View Full Version : Google redirect problems
ctircuit
2009-10-04, 09:00
About four or five days ago, I started noticing that links I'd click on Google would occasionally redirect me to obvious spam sites. This happened in Firefox and IE. I tried running MBAM and Spybot, but they did not find anything that fixed the problem, and it still exists right now. Here is my HijackThis log.
I greatly appreciate any help that can be provided.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:30 AM, on 10/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
G:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
G:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Process Lasso\processgovernor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
G:\Program Files\OpenOffice.org 2.4\program\soffice.exe
g:\Program Files\Logitech\Video\FxSvr2.exe
G:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\regedit.exe
G:\Download\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] g:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] g:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "G:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "G:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Startup: OpenOffice.org 2.4.lnk = G:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: The Gaming Club Poker - {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - C:\Program Files\gamingclubMPP\MPPoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - g:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ActiveGS.cab - http://www.virtualapple.com/activegs.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} (Mines Control) - http://www.worldwinner.com/games/v41/mines/mines.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0F42F280-2D6E-4B19-95A9-18D8DADB9309} (BFLauncher Class) - http://www.betfred.com/company/gamessections/common/betfredlauncher.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} (Brickout Control) - http://www.worldwinner.com/games/v48/brickout/brickout.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwga.ops.placeware.com/etc/place/GOLF/SCGpws-a1/5.1.2.150/lib/quicksilver.cab
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v63/bjattack/bja.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://219.117.194.183:1024/home/SonySncRz30View.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB40} (Sony SNC-Z20 Image Viewer) - http://219.106.246.80/home/SonySncZ20View.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094097099602
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125356207484
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://www.worldwinner.com/games/v44/wordcube/wordcube.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} (LaunchUBO.Ulit) - http://www.ultimatebaseballonline.com/myubo/launchubo.OCX
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://axis1.cyberbob.ch:91/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://eq2beta.station.sony.com/friends_and_family_reg/soesysinfo.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.srtest.com/sysreqlab.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v42/paint/paint.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O16 - DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} (SoloTriv Control) - http://www.worldwinner.com/games/v43/solotriv/solotriv.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} (GolfSol Control) - http://www.worldwinner.com/games/v44/golfsol/golfsol.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://66.98.130.69/DGTx.CAB
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - G:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TVersityMediaServer - Unknown owner - g:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 20358 bytes
Hello and welcome to Safer Networking.
My name is km2357 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.
Please do not start another thread or topic, I will assist you at this thread until we solve your problems.
Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.
I will be back as soon as possible with your first instructions!
Looking over your log, it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these vendors NOW:
1)Antivir PersonalEdition Classic (http://www.free-av.com/)
2)avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html)
Download and install only one!
Step # 1: Disable Windows Defender
Windows Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.
- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save
Step # 2: Remove Hijackthis Entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
Step # 3 Download and run DDS
Download DDS and save it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Step # 4: Download and Run Gmer
Please download gmer.zip (http://www.gmer.net/gmer.zip) from Gmer and save it to your desktop.
***Please close any open programs ***
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
In your next post/reply, I need to see the following:
1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log
ctircuit
2009-10-07, 04:23
And here we go. Thanks in advance for your help!
