2009-07-08 19:22:23 ----A---- C:\AUTOEXEC.BAT
2009-07-08 19:15:23 ----D---- C:\Users\Pete\AppData\Roaming\Skype
2009-07-08 16:00:57 ----D---- C:\Users\Pete\AppData\Roaming\skypePM
2009-07-08 10:02:44 ----SHD---- C:\System Volume Information
2009-07-08 09:03:41 ----D---- C:\Windows\System32
2009-07-08 09:03:41 ----D---- C:\Windows\inf
2009-07-08 09:03:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-07 11:10:04 ----AD---- C:\Windows
2009-07-07 11:02:51 ----RD---- C:\Program Files
2009-07-07 10:59:46 ----D---- C:\Users\Pete\AppData\Roaming\uTorrent
2009-07-07 10:55:33 ----D---- C:\Users\Pete\AppData\Roaming\Shareaza
2009-07-07 10:52:43 ----D---- C:\Users\Pete\AppData\Roaming\FrostWire
2009-07-02 22:33:11 ----D---- C:\Windows\Debug
2009-07-02 19:20:20 ----D---- C:\Windows\system32\Tasks
2009-07-02 12:55:46 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-02 12:55:41 ----SHD---- C:\Windows\Installer
2009-07-02 12:55:40 ----SHD---- C:\Config.Msi
2009-07-02 07:13:44 ----D---- C:\Program Files\Mozilla Firefox
2009-07-01 23:21:54 ----D---- C:\Windows\system32\drivers
2009-07-01 22:49:55 ----HD---- C:\ProgramData
2009-07-01 22:48:31 ----D---- C:\Program Files\Common Files
2009-07-01 20:43:53 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-07-01 19:19:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-01 19:17:34 ----D---- C:\Windows\Tasks
2009-06-21 13:39:34 ----D---- C:\Windows\system32\catroot
2009-06-21 01:33:51 ----D---- C:\Windows\system32\catroot2
2009-06-20 20:26:15 ----D---- C:\ProgramData\Roxio
2009-06-15 17:38:02 ----D---- C:\ProgramData\Sonic
2009-06-15 03:09:26 ----D---- C:\Windows\Microsoft.NET
2009-06-15 03:09:15 ----RSD---- C:\Windows\assembly
2009-06-15 03:01:48 ----D---- C:\Windows\ehome
2009-06-15 03:01:05 ----D---- C:\Windows\winsxs
2009-06-13 10:23:24 ----D---- C:\Program Files\CyberLink
2009-06-13 10:21:36 ----D---- C:\ProgramData\SmartSound Software Inc
2009-06-12 03:04:58 ----D---- C:\Program Files\Internet Explorer
2009-06-09 22:20:03 ----D---- C:\PerfLogs
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 c2scsi;c2scsi; C:\Windows\system32\DRIVERS\c2scsi.sys [2008-08-11 254320]
R1 NetworkX;NetworkX; C:\Windows\system32\ckldrv.sys [2006-01-10 31846]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-05-26 72944]
R1 StarPortLite;StarPort Storage Controller (Lite); C:\Windows\system32\DRIVERS\StarPortLite.sys [2008-08-20 93544]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 catflt;catflt; C:\Windows\system32\DRIVERS\catflt.sys [2009-05-16 65144]
R2 EMLSS;EMLSS; C:\Windows\system32\drivers\emltdi.sys [2008-12-26 28656]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-04-24 95544]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-01-14 4235776]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-12-04 217728]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2008-11-23 45056]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-03 2320480]
R3 LVPr2Mon;LVPr2Mon Driver; C:\Windows\system32\Drivers\LVPr2Mon.sys [2008-12-16 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs.sys [2008-12-17 768024]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2008-12-17 41752]
R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2008-12-17 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2008-12-17 2686104]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
R3 VRVD302;VRVD302; C:\Windows\system32\DRIVERS\VRVD302.sys [2009-05-07 11296]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver; C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
S1 kungsfweppmsdn;kungsfweppmsdn; C:\Windows\system32\drivers\kungsfweppmsdn.sys []
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2008-01-21 45696]
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys [2008-01-21 40448]
S3 ck09bus;au CA001; C:\Windows\system32\DRIVERS\ck09bus.sys [2008-09-04 83328]
S3 ck09diag;_au CA001 Serial Port (WDM); C:\Windows\system32\DRIVERS\ck09diag.sys [2008-09-04 98176]
S3 ck09mdfl;au CA001 Modem Filter; C:\Windows\system32\DRIVERS\ck09mdfl.sys [2008-09-04 14848]
S3 ck09mdm;au CA001 Modem Drivers; C:\Windows\system32\DRIVERS\ck09mdm.sys [2008-09-04 109696]
S3 DrmCAudio;DrmCAudio; C:\Windows\system32\drivers\DrmCAudio.sys [2009-03-02 23096]
S3 DrmCVideo;DrmCVideo; C:\Windows\system32\DRIVERS\DrmCVideo.sys [2009-03-02 3768]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IdcPHid;IdeaCom HID Touch Screen Driver (PS/2); C:\Windows\system32\DRIVERS\idcphid.sys [2008-12-11 16256]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-21 52608]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-02-15 47360]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 RxFilter;RxFilter; C:\Windows\system32\DRIVERS\RxFilter.sys [2008-08-11 57328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 astcc;AST Service; C:\Windows\SYSTEM32\astsrv.exe [2008-11-26 57344]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-01-14 729088]
R2 Crypkey License;Crypkey License; C:\Windows\system32\crypserv.exe [2006-03-01 69632]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-12-16 150040]
R2 Online Protection System;Online Protection System; C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe [2008-12-26 17272]
R2 Quick Heal Antivirus Plus Mail Protection;Quick Heal Antivirus Plus Mail Protection; C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROXY.EXE [2008-12-26 50552]
R2 Quick Update Service;Quick Update Service; C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe [2009-05-16 58744]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TabletServiceWacom;TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [2007-09-07 1373480]
R2 VRAID Log Service;VRAID Log Service; C:\Program Files\VIA\RAID\vialogsv.exe [2008-09-24 52888]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11; C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [2008-08-14 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11; C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [2008-08-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11; C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [2008-08-14 170480]
S2 ScanWscS;Quick Heal Helper Service WSC; C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\scanwscs.exe [2008-12-26 134488]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-03 655624]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2009-01-08 114688]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11; C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [2008-08-14 313840]
S3 RoxMediaDB11;RoxMediaDB11; C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-01-09 1122304]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe []
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]
-----------------EOF-----------------
and here is info.txt:-
info.txt logfile of random's system information tool 1.06 2009-07-08 19:24:53
======Uninstall list======
-->C:\Windows\system32\\MSIEXEC.EXE /x {7B91CBFD-0671-4819-9724-CABE3014E886}
-->Dummy
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AMP Font Viewer-->"C:\Program Files\AMP Font Viewer\uninstall.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo Burning Studio 7.32-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 7\unins000.exe"
Ashampoo WinOptimizer 6.23-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\unins000.exe"
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
au CA001 Software-->C:\Program Files\InstallShield Installation Information\{CA954961-0289-4EE6-A9FC-062BB51693F0}\setup.exe -runfromtemp -l0x0011anything -removeonly
Avi2Dvd 0.4.5 beta-->C:\Program Files\Avi2Dvd\uninst.exe
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Canon iP6700D-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6700D\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6700D /L0x0009
Canon ScanGear Starter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x9 anything
CanoScan Toolbox Ver4.9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\Setup.exe" -l0x9 anything
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD-LabelPrint-->"C:\Program Files\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DirectX 9 Runtime-->MsiExec.exe /I{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
DriverAgent Plugin for Netscape by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_np.inf,TVICHW32Remove
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Eye Candy 4000-->C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\EYECAN~1\UNWISE.EXE C:\PROGRA~1\Adobe\PHOTOS~1.0\Plug-Ins\EYECAN~1\INSTALL.LOG
ffdshow [rev 2527] [2008-12-19]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe"
Foxit PDF IFilter-->MsiExec.exe /I{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Genuine Fractals 6.0 Professional Edition-->"C:\Program Files\InstallShield Installation Information\{FCADA4FF-142C-42A8-B73C-0A54A7F83345}\setup.exe" -runfromtemp -l0x0009 -uninst -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HydraVision-->MsiExec.exe /X{13A63CE1-102E-0F29-1461-BD793DCB0766}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel(R) Network Connections 13.5.32.0-->MsiExec.exe /i{777AD08E-B32A-4456-AFE1-094DBECEB268} ARPREMOVE=1
Intel(R) Network Connections 13.5.32.0-->MsiExec.exe /i{777AD08E-B32A-4456-AFE1-094DBECEB268} ARPREMOVE=1
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Intel® Management Engine Interface-->C:\Windows\system32\heciudlg.exe -uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
IZArc 3.7-->"C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
K-Lite Mega Codec Pack 4.6.2-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
K-Lite Video Conversion Pack 1.3.0-->"C:\Program Files\K-Lite Video Conversion Pack\unins000.exe"
KPT 6-->C:\Windows\IsUninst.exe -f"c:\program files\adobe\photoshop 7.0\plug-ins\KPT6\KPT6Unin.isu"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LabelPrint 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.90.1262\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.90" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /I{937B232D-9776-471E-92BD-D424E514EF14}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaShow 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Application Compatibility Database-->C:\Windows\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
OpenMG Secure Module 5.3.00-->C:\Program Files\InstallShield Installation Information\{DEF97A70-C67D-41E1-837C-6462C97A6F65}\IS_Setup.exe -l0x0409 /z"UNINSTALL"
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixillion Image Converter-->C:\Program Files\NCH Software\Pixillion\uninst.exe
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
QCP Converter-->C:\Program Files\QCP Converter\uninstall.exe
Quest3D Viewers 3.0e-->"C:\Program Files\Quest3D Viewers 3.0e\unins000.exe"
Quick Heal AntiVirus Plus-->C:\PROGRA~1\QUICKH~1\QUICKH~1\Uninst.exe
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Roxio Activation Module-->MsiExec.exe /I{1D53B6F9-E66E-42D8-A221-4FF8AC134FD7}
Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}
Roxio CinePlayer Decoder Pack-->MsiExec.exe /I{C0FE37FA-0886-4B66-B01B-76CF70FB77AB}
Roxio CinePlayer-->MsiExec.exe /I{AA749D64-3741-4D5F-B804-B0BC05D179D1}
Roxio Creator 2009-->C:\ProgramData\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\setup.exe /x {7919D8D9-69FB-4E94-B330-04C4AF251867}
Roxio Creator 2009-->MsiExec.exe /I{3383136B-4F86-4F05-8612-DD4BB16A1EAE}
Roxio Creator 2009-->MsiExec.exe /I{7A7B3764-7F17-4AB1-A1D3-3B01F5F07445}
Roxio File Backup-->MsiExec.exe /I{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SonicStage 4.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Total Commander (Remove or Repair)-->C:\Program Files\totalcmd\tcuninst.exe
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.4.1.0-->C:\Program Files\TVUPlayer\uninst.exe
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodei Multimedia Processor 2.10-->C:\Program Files\Vodei\uninst.exe
Wacom Tablet-->C:\Program Files\Tablet\Wacom\Remove.exe /u
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}
X2Net Reporter V1.1.0.15-->"C:\Program Files\X2Net\Common\Reporter\unins000.exe"
X2Net Smart Address 5.6-->"C:\Program Files\X2Net\Smart Address\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
======Hosts File======
127.0.0.1 localhost
::1 localhost
127.0.0.1 activate.adobe.com
======Security center information======
AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)
======System event log======
Computer Name: Pete-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 117872
Source Name: Tcpip
Time Written: 20090703155554.643490-000
Event Type: Warning
User:
Computer Name: Pete-PC
Event Code: 36
Message: The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
Record Number: 117894
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090703224829.000000-000
Event Type: Warning
User:
Computer Name: Pete-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 118144
Source Name: Tcpip
Time Written: 20090707013131.665140-000
Event Type: Warning
User:
Computer Name: Pete-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 118179
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090707020954.968750-000
Event Type: Error
User:
Computer Name: Pete-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 118337
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090707235750.890625-000
Event Type: Error
User:
=====Application event log=====
Computer Name: Pete-PC
Event Code: 0
Message:
Record Number: 27728
Source Name: TabletServiceWacom
Time Written: 20090708101444.000000-000
Event Type: Error
User:
Computer Name: Pete-PC
Event Code: 4621
Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {56F47FAA-BC9C-40B9-9DD7-7D99D049F741}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Record Number: 27733
Source Name: Microsoft-Windows-EventSystem
Time Written: 20090708101923.000000-000
Event Type: Error
User:
Computer Name: Pete-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1013437786-1395498018-647586148-1001:
Process 956 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1013437786-1395498018-647586148-1001
Record Number: 27737
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090708101925.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Pete-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1013437786-1395498018-647586148-1001_Classes:
Process 956 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1013437786-1395498018-647586148-1001_CLASSES
Record Number: 27738
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090708101926.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Pete-PC
Event Code: 0
Message:
Record Number: 27739
Source Name: TabletServiceWacom
Time Written: 20090708101932.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Pete-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 47958
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090708102451.680668-000
Event Type: Audit Failure
User:
Computer Name: Pete-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 47959
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090708102451.711918-000
Event Type: Audit Failure
User:
Computer Name: Pete-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 47960
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090708102451.727543-000
Event Type: Audit Failure
User:
Computer Name: Pete-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 47961
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090708102451.758793-000
Event Type: Audit Failure
User:
Computer Name: Pete-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys
Record Number: 47962
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090708102451.774418-000
Event Type: Audit Failure
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\11.0\DLLShared\;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"RCAUTOPLAY"=C:\Program Files\Roxio Creator 2009\Roxio Central 4\
"EMC_AUTOPLAY"=C:\Program Files\Common Files\Roxio Shared\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
I will post the gmer log shortly
Here is the gmer log. The first time I ran gmer, it gave me an instant blue screen (my first since I installed Vista). Second try was successful, running in Administrator mode.