DDS (Ver_09-09-29.01) - NTFSx86
Run by Cyril Tircuit at 21:58:32.04 on Tue 10/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.1837 [GMT -4:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
G:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\runservice.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
G:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Process Lasso\processgovernor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
G:\Program Files\OpenOffice.org 2.4\program\soffice.exe
g:\Program Files\Logitech\Video\FxSvr2.exe
G:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Cyril Tircuit\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Microsoft Internet Explorer provided by Comcast
mWindow Title = Microsoft Internet Explorer provided by Comcast
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: &WikiSearch: {44e7ef6c-6f5c-4aaf-a080-7725a27878ed} -
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\g001-1.0.25.0\gnotify.exe
mRun: [Windows Media Connect 2] "c:\program files\windows media connect 2\WMCCFG.exe" /StartQuiet
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] g:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] g:\program files\logitech\video\LogiTray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Adobe Photo Downloader] "g:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "g:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\cyrilt~1\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\docume~1\cyrilt~1\startm~1\programs\startup\openof~1.lnk - g:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: <NO NAME> =
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Semagic - c:\program files\semagic\link.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepoker\EmpirePoker.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - c:\program files\ultimatebet\UltimateBet.exe
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - c:\program files\gamingclubmpp\MPPoker.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - g:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} c:\program files\partygaming\partypoker\runapp.exe - c:\program files\partygaming\partypoker\runapp.exe\inprocserver32 does not exist!
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: ActiveGS.cab - hxxp://www.virtualapple.com/activegs.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} - hxxp://www.worldwinner.com/games/v41/mines/mines.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} - hxxp://www.albatross18.com/cabs/A18X.ocx
DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - hxxp://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {0F42F280-2D6E-4B19-95A9-18D8DADB9309} - hxxp://www.betfred.com/company/gamessections/common/betfredlauncher.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} - hxxp://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://scpwga.ops.placeware.com/etc/place/GOLF/SCGpws-a1/5.1.2.150/lib/quicksilver.cab
DPF: {41D1977F-4161-4720-800F-EA4903983A38} - hxxp://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} - hxxp://219.117.194.183:1024/home/SonySncRz30View.cab
DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB40} - hxxp://219.106.246.80/home/SonySncZ20View.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094097099602
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125356207484
DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} - hxxp://www.worldwinner.com/games/v44/wordcube/wordcube.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://axis1.cyberbob.ch:91/activex/AxisCamControl.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38019.8350462963
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} - hxxp://eq2beta.station.sony.com/friends_and_family_reg/soesysinfo.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.srtest.com/sysreqlab.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v42/paint/paint.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://gameadvisor.futuremark.com/global/msc37.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} - hxxp://www.worldwinner.com/games/v43/solotriv/solotriv.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - hxxp://ds1.downloadtech.net/cn1060/pcpowerscan.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yvwrctl.cab
DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} - hxxp://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://66.98.130.69/DGTx.CAB
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15028/CTPID.cab
DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} - hxxp://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
Notify: MCPClient - c:\program files\common files\stardock\mcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\program files\common files\stardock\mcpcore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} -
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\cyrilt~1\applic~1\mozilla\firefox\profiles\gm8lftz4.default\
FF - plugin: c:\documents and settings\cyril tircuit\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\cyril tircuit\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\opera7\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\opera7\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava11.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava12.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava13.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava14.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava32.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJPI142_05.dll
FF - plugin: c:\program files\opera7\program\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\opera7\program\plugins\NPOJI610.dll
FF - plugin: c:\program files\opera7\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera7\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\opera7\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\opera7\program\plugins\npwthost.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlc\npvlc.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: g:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: g:\program files\opera\program\plugins\npdsplay.dll
FF - plugin: g:\program files\opera\program\plugins\NPSWF32.dll
FF - plugin: g:\program files\opera\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 Odptdi;Odptdi;c:\windows\system32\drivers\odptdi.sys [2009-8-4 46744]
R1 UserPort;UserPort;c:\windows\system32\drivers\UserPort.sys [2005-1-17 4256]
R2 FlipShare Service;FlipShare Service;c:\program files\pure digital technologies\flipshare\FlipShareService.exe [2008-11-13 439616]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2004-2-7 2560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-5-29 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-5-29 47640]
R2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2007-5-2 865280]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2005-2-10 371349]
S2 BT878;Hauppauge Streaming Data Capture Device;c:\windows\system32\drivers\bt878.sys [2005-2-8 23552]
S2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\postgresql\8.2\bin\pg_ctl.exe [2007-9-17 79948]
S3 Alpham;Ideazon ZBoard Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [2006-3-12 37248]
S3 musbehco;musbehco;\??\c:\docume~1\cyrilt~1\locals~1\temp\musbehco.sys --> c:\docume~1\cyrilt~1\locals~1\temp\musbehco.sys [?]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2006-5-25 12192]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2004-3-13 19677]
S4 Boonty Games;Boonty Games;c:\program files\common files\boonty shared\service\Boonty.exe [2006-7-8 69120]
S4 FAH@C:+Folding@Home+FAH502-Console.exe;FAH@C:+Folding@Home+FAH502-Console.exe;c:\folding@home\fah502-console.exe -svcstart --> c:\folding@home\FAH502-Console.exe -svcstart [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
============== File Associations ===============
regfile=regedit.exe "%1" %*
scrfile="%1" %*
=============== Created Last 30 ================
2009-10-04 01:25 <DIR> --d----- c:\program files\SpywareBlaster
2009-10-04 00:09 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-21 01:45 <DIR> --d----- c:\documents and settings\cyril tircuit\.Gamut
2009-09-21 01:45 <DIR> --d----- c:\program files\Volity Games
==================== Find3M ====================
2009-10-02 19:07 8,529 a--sh--- c:\windows\system32\mmf.sys
2009-10-01 15:10 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 15:10 87,352 a------- c:\windows\system32\LMIinit.dll
2009-10-01 15:10 28,984 a------- c:\windows\system32\LMIport.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-07 15:10 25,248 a------- c:\windows\system32\LMImirr.dll
2009-09-07 15:10 11,552 a------- c:\windows\system32\LMImirr2.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2008-02-27 18:20 0 a------- c:\program files\temp01
2004-03-11 14:27 40,960 a------- c:\program files\Uninstall_CDS.exe
2007-08-02 23:26 8 ---shr-- c:\windows\system32\594137F75B.sys
2005-02-16 02:12 56 ---shr-- c:\windows\system32\5BF7374159.sys