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-08 21:21:56
Windows 6.0.6001 Service Pack 1
---- System - GMER 1.0.15 ----
INT 0x52 ? 870E9BF8
INT 0x62 ? 84D25BF8
INT 0x72 ? 84D27BF8
INT 0x72 ? 84D27BF8
INT 0x72 ? 84D27BF8
INT 0x72 ? 84D27BF8
INT 0x72 ? 870E9BF8
INT 0x72 ? 84D27BF8
INT 0x82 ? 870E9BF8
INT 0x92 ? 870E9BF8
INT 0xA2 ? 84D25BF8
INT 0xA2 ? 870E9BF8
INT 0xA2 ? 870E9BF8
INT 0xA2 ? 84D25BF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spzv.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 9079F46F 5 Bytes JMP 870E91D8
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068E6D2] \SystemRoot\System32\Drivers\spzv.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068E040] \SystemRoot\System32\Drivers\spzv.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068E7FC] \SystemRoot\System32\Drivers\spzv.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068E0BE] \SystemRoot\System32\Drivers\spzv.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068E13C] \SystemRoot\System32\Drivers\spzv.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Windows Sidebar\sidebar.exe[156] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [006D2F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[156] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [006D2CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[156] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [006D2C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[156] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [006D2CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [0044F71C] C:\Program Files\X2Net\Smart Address\SMARTADR.exe (Smart Address/X2Net Limited)
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [0044F71C] C:\Program Files\X2Net\Smart Address\SMARTADR.exe (Smart Address/X2Net Limited)
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0044F71C] C:\Program Files\X2Net\Smart Address\SMARTADR.exe (Smart Address/X2Net Limited)
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0044F71C] C:\Program Files\X2Net\Smart Address\SMARTADR.exe (Smart Address/X2Net Limited)
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0044F71C] C:\Program Files\X2Net\Smart Address\SMARTADR.exe (Smart Address/X2Net Limited)
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0044F71C] C:\Program Files\X2Net\Smart Address\SMARTADR.exe (Smart Address/X2Net Limited)
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0017B3B4
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0017A59B
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 001792EE
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0017B6E0
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] 00178440
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00177B94
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 001780DC
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 001791EA
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0017992D
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0017961D
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 001798DB
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00179F17
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00179A25
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileType] 001793EE
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 001796DF
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileSize] 001792A1
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!WriteFile] 00179015
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetACP] 0017B3C0
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00178395
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0017A91C
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0017A871
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0017A841
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00178BD9
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00177799
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0017935E
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 001775B4
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00177D80
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 001769DB
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!ReadFile] 00178DD8
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetVersion] 0017B3AE
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadIconW] 0017B545
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadCursorW] 0017B513
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0017B668
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0017B6C4
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [USER32.dll!LoadStringW] 0017B5B1
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0017B19A
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0017AFAD
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\ws2_32.dll [KERNEL32.dll!CreateThread] [0044F71C] C:\Program Files\X2Net\Smart Address\SMARTADR.exe (Smart Address/X2Net Limited)
IAT C:\Program Files\X2Net\Smart Address\SMARTADR.exe[1452] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] [0044F71C] C:\Program Files\X2Net\Smart Address\SMARTADR.exe (Smart Address/X2Net Limited)
IAT C:\Windows\Explorer.EXE[2588] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00892F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2588] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00892CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2588] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00892C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2588] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00892CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3756] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3756] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3756] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3756] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4048] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00102F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4048] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00102CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4048] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00102C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Sidebar\sidebar.exe[4048] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00102CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 85AE81F8
Device \Driver\volmgr \Device\VolMgrControl 85AE21F8
Device \Driver\usbuhci \Device\USBPDO-0 86EDB500
Device \Driver\usbuhci \Device\USBPDO-1 86EDB500
Device \Driver\usbuhci \Device\USBPDO-2 86EDB500
Device \Driver\usbehci \Device\USBPDO-3 86ED91F8
Device \Driver\usbuhci \Device\USBPDO-4 86EDB500
AttachedDevice \Driver\tdx \Device\Tcp emltdi.sys (emltdi.sys/Quick Heal Technologies (P) Ltd.)
Device \Driver\usbuhci \Device\USBPDO-5 86EDB500
Device \Driver\usbuhci \Device\USBPDO-6 86EDB500
Device \Driver\volmgr \Device\HarddiskVolume1 85AE21F8
Device \Driver\usbehci \Device\USBPDO-7 86ED91F8
Device \Driver\volmgr \Device\HarddiskVolume2 85AE21F8
Device \Driver\cdrom \Device\CdRom0 86EEB1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{C4E27306-0BEC-40B2-A356-717F81B5A8A5} 87517500
Device \Driver\volmgr \Device\HarddiskVolume3 85AE21F8
Device \Driver\cdrom \Device\CdRom1 86EEB1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 85AE41F8
Device \Driver\atapi \Device\Ide\IdePort0 85AE41F8
Device \Driver\atapi \Device\Ide\IdePort1 85AE41F8
Device \Driver\atapi \Device\Ide\IdePort2 85AE41F8
Device \Driver\atapi \Device\Ide\IdePort3 85AE41F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3 85AE41F8
Device \Driver\volmgr \Device\HarddiskVolume4 85AE21F8
Device \Driver\cdrom \Device\CdRom2 86EEB1F8
Device \Driver\volmgr \Device\HarddiskVolume5 85AE21F8
Device \Driver\volmgr \Device\HarddiskVolume6 85AE21F8
Device \Driver\volmgr \Device\HarddiskVolume7 85AE21F8
Device \Driver\netbt \Device\NetBt_Wins_Export 87517500
Device \Driver\volmgr \Device\HarddiskVolume8 85AE21F8
Device \Driver\Smb \Device\NetbiosSmb 875591F8
Device \Driver\iScsiPrt \Device\RaidPort0 870BE500
Device \Driver\USBSTOR \Device\0000006a 878041F8
Device \Driver\USBSTOR \Device\0000006b 878041F8
Device \Driver\USBSTOR \Device\0000006c 878041F8
Device \Driver\usbuhci \Device\USBFDO-0 86EDB500
Device \Driver\USBSTOR \Device\0000006d 878041F8
Device \Driver\usbuhci \Device\USBFDO-1 86EDB500
Device \Driver\USBSTOR \Device\0000006e 878041F8
Device \Driver\usbuhci \Device\USBFDO-2 86EDB500
Device \Driver\usbehci \Device\USBFDO-3 86ED91F8
Device \Driver\usbuhci \Device\USBFDO-4 86EDB500
Device \Driver\usbuhci \Device\USBFDO-5 86EDB500
Device \Driver\usbuhci \Device\USBFDO-6 86EDB500
Device \Driver\usbehci \Device\USBFDO-7 86ED91F8
Device \Driver\viamraid \Device\Scsi\viamraid1Port4Path0Target4Lun0 85AE61F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port5Path0Target14Lun0 85AE71F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port5Path0Target0Lun0 85AE71F8
Device \Driver\viamraid \Device\Scsi\viamraid1Port4Path0TargetffLun0 85AE61F8
Device \Driver\viamraid \Device\Scsi\viamraid1 85AE61F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1 85AE71F8
Device \Driver\viamraid \Device\Scsi\viamraid1Port4Path0Target5Lun0 85AE61F8
Device \Driver\c2scsi \Device\Scsi\c2scsi1 87059500
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port5Path0Target1Lun0 85AE71F8
Device \Driver\c2scsi \Device\Scsi\c2scsi1Port8Path0Target0Lun0 87059500
Device \FileSystem\cdfs \Cdfs 88C60500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfweppmsdn\main\injector@* kungsfwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\ControlSet002\Services\kungsfweppmsdn\main\injector@* kungsfwsp.dll
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\Users\S-1-5-21-1013437786-1395498018-647586148-1002\Web\Overrides@http:// 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8A0EBB9D-E0A6-66C0-3438-C07F85A35B01}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8A0EBB9D-E0A6-66C0-3438-C07F85A35B01}@jainbcacbmpffgphongi 0x6F 0x61 0x68 0x64 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8A0EBB9D-E0A6-66C0-3438-C07F85A35B01}@hahnmcaamlkokhmo 0x6C 0x61 0x63 0x70 ...
---- EOF - GMER 1.0.15 ----
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Combofix Log
Kaspersky Log
How are things running now ?
Hi, sorry, this is only a partial log of what has been happening. I ran ComboFix, and it performed as it was supposed to until the "Preparing Log Report" stage. Then in the blue window a line appeared saying "The system cannot find the file C:\Combofix\NirCmd.cfexe" Simultaneously a windows error message popped up saying "Windows cannot find hidec.exe Make sure you typed the name correctly and try again" I waited but nothing happened, so I clicked "OK" in the windows message. Then the message about not being able to find hidec.exe was repeated in the comboFix window, followed by "system cannot find the file NIRCMD.COM" three times, then just a flashing cursor. Nothing for a very long time, so thinking I had stuffed everything up, I thought I would look for the log file. Couldn't find it in the c:\ but it was in the ComboFix directory. Clicked and then found that everything I clicked gave a message saying "illegal operation on a registry key that has been marked for deletion"
Now thoroughly frightened, I rebooted, and found that things seem to be working, except that my desktop has disappeared, and firefox is not now my default browser. I can fix that, but I wondered if combofix is likely to have rearranged anything else? Sorry, I guess my programmed instinct to click on windows "OK" button got the better of me. Here is the logfile anyway. Should I do the kaspersky thing now, or do I need to start over? Got to sleep now - back on the case in a few hours.
ComboFix 09-07-07.A8 - Pete 08/07/2009 23:01:28.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3322.2093 [GMT 9:00]
Running from: C:\Users\Pete\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Pete\AppData\Roaming\inst.exe
C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
C:\WINDOWS\Installer\230ce5.msi
C:\Windows\system32\ATIODCLI.exe
C:\Windows\system32\ATIODE.exe
C:\Windows\system32\kungsfyxmccsbo.dat
C:\Windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_kungsfweppmsdn
((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))
.
2009-07-08 14:04:22 . 2009-07-08 14:04:22 0 d-----w- C:\Users\Mina\AppData\Local\temp
2009-07-08 14:04:22 . 2009-07-08 14:04:22 0 d-----w- C:\Users\Kirk and joel\AppData\Local\temp
2009-07-08 10:24:40 . 2009-07-08 10:38:28 0 d-----w- C:\rsit
2009-07-07 02:02:51 . 2009-07-07 02:03:09 0 d-----w- C:\Program Files\ERUNT
2009-07-05 04:03:39 . 2009-07-05 04:03:39 0 d-----w- C:\Program Files\Trend Micro
2009-07-03 12:13:38 . 2009-07-03 12:19:34 0 d-----w- C:\Users\Pete\AppData\Roaming\GHISLER
2009-07-03 12:13:38 . 2009-07-03 12:16:03 0 d-----w- C:\Program Files\totalcmd
2009-07-03 12:13:38 . 2008-08-07 22:04:10 545 ----a-w- C:\Windows\UC.PIF
2009-07-03 12:13:38 . 2008-08-07 22:04:10 545 ----a-w- C:\Windows\RAR.PIF
2009-07-03 12:13:38 . 2008-08-07 22:04:10 545 ----a-w- C:\Windows\PKZIP.PIF
2009-07-03 12:13:38 . 2008-08-07 22:04:10 545 ----a-w- C:\Windows\PKUNZIP.PIF
2009-07-03 12:13:38 . 2008-08-07 22:04:10 545 ----a-w- C:\Windows\NOCLOSE.PIF
2009-07-03 12:13:38 . 2008-08-07 22:04:10 545 ----a-w- C:\Windows\LHA.PIF
2009-07-03 12:13:38 . 2008-08-07 22:04:10 545 ----a-w- C:\Windows\ARJ.PIF
2009-07-02 15:30:13 . 2009-07-08 07:00:51 0 d-----w- C:\Users\Mina\AppData\Roaming\skypePM
2009-07-01 14:20:22 . 2009-07-01 14:20:22 0 d-----w- C:\Program Files\Enigma Software Group
2009-07-01 13:51:18 . 2009-07-01 22:12:44 117760 ----a-w- C:\Users\Pete\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-01 13:49:55 . 2009-07-01 13:49:55 0 d-----w- C:\ProgramData\SUPERAntiSpyware.com
2009-07-01 13:49:28 . 2009-07-01 22:12:00 0 d-----w- C:\Program Files\SUPERAntiSpyware
2009-07-01 13:49:28 . 2009-07-01 13:49:28 0 d-----w- C:\Users\Pete\AppData\Roaming\SUPERAntiSpyware.com
2009-07-01 13:48:31 . 2009-07-01 13:48:31 0 d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-01 10:18:55 . 2009-07-01 10:18:55 3561743 ----a-w- C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18:55 . 2009-07-01 10:18:55 3561743 ----a-w- C:\ProgramData\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18:55 . 2009-07-01 10:18:55 3561743 ----a-w- C:\ProgramData\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18:55 . 2009-07-01 10:18:55 3561743 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18:55 . 2009-07-01 10:18:55 3561743 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18:55 . 2009-07-01 10:18:55 3561743 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18:55 . 2009-07-01 10:18:55 3561743 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18:55 . 2009-07-01 10:18:55 3561743 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18:55 . 2009-07-01 10:18:55 3561743 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18:55 . 2009-07-01 10:18:55 3561743 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18:55 . 2009-07-01 10:18:55 3561743 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18:55 . 2009-07-01 10:18:55 3561743 ----a-w- C:\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 09:01:06 . 2009-07-01 10:17:36 0 d-----w- C:\ProgramData\Symantec
2009-06-30 22:09:18 . 2009-07-01 10:17:38 0 d-----w- C:\Program Files\Norton Security Scan
2009-06-20 16:05:40 . 2009-06-20 16:05:46 5589408 ----a-w- C:\Users\Pete\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.5.3.exe
2009-06-20 16:05:40 . 2009-06-20 16:05:40 0 d-----w- C:\Users\Pete\AppData\Roaming\TVU networks
2009-06-20 13:53:01 . 2009-06-20 13:53:01 0 d-----w- C:\Windows\system32\Adobe
2009-06-18 14:25:22 . 2009-07-08 05:45:43 0 d-----w- C:\Users\Kirk and joel\AppData\Roaming\WTablet
2009-06-16 12:30:40 . 2009-06-16 12:30:58 0 d-----w- C:\Program Files\QuickTime
2009-06-16 12:30:40 . 2009-06-16 12:30:40 0 d-----w- C:\ProgramData\Apple Computer
2009-06-14 00:56:17 . 2009-04-30 12:37:57 293376 ----a-w- C:\Windows\system32\psisdecd.dll
2009-06-14 00:56:17 . 2009-04-30 12:37:48 428544 ----a-w- C:\Windows\system32\EncDec.dll
2009-06-13 11:54:56 . 2009-06-13 11:54:56 0 d-----w- C:\Users\Pete\AppData\Roaming\ImgBurn
2009-06-13 11:54:32 . 2009-06-13 11:54:36 0 d-----w- C:\Program Files\ImgBurn
2009-06-13 05:45:13 . 2009-07-08 14:14:53 0 d-----w- C:\Users\Pete\AppData\Roaming\WTablet
2009-06-13 05:44:27 . 2007-02-15 07:11:28 11440 ----a-w- C:\Windows\system32\drivers\WacomVKHid.sys
2009-06-13 05:43:19 . 2009-06-13 05:43:19 0 d-----w- C:\Windows\system32\WTablet
2009-06-13 05:43:19 . 2007-02-16 02:12:36 11312 ----a-w- C:\Windows\system32\drivers\wacommousefilter.sys
2009-06-13 05:43:19 . 2007-02-16 01:30:12 12848 ----a-w- C:\Windows\system32\drivers\wacomvhid.sys
2009-06-13 05:43:18 . 2007-09-07 02:40:04 1373480 ----a-w- C:\Windows\system32\Wacom_Tablet.exe
2009-06-13 05:43:18 . 2007-09-07 02:33:42 128296 ----a-w- C:\Windows\system32\Wacom_Tablet.dll
2009-06-13 05:43:18 . 2007-09-07 02:20:30 181544 ----a-w- C:\Windows\system32\Wintab32.dll
2009-06-13 05:43:14 . 2009-06-13 05:44:27 0 d-----w- C:\Program Files\Tablet
2009-06-10 00:33:00 . 2009-06-10 00:33:00 0 d-----w- C:\Users\Kirk and joel\AppData\Roaming\ATI
2009-06-10 00:33:00 . 2009-06-10 00:33:00 0 d-----w- C:\Users\Kirk and joel\AppData\Local\ATI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 11:43:13 . 2008-11-24 06:35:12 0 d-----w- C:\Users\Pete\AppData\Roaming\Skype
2009-07-08 11:39:57 . 2008-11-24 06:35:54 0 d-----w- C:\Users\Pete\AppData\Roaming\skypePM
2009-07-08 10:19:18 . 2009-02-01 12:34:22 0 d-----w- C:\Users\Mina\AppData\Roaming\Skype
2009-07-08 03:18:56 . 2009-06-13 07:49:11 0 d-----w- C:\Users\Mina\AppData\Roaming\WTablet
2009-07-07 01:59:46 . 2008-12-03 10:22:29 0 d-----w- C:\Users\Pete\AppData\Roaming\uTorrent
2009-07-07 01:55:33 . 2008-12-09 13:01:27 0 d-----w- C:\Users\Pete\AppData\Roaming\Shareaza
2009-07-07 01:52:43 . 2009-02-20 02:18:52 0 d-----w- C:\Users\Pete\AppData\Roaming\FrostWire
2009-07-02 11:19:49 . 2008-11-23 02:46:42 1356 ----a-w- C:\Users\Pete\AppData\Local\d3d9caps.dat
2009-07-02 03:55:46 . 2008-11-23 07:24:58 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-07-01 11:43:53 . 2009-05-07 12:20:23 0 d-----w- C:\ProgramData\Spybot - Search & Destroy
2009-07-01 10:19:06 . 2009-06-02 14:56:15 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-20 11:26:15 . 2009-04-06 12:54:49 0 d-----w- C:\ProgramData\Roxio
2009-06-17 02:27:56 . 2009-06-02 14:56:16 38160 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-06-17 02:27:44 . 2009-06-02 14:56:15 19096 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-06-15 08:38:02 . 2009-04-06 12:53:45 0 d-----w- C:\ProgramData\Sonic
2009-06-13 01:23:24 . 2009-01-31 06:29:45 0 d-----w- C:\Program Files\CyberLink
2009-06-13 01:21:36 . 2009-04-06 12:50:43 0 d-----w- C:\ProgramData\SmartSound Software Inc
2009-06-08 00:15:25 . 2009-06-08 00:15:25 0 d-----w- C:\Users\Mina\AppData\Roaming\ATI
2009-06-07 12:05:21 . 2009-06-07 12:05:21 2825407 ----a-w- C:\Windows\system32\xa488515.exe
2009-06-07 12:05:21 . 2009-06-07 12:05:21 2825407 ----a-w- C:\Windows\system32\xa488171.exe
2009-06-07 11:59:26 . 2009-06-07 11:59:26 0 d-----w- C:\Users\Pete\AppData\Roaming\ATI
2009-06-07 11:59:26 . 2009-06-07 11:59:26 0 d-----w- C:\ProgramData\ATI
2009-06-07 11:08:22 . 2009-06-07 11:05:44 0 d-----w- C:\Program Files\ATI Technologies
2009-06-07 11:07:20 . 2009-06-07 11:07:20 9158 ----a-r- C:\Users\Pete\AppData\Roaming\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-06-07 11:07:19 . 2009-06-07 11:07:19 0 d-----w- C:\Program Files\Common Files\ATI Technologies
2009-06-07 11:07:09 . 2009-06-07 11:07:09 0 ----a-w- C:\Windows\ativpsrm.bin
2009-06-07 11:05:41 . 2009-06-07 11:05:41 0 d-----w- C:\Program Files\ATI
2009-06-07 01:29:28 . 2009-06-07 01:29:28 0 d-----w- C:\Program Files\Focus Multimedia
2009-06-07 01:29:28 . 2009-06-06 13:03:45 0 d-----w- C:\Users\Pete\AppData\Roaming\Hemera
2009-06-06 13:04:06 . 2009-06-06 13:04:06 0 d-----w- C:\ProgramData\Hemera
2009-06-06 13:02:36 . 2009-06-06 13:02:36 0 d-----w- C:\ProgramData\GraphicsDesk
2009-06-04 08:01:36 . 2008-11-24 07:21:13 113584 ----a-w- C:\Users\Kirk and joel\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-03 22:55:38 . 2008-11-24 07:14:03 113584 ----a-w- C:\Users\Mina\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-03 14:19:20 . 2009-06-03 14:19:20 0 d-----w- C:\ProgramData\onOne Software
2009-06-03 14:19:20 . 2009-06-03 14:19:20 0 d-----w- C:\Program Files\onOne Software
2009-06-03 13:52:39 . 2008-11-23 02:46:58 113584 ----a-w- C:\Users\Pete\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-03 13:52:38 . 2009-06-03 13:52:38 0 d-----w- C:\ProgramData\FLEXnet
2009-06-03 13:49:26 . 2008-11-23 07:42:01 0 d-----w- C:\Program Files\Common Files\Adobe
2009-06-03 13:48:41 . 2009-06-03 13:48:40 0 d-----w- C:\Program Files\Adobe Media Player
2009-06-03 13:47:06 . 2009-06-03 13:47:06 0 d-----w- C:\Program Files\Common Files\Adobe AIR
2009-06-03 13:43:24 . 2009-06-03 13:43:24 0 d-----w- C:\Program Files\Common Files\Macrovision Shared
2009-06-02 14:56:20 . 2009-06-02 14:56:20 0 d-----w- C:\Users\Pete\AppData\Roaming\Malwarebytes
2009-06-02 14:56:15 . 2009-06-02 14:56:15 0 d-----w- C:\ProgramData\Malwarebytes
2009-06-02 12:26:00 . 2009-06-02 12:26:00 0 d-----w- C:\Users\Pete\AppData\Roaming\onOne Software
2009-06-02 12:00:39 . 2009-06-02 12:00:40 248401479 ----a-w- C:\Windows\system32\xa103059437.exe
2009-06-02 12:00:39 . 2009-06-02 12:00:31 248401479 ----a-w- C:\Windows\system32\xa103051062.exe
2009-06-01 12:25:12 . 2009-06-01 12:24:32 0 d-----w- C:\Program Files\Quest3D Viewers 3.0e
2009-06-01 12:24:10 . 2009-06-01 12:24:10 2825407 ----a-w- C:\Windows\system32\xa18066078.exe
2009-06-01 12:24:10 . 2009-06-01 12:24:10 2825407 ----a-w- C:\Windows\system32\xa18065640.exe
2009-05-28 11:14:07 . 2009-02-20 03:37:20 0 d-----w- C:\Program Files\Sony
2009-05-28 11:13:54 . 2009-02-20 03:38:03 0 d-----w- C:\ProgramData\Sony Corporation
2009-05-24 11:53:16 . 2009-05-24 11:53:16 0 d-----w- C:\Program Files\Common Files\CASIO
2009-05-24 11:52:57 . 2009-05-24 11:52:57 0 d-----w- C:\Users\Pete\AppData\Roaming\InstallShield
2009-05-24 06:25:37 . 2009-02-20 03:36:27 0 d-----w- C:\Users\Pete\AppData\Roaming\Sony Corporation
2009-05-24 06:25:07 . 2009-04-06 12:51:18 0 d-----w- C:\Program Files\Common Files\PX Storage Engine
2009-05-24 06:24:48 . 2009-02-20 03:36:26 0 d-----w- C:\Program Files\Common Files\Sony Shared
2009-05-24 06:16:57 . 2009-05-24 06:16:30 0 d-----w- C:\ProgramData\WinZip
2009-05-24 05:55:35 . 2009-05-24 05:55:35 29926 ----a-r- C:\Users\Pete\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe
2009-05-24 05:55:35 . 2009-05-24 05:55:35 29422 ----a-r- C:\Users\Pete\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe
2009-05-23 05:51:09 . 2009-05-23 03:10:08 0 d-----w- C:\Program Files\QCP Converter
2009-05-23 03:35:21 . 2009-05-23 03:35:21 200 ----a-w- C:\Windows\QCPC80UI.dat
2009-05-22 14:45:33 . 2009-05-22 14:45:33 0 d-----w- C:\ProgramData\NCH Software
2009-05-22 14:45:28 . 2009-03-23 06:40:47 0 d-----w- C:\Program Files\NCH Software
2009-05-21 11:49:44 . 2009-03-22 12:40:25 0 d-----w- C:\Program Files\Foxit Software
2009-05-16 14:04:35 . 2008-12-26 08:23:33 65144 ----a-w- C:\Windows\system32\drivers\catflt.sys