2006-05-03 05:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 08:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
============= FINISH: 22:00:43.68 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-09-29.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/2/2004 9:23:09 PM
System Uptime: 10/2/2009 7:05:52 PM (99 hours ago)
Motherboard: Dell Computer Corp. | | 0N2828
Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | Microprocessor | 2593/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 3.93 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
G: is FIXED (NTFS) - 75 GiB total, 3.51 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6133
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6133
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
==== System Restore Points ===================
RP2159: 9/20/2009 10:55:43 PM - System Checkpoint
RP2160: 9/20/2009 10:55:44 PM - System Checkpoint
RP2161: 9/20/2009 10:55:44 PM - System Checkpoint
RP2162: 9/20/2009 10:55:44 PM - System Checkpoint
RP2163: 9/20/2009 10:55:45 PM - System Checkpoint
RP2164: 9/20/2009 10:55:45 PM - System Checkpoint
RP2165: 9/20/2009 10:55:45 PM - System Checkpoint
RP2166: 9/20/2009 10:55:46 PM - Installed Aventail OnDemand Proxy Agent
RP2167: 9/20/2009 10:55:47 PM - System Checkpoint
RP2168: 9/20/2009 10:55:47 PM - System Checkpoint
RP2169: 9/20/2009 10:55:48 PM - System Checkpoint
RP2170: 9/20/2009 10:55:49 PM - System Checkpoint
RP2171: 9/20/2009 10:55:51 PM - System Checkpoint
RP2172: 9/20/2009 10:55:53 PM - System Checkpoint
RP2173: 9/20/2009 10:55:54 PM - System Checkpoint
RP2174: 9/20/2009 10:55:55 PM - System Checkpoint
RP2175: 9/20/2009 10:55:56 PM - System Checkpoint
RP2176: 9/20/2009 10:55:56 PM - System Checkpoint
RP2177: 9/20/2009 10:55:57 PM - System Checkpoint
RP2178: 9/20/2009 10:55:58 PM - System Checkpoint
RP2179: 9/20/2009 10:55:59 PM - System Checkpoint
RP2180: 9/20/2009 10:56:01 PM - System Checkpoint
RP2181: 9/20/2009 10:56:01 PM - Software Distribution Service 3.0
RP2182: 9/20/2009 10:56:03 PM - System Checkpoint
RP2183: 9/20/2009 10:56:04 PM - System Checkpoint
RP2184: 9/20/2009 10:56:06 PM - System Checkpoint
RP2185: 9/20/2009 10:56:07 PM - System Checkpoint
RP2186: 9/20/2009 10:56:08 PM - System Checkpoint
RP2187: 9/20/2009 10:56:08 PM - System Checkpoint
RP2188: 9/20/2009 10:56:09 PM - System Checkpoint
RP2189: 9/20/2009 10:56:10 PM - System Checkpoint
RP2190: 9/20/2009 10:56:11 PM - System Checkpoint
RP2191: 9/20/2009 10:56:12 PM - System Checkpoint
RP2192: 9/20/2009 10:56:12 PM - System Checkpoint
RP2193: 9/20/2009 10:56:13 PM - Installed Compatibility Pack for the 2007 Office system
RP2194: 9/20/2009 10:56:14 PM - System Checkpoint
RP2195: 9/20/2009 10:56:15 PM - System Checkpoint
RP2196: 9/20/2009 10:56:16 PM - System Checkpoint
RP2197: 9/20/2009 10:56:17 PM - System Checkpoint
RP2198: 9/20/2009 10:56:18 PM - System Checkpoint
RP2199: 9/20/2009 10:56:20 PM - Printer Driver LogMeIn Printer Driver Installed
RP2200: 9/20/2009 10:56:20 PM - System Checkpoint
RP2201: 9/20/2009 10:56:21 PM - System Checkpoint
RP2202: 9/20/2009 10:56:21 PM - System Checkpoint
RP2203: 9/20/2009 10:56:21 PM - System Checkpoint
RP2204: 9/20/2009 10:56:23 PM - System Checkpoint
RP2205: 9/20/2009 10:56:23 PM - System Checkpoint
RP2206: 9/20/2009 10:56:23 PM - System Checkpoint
RP2207: 9/20/2009 10:56:24 PM - System Checkpoint
RP2208: 9/20/2009 10:56:24 PM - System Checkpoint
RP2209: 9/20/2009 10:56:24 PM - System Checkpoint
RP2210: 9/20/2009 10:56:24 PM - System Checkpoint
RP2211: 9/20/2009 10:56:24 PM - System Checkpoint
==== Installed Programs ======================
µTorrent
3ivx MPEG-4 5.0.3 (remove only)
Absolute Poker
AcroChallenge 2.85
Action Replay XBOX 1.30
ActionReplay Xbox
Ad-Aware SE Personal
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 8.1.2
Adobe Shockwave Player 11.5
AGEIA PhysX v7.05.06
Airport Mania: First Flight
Albatross18 (NtreevSoft)
Ancient Quest of Saqqarah
Any Video Converter 2.6.7
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArGoSoft Mail Server Freeware
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
AudibleManager
AusLogics Disk Defrag
Auto Gordian Knot 2.40
AutoUpdate
Aventail Access Manager
Aventail OnDemand Proxy Agent
Aventail OPSWAT End Point Control
Aventail Web Proxy Agent
Aventail Webifiers
Avery DesignPro
Avery® Wizard 2.1 for Microsoft® Office Word 2003
AviSynth 2.5
Azada ™
Banctec Service Agreement
Baseball Mogul 2007
BCM V.92 56K Modem
Best Buy Rhapsody
BeTrapped!