2009-05-14 09:24:35 . 2009-02-17 10:54:30 0 d-----w- C:\Users\Kirk and joel\AppData\Roaming\Skype
2009-05-13 15:05:26 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-05-13 14:53:50 . 2009-05-13 14:53:49 0 d-----w- C:\Program Files\Microsoft IntelliType Pro
2009-05-13 14:41:05 . 2009-05-13 14:33:14 0 d--h--w- C:\Program Files\Temp
2009-05-13 14:40:12 . 2008-11-23 07:25:00 319456 ----a-w- C:\Windows\DIFxAPI.dll
2009-05-13 14:40:05 . 2009-05-13 14:40:05 0 d-----w- C:\Program Files\Realtek
2009-05-13 14:29:10 . 2008-11-23 06:13:33 0 d-----w- C:\Program Files\Intel
2009-05-07 11:04:57 . 2009-05-07 11:04:57 30240 ----a-w- C:\Windows\system32\VRVD302.dll
2009-05-07 11:04:57 . 2009-05-07 11:04:57 11296 ----a-w- C:\Windows\system32\drivers\VRVD302.sys
2009-05-04 06:07:32 . 2009-05-06 01:09:33 2298680 ----a-w- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\7gkm3v1d.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-04-24 16:05:41 . 2009-06-11 00:18:10 827904 ----a-w- C:\Windows\system32\wininet.dll
2009-04-24 16:02:34 . 2009-06-11 00:18:08 78336 ----a-w- C:\Windows\system32\ieencode.dll
2009-04-24 13:44:28 . 2009-06-11 00:18:08 26624 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-04-23 16:43:36 . 2009-06-08 12:15:38 95544 ----a-w- C:\Windows\system32\drivers\AtiHdmi.sys
2009-04-23 12:43:04 . 2009-06-11 00:18:21 784896 ----a-w- C:\Windows\system32\rpcrt4.dll
2009-04-23 12:42:53 . 2009-06-11 00:18:19 636928 ----a-w- C:\Windows\system32\localspl.dll
2009-04-21 11:55:06 . 2009-06-11 00:18:17 2033152 ----a-w- C:\Windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 02:23:29 1233920]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 08:58:37 39408]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 09:51:28 3885408]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2009-01-29 05:01:36 23975720]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:23:32 1008184]
"X2net Smart Address Monitor"="C:\Program Files\X2Net\Smart Address\smartadr.exe" [2006-09-10 02:29:44 5533696]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 12:35:35 176128]
"Email Protection"="C:\PROGRA~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE" [2008-12-26 08:23:33 267640]
"Update Scheduler"="C:\PROGRA~1\QUICKH~1\QUICKH~1\UPSCHD.EXE" [2008-12-26 08:23:39 95608]
"On-Line Protection"="C:\PROGRA~1\QUICKH~1\QUICKH~1\CATEYE.EXE" [2009-05-16 14:04:35 210296]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-12-19 22:50:34 2656528]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-13 15:23:54 240112]
"CPMonitor"="C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe" [2009-04-20 15:10:48 84464]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-05 10:26:36 148888]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 08:34:30 6724128]
"Skytel"="C:\Program Files\Realtek\Audio\HDA\Skytel.exe" [2009-02-03 08:35:02 1833504]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2009-01-07 03:23:52 1496968]
"AdobeCS4ServiceManager"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 22:58:34 611712]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 08:11:14 61440]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-05-26 08:18:30 413696]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-2 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 01:13:36 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 03:05:34 356352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7752AF7B-30D1-47D9-81E3-0A26BDCBF68A}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{210DE7A2-BA94-4C1E-A751-F0C18389FA59}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1268BBA0-D4A6-4409-9328-3F6A03A65DCB}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{3C181503-DEE3-4B2B-AB73-0502BA55498A}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{8D00C49A-D8A8-4B4D-8B58-815551BC30B9}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{6C027501-6927-4BDA-AFF4-9E07BBBC1A18}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{43146211-AB60-432F-ADBA-7C17F75CD1F2}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{713524FB-A17A-4268-BE02-C3DCF22A3C13}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9DC94425-F210-4E6B-BE64-D3E20A6AB7BB}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{2B4FAA6C-3077-4BD7-BA0A-F848D70AAF96}C:\\program files\\videospeedy\\vspeedclient.exe"= UDP:C:\program files\videospeedy\vspeedclient.exe:VSpeedClient
"UDP Query User{BBDC43F6-66DC-4781-8A4E-91787BEADB20}C:\\program files\\videospeedy\\vspeedclient.exe"= TCP:C:\program files\videospeedy\vspeedclient.exe:VSpeedClient
"TCP Query User{01B01298-D832-4F0E-8B70-71907E926FA2}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{37F53D91-71FC-4DFD-968F-343A0B2AF2AD}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{39669D4A-3D32-488D-8C8A-D052FD13247D}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{23797C55-FC52-4D85-ADEF-F1C7FEBB81FA}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{1B9E13C4-7C8E-44BF-A994-A37655A0FC6F}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{6D91AAD8-4215-49B2-9F67-2EABC652F948}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
"{A639002D-69EB-414E-844C-AC62AB58F40C}"= UDP:6881:forutorrent
"{D4AD7FEE-715C-4C47-BD2F-11C433FA8D73}"= TCP:6881:utorrent
"TCP Query User{EFFCBF84-FC31-42E3-A529-865786997B5F}C:\\windows\\system32\\electricsheep.scr"= UDP:C:\windows\system32\electricsheep.scr:ElectricSheep
"UDP Query User{1B098215-3038-4D4E-A624-68CFCCC4CC98}C:\\windows\\system32\\electricsheep.scr"= TCP:C:\windows\system32\electricsheep.scr:ElectricSheep
"TCP Query User{A768315E-465E-4246-B220-E90569C04CF0}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{E34B0491-6F83-4979-9584-74FFEB9C0357}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{3D4E3BA9-A048-4D05-A252-3E4A74A07DF5}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{B8331415-1B4C-4131-BF07-C6F2E3B8A4D6}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{13904191-01FF-4F32-9E41-8246492191F8}C:\\users\\pete\\desktop\\keygen.genuine.fractals.6.0.exe"= UDP:C:\users\pete\desktop\keygen.genuine.fractals.6.0.exe:keygen.genuine.fractals.6.0.exe
"UDP Query User{57061AB0-81D4-416D-87D9-A0121A60125A}C:\\users\\pete\\desktop\\keygen.genuine.fractals.6.0.exe"= TCP:C:\users\pete\desktop\keygen.genuine.fractals.6.0.exe:keygen.genuine.fractals.6.0.exe
"{CE262FBD-E9A0-4655-B896-384615A26CBA}"= UDP:5353:Adobe CSI CS4
"{66E75643-5064-4E3A-BB1C-DC667B3C10A1}"= UDP:C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{2AEB4671-208E-4ADB-8FAC-22235D13BEB2}"= TCP:C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\System32\drivers\CLBStor.sys [31/01/2009 15:35:12 10368]
R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [18/10/2007 21:22:02 143360]
R1 c2scsi;c2scsi;C:\Windows\System32\drivers\C2SCSI.SYS [11/08/2008 11:03:24 254320]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05:54 9968]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05:52 72944]
R1 StarPortLite;StarPort Storage Controller (Lite);C:\Windows\System32\drivers\StarPortLite.sys [18/01/2009 17:11:42 93544]
R2 catflt;catflt;C:\Windows\System32\drivers\catflt.sys [26/12/2008 17:23:33 65144]
R2 EMLSS;EMLSS;C:\Windows\System32\drivers\EMLTDI.SYS [26/12/2008 17:23:39 28656]
R2 Online Protection System;Online Protection System;C:\PROGRA~1\QUICKH~1\QUICKH~1\opssvc.exe [26/12/2008 17:23:33 17272]
R2 Quick Heal Antivirus Plus Mail Protection;Quick Heal Antivirus Plus Mail Protection;C:\Program Files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROXY.EXE [26/12/2008 17:23:33 50552]
R2 Quick Update Service;Quick Update Service;C:\PROGRA~1\QUICKH~1\QUICKH~1\quhlpsvc.exe [26/12/2008 17:23:33 58744]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [07/05/2009 21:20:25 1153368]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [13/06/2009 14:43:18 1373480]
R2 VRAID Log Service;VRAID Log Service;C:\Program Files\VIA\RAID\vialogsv.exe [12/01/2009 11:04:00 52888]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\Windows\System32\drivers\AtiHdmi.sys [08/06/2009 21:15:38 95544]
R3 VRVD302;VRVD302;C:\Windows\System32\drivers\VRVD302.sys [07/05/2009 20:04:57 11296]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [14/08/2008 00:25:24 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [14/08/2008 00:24:06 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [14/08/2008 00:24:02 170480]
S3 ck09bus;au CA001;C:\Windows\System32\drivers\ck09bus.sys [24/05/2009 20:53:16 83328]
S3 ck09diag;_au CA001 Serial Port (WDM);C:\Windows\System32\drivers\ck09diag.sys [24/05/2009 20:53:16 98176]
S3 ck09mdfl;au CA001 Modem Filter;C:\Windows\System32\drivers\ck09mdfl.sys [24/05/2009 20:53:16 14848]
S3 ck09mdm;au CA001 Modem Drivers;C:\Windows\System32\drivers\ck09mdm.sys [24/05/2009 20:53:16 109696]
S3 DrmCAudio;DrmCAudio;C:\Windows\System32\drivers\DrmCAudio.sys [23/03/2009 15:13:32 23096]
S3 DrmCVideo;DrmCVideo;C:\Windows\System32\drivers\DrmCVideo.sys [23/03/2009 15:13:32 3768]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [21/03/2009 21:17:00 55280]
S3 fsssvc;Windows Live Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08:58 533360]
S3 IdcPHid;IdeaCom HID Touch Screen Driver (PS/2);C:\Windows\System32\drivers\idcphid.sys [11/12/2008 10:28:40 16256]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [14/08/2008 00:25:20 313840]
S3 RoxMediaDB11;RoxMediaDB11;C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [08/01/2009 15:52:48 1122304]
S3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05:56 7408]
1) Then in the blue window a line appeared saying "The system cannot find the file C:\Combofix\NirCmd.cfexe" Simultaneously a windows error message popped up saying "Windows cannot find hidec.exe"
2) my desktop has disappeared, and firefox is not now my default browser.
3) Sorry, I guess my programmed instinct to click on windows "OK" button got the better of me.
1) Those are all Combofix files, it's possible that your Antivirus reactivated and deleted them.
2) Yes, combofix did that, I wouldn't restore them until after we have finished cleaning though.
3) That's probably what got you infected in the first place :lol:
Please run the Kaspersky scan now and post the log :)
Hi, just wondering if you are online now for a quick question. Kaspersky has now been running for 9 hours 40 mins, and is coming to the end of my last drive. It shows the scan as 98% complete, but has been stuck there for over an hour while scanning an inbox.dbx file located within a 200mb bkf backup file of local settings (from my last machine), which I am fairly sure I no longer need. I saw something about Kaspersky not being able to scan Outlook databases and wondered if things have ground to a halt? I suppose it would scew things up if I just deleted this file? Or if I stopped the scan, would I be able to see the report so far, then delete the bkf file and start a new scan for the remainder? So far there are 3 "threat names" and 4 "infected objects" reported in red. Or should I just be patient...? :banghead:
I've seen lot's of Kaspersky logs that had inbox.dbx in them, so it should be able to scan it.