Big Fish Games Client
Big Pinata (remove only)
Bingo Cafe
BitTornado 0.3.7
BitTorrent 3.4.2
Blood Bowl 1.0.1.2
Bodog Poker Version 2.2.3.1
Boggle Supreme
Bontago
Bookworm Adventures Deluxe 1.0
Bowl Bound College Football
Bowl Bound College Football Update 1.51
Bowl Bound College Football Update 1.52
Brainiversity (remove only)
Breaking News (remove only)
Brother HL-2070N
Bus Driver 1.0
Business Contact Manager for Outlook 2003
CacheStats
Cake Poker
Camtasia Studio 3
Capture Studio Professional 4.05
Caribbean Pirate Quest
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Spanish
ccc-Branding
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help English
CCC Help French
CCC Help German
CCC Help Spanish
CCleaner (remove only)
Citrix XenApp Web Plugin
cladDVD .NET v3.5.6
clrmamepro
COH Character Creator
Color Up: Wedding Scrapbook
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
Cool Edit 96
Corel Paint Shop Pro X
County Fair
Cradle of Rome (remove only)
Crayon Physics Deluxe Demo - release 52
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
Critical Update for Windows Media Player 11 (KB959772)
CrossLoop 2.41
Curse Client
Cuttermaran 1.62
DD Tournament Poker 1.0
DD Tournament Poker Patch 2
DeepBurner v1.8.0.224
DefilerPak 1.19 (Remove Only)
Defraggler (remove only)
DeliPlayer 2
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
DirectShow Dump
DiscWizard for Windows
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
dotamatic 0.2
Doyles Room Poker
Dr. DivX Trial
DS21Patch
DScaler 4.1.10
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD Solution
DVD43 v4.2.0
DVDSentry
DVDx 2.3
EA SPORTS online 2004
Eastside UK pre-game Editor v2007.1.2
Easy CD Ripper 2.25
EasyGPS
EmpirePoker
eMule
EQ2MAP Updater 1.0.6
ERUNT 1.1j
Eudora
Europa Universalis III
EVEREST Home Edition v1.10
EverQuest
EverQuest II
EverQuest: Shadows of Luclin
EverQuest: SOV
Excalibur Publishing Limited - 1C\Space Rangers 2
Eyeball Chat 2.2
Fabulous Finds
FairUse Wizard
Fairway Solitaire (remove only)
Family Feud III: Dream Home
FamilyFeudOnlineParty (remove only)
Fast Break College Basketball 2003
FAST Defrag Freeware 2.29 [final]
ffdshow [rev 1723] [2007-12-24]
Flash Renamer 4.62
FlasKMPEG (remove only)
FlipShare
FOF2k7 Utility Suite
Forgotten Riddles - The Mayan Princess (remove only)
Foxit Reader
Freedom Force® vs The 3rd Reich
Front Office Football 2004
Front Office Football 2007
Full Tilt Poker
Fury Race
Future Pinball
Futuremark Measurement Services Client
Gadwin PrintScreen
GameSpy Arcade
GameTime+
Gamut
Garmin Communicator Plugin
Garmin MapSource
Garmin WebUpdater
Geneforge 3
getPlus(R)_ocx
GIMP 2.6.5
GIMPshop .1 beta
Google Earth
Google Gmail Notifier
Governor of Poker
Great Wall of Words (remove only)
GSAK 7.2.2.23 (Final)
GTK+ 2.2.4-20040124 runtime environment
Gunslinger Solitaire
HammerHead Rhythm Station
HandBrake 0.9.3
Hauppauge WinTV-PVR 150 Drivers
Hauppauge WinTV2000
Hell's Kitchen
Hellgate: London
Help and Support Customization
HijackThis 2.0.2
Hold'em Partner
Hollywood Mogul 3
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Memories Disc
HP Photo and Imaging 2.2 - Scanjet 3970 Series
HP Software Update
Huffyuv AVI lossless video codec (Remove Only)
Icy Tower v1.3.1
iISystem Wiper 2.3
Image Analyzer
ImageShack QuickLoad
Impulse
In Nomine 3.1
Inspector Parker
Instant Eyedropper 1.75
InstantCopy
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer Default Page
InterVideo FilterSDK for Hauppauge
IrfanView (remove only)
iriverter
iTunes
iuVCR
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6
Kazaa Lite Revolution 2.6 English
King's Bounty. The Legend (Remove Only)
Knytt 1.0.1
Kudos Rock Legend
LADSPA_plugins-win-0.4.15
Letter Lab
Lex Venture: A Crossword Caper
Liong: The Dragon Dance (remove only)
LiteStep
Locomotion
Logitech QuickCam Software
Logitech® Camera Driver
LogMeIn
Lottso! Deluxe (remove only)
Luxor 2 (remove only)
MakeTorrent v2.1
Malwarebytes' Anti-Malware
MapSource - MetroGuide USA
MediaCoder 0.6.1
MediaMonkey 3.0
MemStat XP (remove only)
Merriam Webster's Spell-Jam (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Chat 2.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Interop Forms Redistributable Package 2.0a
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Meeting
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
mIRC
MIRE 0.12
MLB.com Shuffle (remove only)
Modem Helper
Morpher
Move Media Player
Movies
Mozilla Firefox (3.5.3)
Mozilla Thunderbird (2.0.0.23)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Multimedia Launcher
Music Wars Rebirth
Music Wars Rebirth Demo
MV2Player (remove only)
MVPSavReader
MWSnap 3
nanoPEG-Editor 2.3 Hauppauge Edition
Napster
Napster 3.5 MP3 Encoder
Napster Burn Engine
Neighbors From Hell: On Vacation
Nero OEM
New Star Grand Prix 1.0
New Star Soccer 3
NHL Eastside Hockey Manager 2005
NHL Eastside Hockey Manager 2007
nLite 1.2.1
Nokia Connectivity Cable Driver
Nokia PC Suite
NSS (remove only)
OmniFormat
Online Hold'em Inspector 2.14
OOTP Baseball 2007
OpenOffice.org 2.4
Opera 9.64
PANDA-glGo
Panda ActiveScan
PartyPoker
PartyPokerNet
PC Connectivity Solution
PDF Image Extraction Wizard 2.0
PDF Split Merge Pages
Pdf995
PdfEdit995
Pegasus Imaging's PICVideo 3
Peggle Deluxe (remove only)
Photosmart 140,240,7200,7600,7700,7900 Series
PictoWords
Poker
Poker Tracker Omaha Version 1.04.00
Poker Tracker Version 2.03.01
PokerAce Hud (remove only)
PokerEV
PokerGrapher
PokerOffice (remove only)
PokerStars
PokerStove version 1.21
Porrasturvat - Stair Dismount (remove only)
PostgreSQL 8.2
Power Defrag 3.02a
PowerDVD
Prism Video Converter
Process Lasso
Profitville
PS7600
PSShortcutsP
PureSim 2004
PureSim Baseball 2007
Puzzle Pirates
QB Challenge 1.0
QuickTime
QuickTime Alternative 1.69
RCT3 Soaked
Real Alternative 1.29
Real Lives 2004
Real Lives 2007
Retro Records 1.0.1
Revo Uninstaller 1.75
Rhapsody Player Engine
Righteous Kill
RollerCoaster Tycoon® 3
Rooms: The Main Building
Safecracker (remove only)
Safecracker Strategy Guide (remove only)
Saints & Sinners Bowling (remove only)
SandScript
School Tycoon
SciFi Casino
Second And Ten College Version 1.1.6
Second And Ten Version 6.0.9
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Semagic (remove only)
Shape Shifter
Shareaza version 2.2.1.0
ShellExView
Shizmoo Web Games (Uproar)
Shockwave
ShotOnline OpenBeta International
ShowShifter
Shutterfly Express
Sid Meier's Civilization 4
Signature995
Silent Storm
SiSoftware Sandra Lite 2005.SR3 (Win64/32/CE)
SiteSpinner V2
SkillJam SecurePlayer
Skins
Skype 3.1
Skype Plugin Manager
Slingo Quest Hawaii
Slingo Supreme
SmartFTP
SmartMorph
SnG Power Tools v1.19b
SNGEGT
Solecismic FTP
Sonic RecordNow!