Give it a bit longer, and if it still hasn't moved then you can cancel and still get a log.
I gave it a couple more hours, still stuck, so tried the view log button. it gave me the locations of 4 things it had found, none on C:\ though one was apparently a worm, and one was "not-a-virus"! Anyway, the save log was greyed out, and I lost it! I have now got rid of the file which seemed to be causing the problem, (maybe it was corrupted?) and will run the scan again overnight, posting results as soon as I can.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, July 10, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 09, 2009 12:59:55
Records in database: 2449369
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
B:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
Scan statistics:
Files scanned: 185132
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 04:31:20
File name / Threat name / Threats count
C:\oldXPDocuments and Settings\oldXPPete\My Documents\Outlook Expressinbox2008\Deleted Items.dbx Infected: Worm.Win32.AutoRun.qma 1
C:\oldXPDocuments and Settings\oldXPPete\My Documents\Outlook Expressinbox2008\Deleted Items.dbx Infected: Trojan-Downloader.Win32.Exchanger.agc 1
C:\transferred frrom Maxtor\Drivers and installs\NewXPkey.zip Infected: not-a-virus:PSWTool.Win32.RAS.a 2
The selected area was scanned.
C:\transferred frrom Maxtor\Drivers and installs\NewXPkey.zip
Do you know what this is ?
Not too sure, to be honest, but I THINK it may be a utility I used to retrieve license keys once when I had to reinstall everything. I had an awful lot of problems a couple of years back, couldn't remember what had been preinstalled on my system, couldn't find which disk/backup/license key matched what. The name and location suggests more that it is used for creating a key though - may have already been on the system when I got it, may have been something I got hold of when I was trying to figure out what to do at the time. Do you think anything can be trusted if it is labeled "not a virus"? !
I should probably delete the whole "deleted items.dbx" file and the XPkey thing do you think? This is backup stuff from quite a while back, when I moved over to the new machine - I didn't realise they were still lurking around. Or should they be shredded?
Information
1) Do you think anything can be trusted if it is labeled "not a virus"? !
2) I should probably delete the whole "deleted items.dbx" file and the XPkey thing do you think?
1) I wouldn't trust anything that has "XPkey" in the name.
2) Don't worry, I'll remove them safely
----------------------------------------------------------------------------------------
Step 1
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File::
C:\oldXPDocuments and Settings\oldXPPete\My Documents\Outlook Expressinbox2008\Deleted Items.dbx
C:\transferred frrom Maxtor\Drivers and installs\NewXPkey.zip
Folder::
C:\Users\Pete\AppData\Roaming\uTorrent
C:\Users\Pete\AppData\Roaming\Shareaza
C:\Users\Pete\AppData\Roaming\FrostWire
Driver::
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6C027501-6927-4BDA-AFF4-9E07BBBC1A18}"=-
"{43146211-AB60-432F-ADBA-7C17F75CD1F2}"=-
"TCP Query User{1B9E13C4-7C8E-44BF-A994-A37655A0FC6F}C:\\program files\\frostwire\\frostwire.exe"=-
"UDP Query User{6D91AAD8-4215-49B2-9F67-2EABC652F948}C:\\program files\\frostwire\\frostwire.exe"=-
"{A639002D-69EB-414E-844C-AC62AB58F40C}"=-
"{D4AD7FEE-715C-4C47-BD2F-11C433FA8D73}"=-
"TCP Query User{13904191-01FF-4F32-9E41-8246492191F8}C:\\users\\pete\\desktop\\keygen.genuine.fractals.6.0.exe"=-
"UDP Query User{57061AB0-81D4-416D-87D9-A0121A60125A}C:\\users\\pete\\desktop\\keygen.genuine.fractals.6.0.exe"=-
ADS::
Save this as CFScript.txt and place it on your desktop.
http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
----------------------------------------------------------------------------------------
Step 2
Disable resident protections (Antivirus...); you'll re-enable them after the scan
Download Lop S&D < here (http://eric.71.mespages.googlepages.com/LopSD.exe)
Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Combofix Log
Lop SD Log
How are things running now ?
Ready to go, but just thought I would check before I start - last time I ran combofix, something weird happened which you said might have been caused by my antivirus deleting some of its files. Quickheal may have activated on reboot, which option I have now disabled. I thought it might be better to redownload combofix in case something is missing, or does it now hold some essential system-specific information? Or am I just thinking too much?
I thought it might be better to redownload Combofix
It will certainly be better to download a fresh copy :)
ComboFix 09-07-09.08 - Pete 10/07/2009 23:28.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3322.1923 [GMT 9:00]
Running from: c:\users\Pete\Desktop\ComboFix.exe
Command switches used :: c:\users\Pete\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\oldxpdocuments and settings\oldXPPete\My Documents\Outlook Expressinbox2008\Deleted Items.dbx"
"c:\transferred frrom maxtor\Drivers and installs\NewXPkey.zip"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\oldxpdocuments and settings\oldXPPete\My Documents\Outlook Expressinbox2008\Deleted Items.dbx
c:\transferred frrom maxtor\Drivers and installs\NewXPkey.zip
c:\users\Pete\AppData\Roaming\FrostWire
c:\users\Pete\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
c:\users\Pete\AppData\Roaming\FrostWire\checkandupdate.txt
c:\users\Pete\AppData\Roaming\FrostWire\createtimes.cache
c:\users\Pete\AppData\Roaming\FrostWire\downloads.dat
c:\users\Pete\AppData\Roaming\FrostWire\fileurns.cache
c:\users\Pete\AppData\Roaming\FrostWire\filters.props
c:\users\Pete\AppData\Roaming\FrostWire\frostwire.props
c:\users\Pete\AppData\Roaming\FrostWire\gnutella.net
c:\users\Pete\AppData\Roaming\FrostWire\installation.props
c:\users\Pete\AppData\Roaming\FrostWire\intent.props
c:\users\Pete\AppData\Roaming\FrostWire\library.dat
c:\users\Pete\AppData\Roaming\FrostWire\mojito.props
c:\users\Pete\AppData\Roaming\FrostWire\questions.props
c:\users\Pete\AppData\Roaming\FrostWire\responses.cache
c:\users\Pete\AppData\Roaming\FrostWire\simpp.xml
c:\users\Pete\AppData\Roaming\FrostWire\spam.dat
c:\users\Pete\AppData\Roaming\FrostWire\tables.props
c:\users\Pete\AppData\Roaming\FrostWire\themes\frostwirePro_theme.fwtp
c:\users\Pete\AppData\Roaming\FrostWire\themes\frostwirePro_theme\theme.txt
c:\users\Pete\AppData\Roaming\FrostWire\themes\frostwirePro_theme\version.txt
c:\users\Pete\AppData\Roaming\FrostWire\ttrees.cache
c:\users\Pete\AppData\Roaming\FrostWire\ttroot.cache
c:\users\Pete\AppData\Roaming\FrostWire\version.xml
c:\users\Pete\AppData\Roaming\FrostWire\xml\data\audio.sxml2
c:\users\Pete\AppData\Roaming\FrostWire\xml\data\video.sxml2
c:\users\Pete\AppData\Roaming\Shareaza
c:\users\Pete\AppData\Roaming\Shareaza\Torrents\The.Devils.Whore.Part4.HDTV.XviD-BiA.avi.torrent
c:\users\Pete\AppData\Roaming\uTorrent
c:\users\Pete\AppData\Roaming\uTorrent\2005 - Have a Nice Day.torrent
c:\users\Pete\AppData\Roaming\uTorrent\20081206-2.torrent
c:\users\Pete\AppData\Roaming\uTorrent\A candle for Judith.torrent
c:\users\Pete\AppData\Roaming\uTorrent\Abbey Road.torrent
c:\users\Pete\AppData\Roaming\uTorrent\acs.torrent
c:\users\Pete\AppData\Roaming\uTorrent\Adobe Photoshop CS4 Extended [CLEAN] [blaze69].7z.torrent
c:\users\Pete\AppData\Roaming\uTorrent\Band of Brothers - all 10 episodes.DVDrip.Eng.(Opt NL Subs).WS.XviD-Relicdude.torrent
c:\users\Pete\AppData\Roaming\uTorrent\Bon Jovi - Have A Nice Day -Japan Tour Edition- - 320Kbps - Demon's Eye.torrent
c:\users\Pete\AppData\Roaming\uTorrent\Bon Jovi - Have A Nice Day (2005).torrent
c:\users\Pete\AppData\Roaming\uTorrent\CCR Chronicle, Vol. 1 - The 20 Greatest Hits.torrent
c:\users\Pete\AppData\Roaming\uTorrent\Clannad-The Best Of.torrent
c:\users\Pete\AppData\Roaming\uTorrent\ComicStripDVD2.iso.torrent
c:\users\Pete\AppData\Roaming\uTorrent\ComicStripDVD3.iso.torrent
c:\users\Pete\AppData\Roaming\uTorrent\ComicStripDVD4.iso.torrent
c:\users\Pete\AppData\Roaming\uTorrent\ComicStripDVD5.iso.torrent
c:\users\Pete\AppData\Roaming\uTorrent\ComicStripDVD6.iso.torrent
c:\users\Pete\AppData\Roaming\uTorrent\ComicStripDVD7.iso.torrent
c:\users\Pete\AppData\Roaming\uTorrent\ComicStripDVD8.iso.torrent
c:\users\Pete\AppData\Roaming\uTorrent\ComicStripSVS1.ISO.torrent
c:\users\Pete\AppData\Roaming\uTorrent\dht.dat
c:\users\Pete\AppData\Roaming\uTorrent\Jason Mraz We Sing, We Dance, We Steal Things 2008.torrent
c:\users\Pete\AppData\Roaming\uTorrent\Lynyrd Skynyrd - The Essential.torrent
c:\users\Pete\AppData\Roaming\uTorrent\Meerkat Manor - Season 3.torrent
c:\users\Pete\AppData\Roaming\uTorrent\Meerkat Manor Season 1.torrent
c:\users\Pete\AppData\Roaming\uTorrent\Meerkat Manor Season 2.torrent
c:\users\Pete\AppData\Roaming\uTorrent\Midnight Special v2.torrent
c:\users\Pete\AppData\Roaming\uTorrent\Mr Bean - Complete Mr Bean On One DVD.torrent
c:\users\Pete\AppData\Roaming\uTorrent\resume.dat
c:\users\Pete\AppData\Roaming\uTorrent\Roxio Creator 2009 Keygen.exe.torrent
c:\users\Pete\AppData\Roaming\uTorrent\ROXIO CREATOR 2009.rar.torrent
c:\users\Pete\AppData\Roaming\uTorrent\rss.dat
c:\users\Pete\AppData\Roaming\uTorrent\settings.dat
c:\users\Pete\AppData\Roaming\uTorrent\Sky Angel Vol. 64 - Kyoka Ishiguro, Izumi Mori (SKY102).avi.torrent
c:\users\Pete\AppData\Roaming\uTorrent\Slade - Feel The Noize [Greatest Hits].torrent
c:\users\Pete\AppData\Roaming\uTorrent\Stock Photo Clip Art 100000 Pics (7CDs).torrent
c:\users\Pete\AppData\Roaming\uTorrent\The Beach boys - Greatest hits.torrent
c:\users\Pete\AppData\Roaming\uTorrent\The Beatles - Sgt. Pepper's Lonely Hearts Club Band.torrent
c:\users\Pete\AppData\Roaming\uTorrent\The Very Best Of T Rex (MP3 VBR V0).torrent
c:\users\Pete\AppData\Roaming\uTorrent\The.Devils.Whore.Part1.HDTV.XviD-BiA.avi.torrent
c:\users\Pete\AppData\Roaming\uTorrent\utorrent-help.zip
c:\users\Pete\AppData\Roaming\uTorrent\utorrent.chm
c:\users\Pete\AppData\Roaming\uTorrent\utorrent.lng
c:\users\Pete\AppData\Roaming\uTorrent\Zeitgeist.Remastered.Edition.2007.DVDRip.XviD.torrent
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
---- Previous Run -------
.
c:\users\Pete\AppData\Roaming\inst.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\Installer\230ce5.msi
c:\windows\system32\ATIODCLI.exe
c:\windows\system32\ATIODE.exe
c:\windows\system32\kungsfyxmccsbo.dat
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_kungsfweppmsdn
((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.
2009-07-10 14:32 . 2009-07-10 14:32 -------- d-----w- c:\users\Kirk and joel\AppData\Local\temp
2009-07-09 00:03 . 2009-07-09 00:03 -------- d-----w- c:\windows\Sun
2009-07-07 02:02 . 2009-07-07 02:03 -------- d-----w- c:\program files\ERUNT
2009-07-05 04:03 . 2009-07-05 04:03 -------- d-----w- c:\program files\Trend Micro
2009-07-03 12:13 . 2009-07-03 12:19 -------- d-----w- c:\users\Pete\AppData\Roaming\GHISLER
2009-07-03 12:13 . 2009-07-03 12:16 -------- d-----w- c:\program files\totalcmd
2009-07-03 12:13 . 2008-08-07 22:04 545 ----a-w- c:\windows\UC.PIF
2009-07-03 12:13 . 2008-08-07 22:04 545 ----a-w- c:\windows\RAR.PIF
2009-07-03 12:13 . 2008-08-07 22:04 545 ----a-w- c:\windows\PKZIP.PIF
2009-07-03 12:13 . 2008-08-07 22:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-07-03 12:13 . 2008-08-07 22:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-07-03 12:13 . 2008-08-07 22:04 545 ----a-w- c:\windows\LHA.PIF
2009-07-03 12:13 . 2008-08-07 22:04 545 ----a-w- c:\windows\ARJ.PIF
2009-07-02 15:30 . 2009-07-10 07:01 -------- d-----w- c:\users\Mina\AppData\Roaming\skypePM
2009-07-01 14:20 . 2009-07-01 14:20 -------- d-----w- c:\program files\Enigma Software Group
2009-07-01 13:51 . 2009-07-01 22:12 117760 ----a-w- c:\users\Pete\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-01 13:49 . 2009-07-01 13:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-07-01 13:49 . 2009-07-01 22:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-01 13:49 . 2009-07-01 13:49 -------- d-----w- c:\users\Pete\AppData\Roaming\SUPERAntiSpyware.com
2009-07-01 13:48 . 2009-07-01 13:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-01 10:18 . 2009-07-01 10:18 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18 . 2009-07-01 10:18 3561743 ----a-w- c:\programdata\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18 . 2009-07-01 10:18 3561743 ----a-w- c:\programdata\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18 . 2009-07-01 10:18 3561743 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18 . 2009-07-01 10:18 3561743 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18 . 2009-07-01 10:18 3561743 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18 . 2009-07-01 10:18 3561743 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18 . 2009-07-01 10:18 3561743 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18 . 2009-07-01 10:18 3561743 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18 . 2009-07-01 10:18 3561743 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18 . 2009-07-01 10:18 3561743 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 10:18 . 2009-07-01 10:18 3561743 ----a-w- c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-01 09:01 . 2009-07-01 10:17 -------- d-----w- c:\programdata\Symantec
2009-06-30 22:09 . 2009-07-01 10:17 -------- d-----w- c:\program files\Norton Security Scan
2009-06-20 16:05 . 2009-06-20 16:05 5589408 ----a-w- c:\users\Pete\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.5.3.exe
2009-06-20 16:05 . 2009-06-20 16:05 -------- d-----w- c:\users\Pete\AppData\Roaming\TVU networks
2009-06-20 13:53 . 2009-06-20 13:53 -------- d-----w- c:\windows\system32\Adobe
2009-06-18 14:25 . 2009-07-08 05:45 -------- d-----w- c:\users\Kirk and joel\AppData\Roaming\WTablet
2009-06-16 12:30 . 2009-06-16 12:30 -------- d-----w- c:\program files\QuickTime
2009-06-16 12:30 . 2009-06-16 12:30 -------- d-----w- c:\programdata\Apple Computer
2009-06-14 00:56 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-14 00:56 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-13 11:54 . 2009-06-13 11:54 -------- d-----w- c:\users\Pete\AppData\Roaming\ImgBurn
2009-06-13 11:54 . 2009-06-13 11:54 -------- d-----w- c:\program files\ImgBurn
2009-06-13 05:45 . 2009-07-10 14:48 -------- d-----w- c:\users\Pete\AppData\Roaming\WTablet
2009-06-13 05:44 . 2007-02-15 07:11 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
2009-06-13 05:43 . 2009-06-13 05:43 -------- d-----w- c:\windows\system32\WTablet
2009-06-13 05:43 . 2007-02-16 02:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2009-06-13 05:43 . 2007-02-16 01:30 12848 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2009-06-13 05:43 . 2007-09-07 02:40 1373480 ----a-w- c:\windows\system32\Wacom_Tablet.exe
2009-06-13 05:43 . 2007-09-07 02:33 128296 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2009-06-13 05:43 . 2007-09-07 02:20 181544 ----a-w- c:\windows\system32\Wintab32.dll
2009-06-13 05:43 . 2009-06-13 05:44 -------- d-----w- c:\program files\Tablet
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 14:20 . 2009-02-01 12:34 -------- d-----w- c:\users\Mina\AppData\Roaming\Skype
2009-07-10 13:04 . 2008-11-24 06:35 -------- d-----w- c:\users\Pete\AppData\Roaming\Skype
2009-07-10 07:02 . 2008-11-24 06:35 -------- d-----w- c:\users\Pete\AppData\Roaming\skypePM
2009-07-09 09:00 . 2009-06-13 07:49 -------- d-----w- c:\users\Mina\AppData\Roaming\WTablet
2009-07-08 23:48 . 2008-11-23 02:46 2032 ----a-w- c:\users\Pete\AppData\Local\d3d9caps.dat
2009-07-02 03:55 . 2008-11-23 07:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-01 11:43 . 2009-05-07 12:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-01 10:19 . 2009-06-02 14:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 11:26 . 2009-04-06 12:54 -------- d-----w- c:\programdata\Roxio
2009-06-17 02:27 . 2009-06-02 14:56 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 02:27 . 2009-06-02 14:56 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-15 08:38 . 2009-04-06 12:53 -------- d-----w- c:\programdata\Sonic
2009-06-13 01:23 . 2009-01-31 06:29 -------- d-----w- c:\program files\CyberLink
2009-06-13 01:21 . 2009-04-06 12:50 -------- d-----w- c:\programdata\SmartSound Software Inc
2009-06-10 00:33 . 2009-06-10 00:33 -------- d-----w- c:\users\Kirk and joel\AppData\Roaming\ATI
2009-06-08 00:15 . 2009-06-08 00:15 -------- d-----w- c:\users\Mina\AppData\Roaming\ATI
2009-06-07 12:05 . 2009-06-07 12:05 2825407 ----a-w- c:\windows\system32\xa488515.exe
2009-06-07 12:05 . 2009-06-07 12:05 2825407 ----a-w- c:\windows\system32\xa488171.exe
2009-06-07 11:59 . 2009-06-07 11:59 -------- d-----w- c:\users\Pete\AppData\Roaming\ATI
2009-06-07 11:59 . 2009-06-07 11:59 -------- d-----w- c:\programdata\ATI
2009-06-07 11:08 . 2009-06-07 11:05 -------- d-----w- c:\program files\ATI Technologies
2009-06-07 11:07 . 2009-06-07 11:07 9158 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2009-06-07 11:07 . 2009-06-07 11:07 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-06-07 11:07 . 2009-06-07 11:07 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-07 11:05 . 2009-06-07 11:05 -------- d-----w- c:\program files\ATI
2009-06-07 01:29 . 2009-06-07 01:29 -------- d-----w- c:\program files\Focus Multimedia
2009-06-07 01:29 . 2009-06-06 13:03 -------- d-----w- c:\users\Pete\AppData\Roaming\Hemera
2009-06-06 13:04 . 2009-06-06 13:04 -------- d-----w- c:\programdata\Hemera
2009-06-06 13:02 . 2009-06-06 13:02 -------- d-----w- c:\programdata\GraphicsDesk
2009-06-04 08:01 . 2008-11-24 07:21 113584 ----a-w- c:\users\Kirk and joel\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-03 22:55 . 2008-11-24 07:14 113584 ----a-w- c:\users\Mina\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-03 14:19 . 2009-06-03 14:19 -------- d-----w- c:\programdata\onOne Software
2009-06-03 14:19 . 2009-06-03 14:19 -------- d-----w- c:\program files\onOne Software
2009-06-03 13:52 . 2008-11-23 02:46 113584 ----a-w- c:\users\Pete\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-03 13:52 . 2009-06-03 13:52 -------- d-----w- c:\programdata\FLEXnet
2009-06-03 13:49 . 2008-11-23 07:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-03 13:48 . 2009-06-03 13:48 -------- d-----w- c:\program files\Adobe Media Player
2009-06-03 13:47 . 2009-06-03 13:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-03 13:43 . 2009-06-03 13:43 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-02 14:56 . 2009-06-02 14:56 -------- d-----w- c:\users\Pete\AppData\Roaming\Malwarebytes
2009-06-02 14:56 . 2009-06-02 14:56 -------- d-----w- c:\programdata\Malwarebytes
2009-06-02 12:26 . 2009-06-02 12:26 -------- d-----w- c:\users\Pete\AppData\Roaming\onOne Software
2009-06-02 12:00 . 2009-06-02 12:00 248401479 ----a-w- c:\windows\system32\xa103059437.exe
2009-06-02 12:00 . 2009-06-02 12:00 248401479 ----a-w- c:\windows\system32\xa103051062.exe
2009-06-01 12:25 . 2009-06-01 12:24 -------- d-----w- c:\program files\Quest3D Viewers 3.0e
2009-06-01 12:24 . 2009-06-01 12:24 2825407 ----a-w- c:\windows\system32\xa18066078.exe
2009-06-01 12:24 . 2009-06-01 12:24 2825407 ----a-w- c:\windows\system32\xa18065640.exe
2009-05-28 11:14 . 2009-02-20 03:37 -------- d-----w- c:\program files\Sony
2009-05-28 11:13 . 2009-02-20 03:38 -------- d-----w- c:\programdata\Sony Corporation
2009-05-24 11:53 . 2009-05-24 11:53 -------- d-----w- c:\program files\Common Files\CASIO
2009-05-24 11:52 . 2009-05-24 11:52 -------- d-----w- c:\users\Pete\AppData\Roaming\InstallShield
2009-05-24 06:25 . 2009-02-20 03:36 -------- d-----w- c:\users\Pete\AppData\Roaming\Sony Corporation
2009-05-24 06:25 . 2009-04-06 12:51 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-24 06:24 . 2009-02-20 03:36 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-05-24 06:16 . 2009-05-24 06:16 -------- d-----w- c:\programdata\WinZip
2009-05-24 05:55 . 2009-05-24 05:55 29926 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_18be6784.exe
2009-05-24 05:55 . 2009-05-24 05:55 29422 ----a-r- c:\users\Pete\AppData\Roaming\Microsoft\Installer\{394BE3D9-7F57-4638-A8D1-1D88671913B7}\_294823.exe
2009-05-23 05:51 . 2009-05-23 03:10 -------- d-----w- c:\program files\QCP Converter
2009-05-23 03:35 . 2009-05-23 03:35 200 ----a-w- c:\windows\QCPC80UI.dat
2009-05-22 14:45 . 2009-05-22 14:45 -------- d-----w- c:\programdata\NCH Software
2009-05-22 14:45 . 2009-03-23 06:40 -------- d-----w- c:\program files\NCH Software
2009-05-21 11:49 . 2009-03-22 12:40 -------- d-----w- c:\program files\Foxit Software
2009-05-16 14:04 . 2008-12-26 08:23 65144 ----a-w- c:\windows\system32\drivers\catflt.sys
2009-05-14 09:24 . 2009-02-17 10:54 -------- d-----w- c:\users\Kirk and joel\AppData\Roaming\Skype
2009-05-13 15:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-13 14:53 . 2009-05-13 14:53 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2009-05-13 14:41 . 2009-05-13 14:33 -------- d--h--w- c:\program files\Temp
2009-05-13 14:40 . 2008-11-23 07:25 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-05-13 14:40 . 2009-05-13 14:40 -------- d-----w- c:\program files\Realtek
2009-05-13 14:29 . 2008-11-23 06:13 -------- d-----w- c:\program files\Intel
2009-05-07 11:04 . 2009-05-07 11:04 30240 ----a-w- c:\windows\system32\VRVD302.dll
2009-05-07 11:04 . 2009-05-07 11:04 11296 ----a-w- c:\windows\system32\drivers\VRVD302.sys
2009-05-04 06:07 . 2009-05-06 01:09 2298680 ----a-w- c:\users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\7gkm3v1d.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-04-24 16:05 . 2009-06-11 00:18 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-11 00:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-11 00:18 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 16:43 . 2009-06-08 12:15 95544 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2009-04-23 12:43 . 2009-06-11 00:18 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 00:18 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-11 00:18 2033152 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-08_14.18.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-07-08 23:50 86988 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-08 23:50 89248 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-11-23 02:48 . 2009-07-08 23:50 12708 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1013437786-1395498018-647586148-1000_UserData.bin
- 2008-11-23 02:45 . 2009-07-08 08:30 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-23 02:45 . 2009-07-10 13:05 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-23 02:45 . 2009-07-10 13:05 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-23 02:45 . 2009-07-08 08:30 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-11-23 02:45 . 2009-07-10 13:05 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-11-23 02:45 . 2009-07-08 08:30 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-10 14:34 . 2009-07-10 14:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-08 14:06 . 2009-07-08 14:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-10 14:34 . 2009-07-10 14:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-08 14:06 . 2009-07-08 14:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-07-10 14:38 599942 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-08 14:12 599942 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-10 14:38 105448 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-08 14:12 105448 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-19 39408]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"X2net Smart Address Monitor"="c:\program files\X2Net\Smart Address\smartadr.exe" [2006-09-10 5533696]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"Update Scheduler"="c:\progra~1\QUICKH~1\QUICKH~1\UPSCHD.EXE" [2008-12-26 95608]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-19 2656528]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-13 240112]
"CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2009-04-20 84464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-05 148888]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-03 6724128]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-03 1833504]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-01-07 1496968]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Email Protection"="c:\progra~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE" [2008-12-26 267640]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-2 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 03:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7752AF7B-30D1-47D9-81E3-0A26BDCBF68A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{210DE7A2-BA94-4C1E-A751-F0C18389FA59}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{1268BBA0-D4A6-4409-9328-3F6A03A65DCB}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{3C181503-DEE3-4B2B-AB73-0502BA55498A}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{8D00C49A-D8A8-4B4D-8B58-815551BC30B9}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{713524FB-A17A-4268-BE02-C3DCF22A3C13}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9DC94425-F210-4E6B-BE64-D3E20A6AB7BB}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{2B4FAA6C-3077-4BD7-BA0A-F848D70AAF96}c:\\program files\\videospeedy\\vspeedclient.exe"= UDP:c:\program files\videospeedy\vspeedclient.exe:VSpeedClient
"UDP Query User{BBDC43F6-66DC-4781-8A4E-91787BEADB20}c:\\program files\\videospeedy\\vspeedclient.exe"= TCP:c:\program files\videospeedy\vspeedclient.exe:VSpeedClient
"TCP Query User{01B01298-D832-4F0E-8B70-71907E926FA2}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{37F53D91-71FC-4DFD-968F-343A0B2AF2AD}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{39669D4A-3D32-488D-8C8A-D052FD13247D}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{23797C55-FC52-4D85-ADEF-F1C7FEBB81FA}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{EFFCBF84-FC31-42E3-A529-865786997B5F}c:\\windows\\system32\\electricsheep.scr"= UDP:c:\windows\system32\electricsheep.scr:ElectricSheep
"UDP Query User{1B098215-3038-4D4E-A624-68CFCCC4CC98}c:\\windows\\system32\\electricsheep.scr"= TCP:c:\windows\system32\electricsheep.scr:ElectricSheep
"TCP Query User{A768315E-465E-4246-B220-E90569C04CF0}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{E34B0491-6F83-4979-9584-74FFEB9C0357}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{3D4E3BA9-A048-4D05-A252-3E4A74A07DF5}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{B8331415-1B4C-4131-BF07-C6F2E3B8A4D6}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{CE262FBD-E9A0-4655-B896-384615A26CBA}"= UDP:5353:Adobe CSI CS4
"{66E75643-5064-4E3A-BB1C-DC667B3C10A1}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{2AEB4671-208E-4ADB-8FAC-22235D13BEB2}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 CLBStor;InstantBurn Storage Helper Driver;c:\windows\System32\drivers\CLBStor.sys [31/01/2009 15:35 10368]
R0 mv61xx;mv61xx;c:\windows\System32\drivers\mv61xx.sys [18/10/2007 21:22 143360]
R1 c2scsi;c2scsi;c:\windows\System32\drivers\C2SCSI.SYS [11/08/2008 11:03 254320]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05 72944]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\System32\drivers\StarPortLite.sys [18/01/2009 17:11 93544]
R2 catflt;catflt;c:\windows\System32\drivers\catflt.sys [26/12/2008 17:23 65144]
R2 EMLSS;EMLSS;c:\windows\System32\drivers\EMLTDI.SYS [26/12/2008 17:23 28656]
R2 Quick Heal Antivirus Plus Mail Protection;Quick Heal Antivirus Plus Mail Protection;c:\program files\Quick Heal\Quick Heal AntiVirus Plus\EMLPROXY.EXE [26/12/2008 17:23 50552]
R2 Quick Update Service;Quick Update Service;c:\progra~1\QUICKH~1\QUICKH~1\quhlpsvc.exe [26/12/2008 17:23 58744]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [07/05/2009 21:20 1153368]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\System32\Wacom_Tablet.exe [13/06/2009 14:43 1373480]
R2 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [12/01/2009 11:04 52888]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [08/06/2009 21:15 95544]
R3 VRVD302;VRVD302;c:\windows\System32\drivers\VRVD302.sys [07/05/2009 20:04 11296]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [14/08/2008 00:25 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [14/08/2008 00:24 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [14/08/2008 00:24 170480]
S3 ck09bus;au CA001;c:\windows\System32\drivers\ck09bus.sys [24/05/2009 20:53 83328]
S3 ck09diag;_au CA001 Serial Port (WDM);c:\windows\System32\drivers\ck09diag.sys [24/05/2009 20:53 98176]
S3 ck09mdfl;au CA001 Modem Filter;c:\windows\System32\drivers\ck09mdfl.sys [24/05/2009 20:53 14848]
S3 ck09mdm;au CA001 Modem Drivers;c:\windows\System32\drivers\ck09mdm.sys [24/05/2009 20:53 109696]
S3 DrmCAudio;DrmCAudio;c:\windows\System32\drivers\DrmCAudio.sys [23/03/2009 15:13 23096]
S3 DrmCVideo;DrmCVideo;c:\windows\System32\drivers\DrmCVideo.sys [23/03/2009 15:13 3768]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [21/03/2009 21:17 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 IdcPHid;IdeaCom HID Touch Screen Driver (PS/2);c:\windows\System32\drivers\idcphid.sys [11/12/2008 10:28 16256]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [14/08/2008 00:25 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [08/01/2009 15:52 1122304]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05 7408]
S4 Online Protection System;Online Protection System;c:\progra~1\QUICKH~1\QUICKH~1\opssvc.exe [26/12/2008 17:23 17272]
.
Contents of the 'Scheduled Tasks' folder
2009-07-05 c:\windows\Tasks\mondaymidnight.job
- c:\progra~1\QUICKH~1\QUICKH~1\scanner.exe [2008-12-26 14:04]
2009-07-10 c:\windows\Tasks\Resume Quickup Download.job
- c:\progra~1\QUICKH~1\QUICKH~1\ACAPPAA.EXE [2008-12-26 08:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.freemov2avi.com/search/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\7gkm3v1d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\7gkm3v1d.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}\plugins\npagent.dll
FF - plugin: c:\users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\7gkm3v1d.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 23:49
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1013437786-1395498018-647586148-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8A0EBB9D-E0A6-66C0-3438-C07F85A35B01}*]
"jainbcacbmpffgphongi"=hex:6f,61,68,64,64,67,68,68,65,66,67,63,69,68,69,6f,66,
70,66,70,6d,70,67,6f,6b,61,6e,6a,68,6b,00,b5
"hahnmcaamlkokhmo"=hex:6c,61,63,70,6c,6d,61,6a,68,67,65,62,66,69,6e,6d,6f,6a,
63,69,64,6f,63,6a,00,9b
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(7588)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\ASTSRV.EXE
c:\windows\System32\Crypserv.exe
c:\program files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\WTablet\Wacom_TabletUser.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-07-10 23:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-10 14:50
Pre-Run: 199,507,509,248 bytes free
Post-Run: 220,905,213,952 bytes free
489 --- E O F --- 2009-07-02 22:54
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz )
BIOS : Default System BIOS
USER : Pete ( Not Administrator ! )
BOOT : Normal boot
B:\ (USB)
C:\ (Local Disk) - NTFS - Total:465 Go (Free:195 Go)
D:\ (Local Disk) - NTFS - Total:298 Go (Free:44 Go)
E:\ (Local Disk) - NTFS - Total:57 Go (Free:57 Go)
F:\ (Local Disk) - NTFS - Total:74 Go (Free:53 Go)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (USB)
J:\ (CD or DVD)
K:\ (USB)
L:\ (USB)
M:\ (USB)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 11/07/2009| 0:10 )
[ UAC => 1 ]
--------------------\\ Listing folders in Local
[03/06/2009|23:07] C:\Users\Pete\AppData\Local\Adobe
[21/12/2008|21:49] C:\Users\Pete\AppData\Local\Apple
[28/12/2008|14:19] C:\Users\Pete\AppData\Local\Apple Computer
[23/11/2008|11:46] C:\Users\Pete\AppData\Local\Application Data
[04/01/2009|18:29] C:\Users\Pete\AppData\Local\Apps
[29/11/2008|18:39] C:\Users\Pete\AppData\Local\ashampoo
[07/06/2009|20:59] C:\Users\Pete\AppData\Local\ATI
[09/07/2009|08:48] C:\Users\Pete\AppData\Local\d3d9caps.dat
[09/07/2009|21:17] C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[06/04/2009|21:56] C:\Users\Pete\AppData\Local\desktop.ini
[12/12/2008|20:40] C:\Users\Pete\AppData\Local\Downloaded Installations
[12/12/2008|20:42] C:\Users\Pete\AppData\Local\eSupport.com
[03/06/2009|22:52] C:\Users\Pete\AppData\Local\GDIPFONTCACHEV1.DAT
[09/07/2009|09:02] C:\Users\Pete\AppData\Local\Google
[23/11/2008|11:46] C:\Users\Pete\AppData\Local\History
[11/07/2009|00:05] C:\Users\Pete\AppData\Local\IconCache.db
[10/12/2008|21:05] C:\Users\Pete\AppData\Local\Labels.ini
[06/04/2009|16:26] C:\Users\Pete\AppData\Local\Microsoft
[25/01/2009|13:13] C:\Users\Pete\AppData\Local\Microsoft Games
[23/11/2008|15:00] C:\Users\Pete\AppData\Local\MigWiz
[13/12/2008|17:47] C:\Users\Pete\AppData\Local\Mozilla
[16/02/2009|20:55] C:\Users\Pete\AppData\Local\Real
[06/04/2009|22:16] C:\Users\Pete\AppData\Local\RoxioCentralFx
[12/04/2009|15:30] C:\Users\Pete\AppData\Local\rx_image32.Cache
[05/02/2008|13:28] C:\Users\Pete\AppData\Local\setup.txt
[04/01/2009|02:19] C:\Users\Pete\AppData\Local\Stardock
[11/07/2009|00:08] C:\Users\Pete\AppData\Local\temp
[23/11/2008|11:46] C:\Users\Pete\AppData\Local\Temporary Internet Files
[21/03/2009|14:00] C:\Users\Pete\AppData\Local\TVU Networks
[24/11/2008|21:14] C:\Users\Pete\AppData\Local\VirtualStore
[02/07/2009|22:43] C:\Users\Pete\AppData\Local\WinZip
[11/02/2009|01:00] C:\Users\Pete\AppData\Local\Yahoo
--------------------\\ Scheduled Tasks located in C:\Windows\Tasks
[06/07/2009 00:20][--a------] C:\Windows\tasks\mondaymidnight.job
[11/07/2009 00:05][--a------] C:\Windows\tasks\Resume Quickup Download.job
[11/07/2009 00:07][--ah-----] C:\Windows\tasks\SA.DAT
[11/07/2009 00:05][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing Folders in C:\ProgramData
[03/06/2009|22:50] C:\ProgramData\Adobe
[08/01/2009|10:10] C:\ProgramData\AppData
[21/12/2008|21:49] C:\ProgramData\Apple
[16/06/2009|21:30] C:\ProgramData\Apple Computer
[02/11/2006|22:02] C:\ProgramData\Application Data
[29/11/2008|18:39] C:\ProgramData\ashampoo
[07/06/2009|20:59] C:\ProgramData\ATI
[23/11/2008|16:46] C:\ProgramData\CanonBJ
[31/01/2009|17:08] C:\ProgramData\CyberLink
[02/11/2006|22:02] C:\ProgramData\Desktop
[02/11/2006|22:02] C:\ProgramData\Documents
[02/11/2006|22:02] C:\ProgramData\Favorites
[03/06/2009|22:52] C:\ProgramData\FLEXnet
[19/01/2009|16:35] C:\ProgramData\Google
[06/06/2009|22:02] C:\ProgramData\GraphicsDesk
[06/06/2009|22:04] C:\ProgramData\Hemera
[06/04/2009|21:56] C:\ProgramData\InstallShield
[12/01/2009|14:47] C:\ProgramData\Logishrd
[28/11/2008|21:01] C:\ProgramData\Logitech
[02/06/2009|23:56] C:\ProgramData\Malwarebytes
[21/03/2009|20:56] C:\ProgramData\Microsoft
[22/05/2009|23:45] C:\ProgramData\NCH Software
[23/03/2009|15:47] C:\ProgramData\NCH Swift Sound
[23/11/2008|16:04] C:\ProgramData\NOS
[02/12/2008|13:01] C:\ProgramData\ntuser.pol
[03/06/2009|23:19] C:\ProgramData\onOne Software
[16/02/2009|20:55] C:\ProgramData\Real
[20/06/2009|20:26] C:\ProgramData\Roxio
[05/03/2009|21:37] C:\ProgramData\Skype
[13/06/2009|10:21] C:\ProgramData\SmartSound Software Inc
[15/06/2009|17:38] C:\ProgramData\Sonic
[20/02/2009|22:25] C:\ProgramData\SonicStage
[28/05/2009|20:13] C:\ProgramData\Sony Corporation
[10/02/2009|22:16] C:\ProgramData\Speedbit
[01/07/2009|20:43] C:\ProgramData\Spybot - Search & Destroy
[04/01/2009|02:19] C:\ProgramData\Stardock
[02/11/2006|22:02] C:\ProgramData\Start Menu
[01/07/2009|22:49] C:\ProgramData\SUPERAntiSpyware.com
[01/07/2009|19:17] C:\ProgramData\Symantec
[02/11/2006|22:02] C:\ProgramData\Templates
[21/03/2009|14:00] C:\ProgramData\TVU Networks
[06/04/2009|22:01] C:\ProgramData\Uninstall
[09/01/2009|18:09] C:\ProgramData\WindowsSearch
[24/05/2009|15:16] C:\ProgramData\WinZip
[24/11/2008|16:30] C:\ProgramData\WLInstaller
[11/02/2009|00:53] C:\ProgramData\Yahoo!