Sonic Update Manager
Sony ACID XPress 5.0a
SopCast 1.1.2
Sound Blaster Live!
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SpywareBlaster 4.2
Stardock Central
Starters Orders 3
Steam
Sudoku
SUPER © Version 2009.bld.36 (June 10, 2009)
Super Wild Wild Words
SuperMegaSpoof 2.0
System Requirements Lab
Tabloid Tycoon
TEW2005
Texas Calculatem 4 with "AutoRead"
The Gaming Club Poker
The Movies (TM) - StarMaker (TM) Demo
The Movies(TM)
The Price is Right
The Sims 2
The Sims 2 Nightlife
The Sims 2 University
The Ultimate Troubleshooter
TightVNC 1.3.9
Titan Quest
Titan Quest Immortal Throne
TiVo Desktop 2.4a
Total College Basketball
Total Pro Basketball 2005
Total Pro Basketball 2005 1.1 Update
Total Pro Basketball 2005 1.4 Update
Total Pro Golf
Total Pro Golf 2
Tower Bloxx Deluxe
Trillian
Tropico 2: Pirate Cove
Truck Dismount (remove only)
TrueMoneyGames 3.5.6
Tunebite 4.1.0.35
Turbo Subs (remove only)
TVersity Codec Pack 1.2
TVersity Media Server 1.5 Beta
TVUPlayer 2.3.7.1
TweetDeck
UBO 2007 Edition
Ulead DVD MovieFactory 3 SE
Ulead GIF Animator 5 TBYB
UltimateBet
UltimateBuddy
Uninstall Startup Inspector for Windows
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Veetle TV Player 0.9.6
VEGA$ Tycoon
Ventrilo Client
Video Man v.3.0 Trial
ViewSonic Monitor Drivers
ViewSonic Windows XP Signed Files
Virtual Earth 3D (Beta)
Virtual U
Virtual VCR
Visual Pinball
vixy converter uninstall
VobSub v2.23 (Remove Only)
WD Diagnostics
Web Album Generator 1.8.2
WebFldrs XP
Wesabe Uploader 1.1.0
WIDCOMM Bluetooth Software
WikiSearch Toolbar
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMorph™ 3.01
WinMX
WinRAR archiver
WinSCP 3.5
WinZip
Within a Deep Forest 1.1.1
WMMA
Word Slinger
WordBiz version 1.8
Wordcraft (remove only)
Words Kingdom (remove only)
Words That Follow
World of Warcraft
Wrecker Ball: Dream
Wrestling Spirit
Xbox Music Mixer PC Tool
XChange 360
XviD MPEG-4 Video Codec
XviD MPEG4 Video Codec (remove only)
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yohoho! Puzzle Pirates
ZENcast Organizer
Zwei-Stein Video Compositor 3.01 (Beta 2).