--------------------\\ Listing Folders in C:\Program Files
[03/06/2009|22:50] C:\Program Files\Adobe
[03/06/2009|22:48] C:\Program Files\Adobe Media Player
[10/12/2008|22:11] C:\Program Files\AMP Font Viewer
[21/12/2008|21:49] C:\Program Files\Apple Software Update
[21/02/2009|21:21] C:\Program Files\Ashampoo
[07/06/2009|20:05] C:\Program Files\ATI
[07/06/2009|20:08] C:\Program Files\ATI Technologies
[20/01/2009|19:55] C:\Program Files\Avi2Dvd
[20/01/2009|19:43] C:\Program Files\AviSynth 2.5
[09/01/2009|20:49] C:\Program Files\Canon
[14/12/2008|21:42] C:\Program Files\CanonBJ
[07/05/2009|21:09] C:\Program Files\CCleaner
[18/01/2009|12:09] C:\Program Files\CD-LabelPrint
[10/07/2009|23:30] C:\Program Files\Common Files
[13/06/2009|10:23] C:\Program Files\CyberLink
[06/04/2009|10:25] C:\Program Files\DAMN NFO Viewer
[31/01/2009|15:25] C:\Program Files\DIKO
[04/01/2009|17:05] C:\Program Files\DuplicateFileSearch2.1
[01/07/2009|23:20] C:\Program Files\Enigma Software Group
[07/07/2009|11:03] C:\Program Files\ERUNT
[07/06/2009|10:29] C:\Program Files\Focus Multimedia
[21/05/2009|20:49] C:\Program Files\Foxit Software
[19/01/2009|17:58] C:\Program Files\Google
[13/06/2009|20:54] C:\Program Files\ImgBurn
[02/07/2009|12:55] C:\Program Files\InstallShield Installation Information
[13/05/2009|23:29] C:\Program Files\Intel
[12/06/2009|03:04] C:\Program Files\Internet Explorer
[11/12/2008|23:04] C:\Program Files\IrfanView
[06/01/2009|10:03] C:\Program Files\IZArc
[20/04/2009|19:18] C:\Program Files\Java
[16/02/2009|21:00] C:\Program Files\K-Lite Codec Pack
[23/01/2009|10:06] C:\Program Files\K-Lite Video Conversion Pack
[12/01/2009|14:47] C:\Program Files\Logitech
[01/07/2009|19:19] C:\Program Files\Malwarebytes' Anti-Malware
[21/03/2009|21:15] C:\Program Files\Microsoft
[25/11/2008|23:09] C:\Program Files\Microsoft ActiveSync
[29/11/2008|16:57] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|21:37] C:\Program Files\Microsoft Games
[13/05/2009|23:53] C:\Program Files\Microsoft IntelliType Pro
[25/11/2008|23:09] C:\Program Files\Microsoft Office
[25/11/2008|23:09] C:\Program Files\Microsoft.NET
[21/01/2008|11:35] C:\Program Files\Movie Maker
[02/07/2009|07:13] C:\Program Files\Mozilla Firefox
[02/11/2006|21:37] C:\Program Files\MSBuild
[08/04/2009|01:04] C:\Program Files\MSXML 4.0
[22/05/2009|23:45] C:\Program Files\NCH Software
[23/03/2009|15:46] C:\Program Files\NCH Swift Sound
[01/07/2009|19:17] C:\Program Files\Norton Security Scan
[23/11/2008|16:04] C:\Program Files\NOS
[01/12/2008|19:18] C:\Program Files\Ntfs Data Recovery
[03/06/2009|23:19] C:\Program Files\onOne Software
[02/12/2008|11:18] C:\Program Files\Ontrack
[23/05/2009|14:51] C:\Program Files\QCP Converter
[01/06/2009|21:25] C:\Program Files\Quest3D Viewers 3.0e
[26/12/2008|17:22] C:\Program Files\Quick Heal
[24/03/2009|10:10] C:\Program Files\QuickMediaConverter
[16/06/2009|21:30] C:\Program Files\QuickTime
[17/03/2009|11:57] C:\Program Files\RADVideo
[13/05/2009|23:40] C:\Program Files\Realtek
[02/11/2006|21:37] C:\Program Files\Reference Assemblies
[06/04/2009|22:22] C:\Program Files\Roxio
[06/04/2009|21:57] C:\Program Files\Roxio Creator 2009
[05/03/2009|21:37] C:\Program Files\Skype
[28/05/2009|20:14] C:\Program Files\Sony
[22/03/2009|01:35] C:\Program Files\SopCast
[07/05/2009|21:22] C:\Program Files\Spybot - Search & Destroy
[02/12/2008|11:19] C:\Program Files\Stellar Phoenix Windows Data Recovery
[02/07/2009|07:12] C:\Program Files\SUPERAntiSpyware
[13/06/2009|14:44] C:\Program Files\Tablet
[13/05/2009|23:41] C:\Program Files\Temp
[03/07/2009|21:16] C:\Program Files\totalcmd
[05/07/2009|13:03] C:\Program Files\Trend Micro
[21/03/2009|21:16] C:\Program Files\TVAnts
[21/03/2009|14:00] C:\Program Files\TVUPlayer
[02/11/2006|22:01] C:\Program Files\Uninstall Information
[03/12/2008|19:22] C:\Program Files\uTorrent
[12/01/2009|11:04] C:\Program Files\VIA
[02/12/2008|11:35] C:\Program Files\VideoLAN
[04/01/2009|19:50] C:\Program Files\Vodei
[21/01/2008|11:35] C:\Program Files\Windows Calendar
[21/01/2008|11:35] C:\Program Files\Windows Collaboration
[21/01/2008|11:35] C:\Program Files\Windows Defender
[21/03/2009|21:16] C:\Program Files\Windows Live
[21/03/2009|21:15] C:\Program Files\Windows Live SkyDrive
[14/05/2009|00:05] C:\Program Files\Windows Mail
[12/03/2009|09:39] C:\Program Files\Windows Media Player
[02/11/2006|21:37] C:\Program Files\Windows NT
[21/01/2008|11:35] C:\Program Files\Windows Photo Gallery
[21/01/2008|11:35] C:\Program Files\Windows Sidebar
[24/05/2009|15:16] C:\Program Files\WinZip
[02/12/2008|12:07] C:\Program Files\X2Net
[11/02/2009|00:53] C:\Program Files\Yahoo!
--------------------\\ Listing Folders in C:\Program Files\Common Files
[03/06/2009|22:49] C:\Program Files\Common Files\Adobe
[03/06/2009|22:47] C:\Program Files\Common Files\Adobe AIR
[07/06/2009|20:07] C:\Program Files\Common Files\ATI Technologies
[24/05/2009|20:53] C:\Program Files\Common Files\CASIO
[25/11/2008|23:09] C:\Program Files\Common Files\DESIGNER
[06/04/2009|21:54] C:\Program Files\Common Files\InstallShield
[12/01/2009|14:48] C:\Program Files\Common Files\logishrd
[03/06/2009|22:43] C:\Program Files\Common Files\Macrovision Shared
[06/03/2009|10:27] C:\Program Files\Common Files\microsoft shared
[24/05/2009|15:25] C:\Program Files\Common Files\PX Storage Engine
[06/04/2009|21:55] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|20:18] C:\Program Files\Common Files\Services
[05/03/2009|21:37] C:\Program Files\Common Files\Skype
[06/04/2009|21:57] C:\Program Files\Common Files\Sonic Shared
[24/05/2009|15:24] C:\Program Files\Common Files\Sony Shared
[02/11/2006|20:18] C:\Program Files\Common Files\SpeechEngines
[21/01/2008|11:35] C:\Program Files\Common Files\System
[21/03/2009|20:56] C:\Program Files\Common Files\Windows Live
[24/11/2008|16:33] C:\Program Files\Common Files\WindowsLiveInstaller
[01/07/2009|22:48] C:\Program Files\Common Files\Wise Installation Wizard
--------------------\\ Process
( 73 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
No Lop folder found !
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 00:10:58
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Searching for other infections
--------------------\\ Cracks & Keygens ..
C:\Users\Pete\Documents\Installs\Genuine.Fractals.v6.0.Professional.Edition\Keygen.exe
C:\Users\Pete\Downloads\Torrent Downloads\Software\Roxio Creator 2009 Keygen.exe
C:\Users\Pete\Favorites\Permanently Activate Windows Vista by Skip Activation with Patched TimerStop.sys Crack - KezNews.com.url
[F:40][D:6]-> C:\Users\Pete\AppData\Local\Temp
[F:492][D:1]-> C:\Users\Pete\AppData\Roaming\MICROS~1\Windows\Cookies
[F:3200][D:4]-> C:\Users\Pete\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:1][D:1]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 11/07/2009| 0:12 - Option : [1]
--------------------\\ Scan completed at 0:12:10
[ UAC => 1 ]
Yes, I see the "Cracks and Keygens" entries too - I think I know what you are going to say...:nono:
"How are things running now?" - hard to say, as I haven't really noticed any drop in performance since Spybot found those two registry keys. There are other assorted little problems that I haven't had a chance to test yet (penflicks is sometimes there, sometimes not - may be a problem with a fairly old pentablet; CD/DVD burning software very erratic - to the point that I have a mountain of computer-crashing coasters that you wouldn't believe) despite updating firmware etc.
I think I know what you are going to say
I bet you don't.
Forum Rules (http://forums.spybot.info/showpost.php?p=25290&postcount=4)
Note:
We do not support the use of illegal Pirated/Warez/Cracked software.
Helping a person who insists on using such software, could be construed in the eyes of the law to be aiding and abetting a crime. Therefore you will be asked to remove any cracked programs.
In the case of your operating system please obtain a valid licensed copy.
My Rules
Cracks, Keygens and Warez
In doing the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product.
The distribution and use of cracked copies is illegal in almost every developed country.
They are also one of the biggest causes of infection.
This applies to Cracks, Keygens and Warez
In the future I strongly suggest you stay away from using cracks and/or Keygens.
I don't provide help for those using any form of cracked software or Operating Systems.
----------------------------------------------------------------------------------------
Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START, type RUN into the search box, then click Enter
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Please download OTCleanup from HERE (http://oldtimer.geekstogo.com/OTC.exe)
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
OK, done that.
"In the future I strongly suggest you stay away from using cracks and/or Keygens"
Understood.