==== Event Viewer Messages From Past Week ========
10/2/2009 7:07:37 PM, error: Service Control Manager [7000] - The Hauppauge Streaming Data Capture Device service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/2/2009 7:07:37 PM, error: Service Control Manager [7000] - The Conexant's BtPCI WDM Video Capture service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
==== End Of File ===========================
GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-06 22:21:23
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\CYRILT~1\LOCALS~1\Temp\uwtdqpob.sys
---- System - GMER 1.0.15 ----
Code 89C09D08 ZwEnumerateKey
Code 89C09D50 ZwFlushInstructionCache
Code 89C09C76 ZwSaveKey
Code 89C09CBE ZwSaveKeyEx
Code 89C09C2E IofCallDriver
Code 89C09BE6 IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 89C09C33
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 2 Bytes JMP 89C09BEB
.text ntoskrnl.exe!IofCompleteRequest + 3 804E17C0 2 Bytes [72, 09] {JB 0xb}
PAGE ntoskrnl.exe!ZwEnumerateKey 805783A4 5 Bytes JMP 89C09D0C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80585F1C 5 Bytes JMP 89C09D54
PAGE ntoskrnl.exe!ZwSaveKey 80653213 5 Bytes JMP 89C09C7A
PAGE ntoskrnl.exe!ZwSaveKeyEx 806532AB 5 Bytes JMP 89C09CC2
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip odptdi.sys (OnDemand Proxy TDI Driver/Aventail Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp odptdi.sys (OnDemand Proxy TDI Driver/Aventail Corporation)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
AttachedDevice \Driver\Tcpip \Device\Udp odptdi.sys (OnDemand Proxy TDI Driver/Aventail Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp odptdi.sys (OnDemand Proxy TDI Driver/Aventail Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:4284] A895C30C
Thread System [4:4408] A895C30C
Thread System [4:4484] A895C30C
---- EOF - GMER 1.0.15 ----
Looking through your new logs, I still do not see any signs of an Anti-Virus. Did you download and install one the AV's that were posted in my last post? If you didn't, please do so now:
1)Antivir PersonalEdition Classic (http://www.free-av.com/)
2)avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html)
Download and install only one!
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
µTorrent
BitTornado 0.3.7
BitTorrent 3.4.2
eMule
Kazaa Lite Revolution 2.6 English
MakeTorrent v2.1
Shareaza version 2.2.1.0
I'd like you to read the Guidelines for P2P Programs (http://spywarewarrior.com/viewtopic.php?t=26216) where we explain why it's not a good idea to have them.
Also available here (http://forum.malwareremoval.com/viewtopic.php?t=23812&sid=a609c56441d8a2e5dc8d24e3e96420cc).
My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Let me know when you've installed an Anti-Virus and uninstalled/removed your P2P and we'll continue. :)
ctircuit
2009-10-07, 14:21
Thank you so far. I have downloaded Avira Antivir, and Antivir Guard is now enabled. Sorry, I completely overlooked that step in your instructions.
I have also uninstalled ALL of the programs in red that you described above. I hadn't touched those things in years and forgot I had them!
I am ready to follow the next steps that you give me. Thanks again!
Step # 1: Download and Run ComboFix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
* IMPORTANT !!! Save ComboFix.exe to your Desktop
When finished, it shall produce a log for you. Please include C:\ComboFix.txt in your next reply.
ctircuit
2009-10-08, 03:11
And here we go!
ComboFix 09-10-06.04 - Cyril Tircuit 10/07/2009 19:32.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.2011 [GMT -4:00]
Running from: c:\documents and settings\Cyril Tircuit\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\x64
c:\windows\Downloaded Program Files\x64\racodec.ax
c:\windows\Downloaded Program Files\x86
c:\windows\Downloaded Program Files\x86\racodec.ax
c:\windows\Installer\6552f.msi
c:\windows\Installer\6930d863.msi
c:\windows\Installer\9311e922.msi
c:\windows\Installer\a92d0.msp
c:\windows\Installer\d3bd1c.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\patch.exe
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common\3abfc0261.dll
c:\windows\system32\Data
c:\windows\system32\drivers\gasfkyvygjkrom.sys
c:\windows\system32\FTPx.dll
c:\windows\system32\gasfkyealnwhgu.dll
c:\windows\system32\gasfkygnfmauxb.dat
c:\windows\system32\gasfkyhklhbqbm.dll
c:\windows\system32\gasfkysxqcijfm.dll
c:\windows\system32\gasfkywaynygly.dat
c:\windows\system32\logs
c:\windows\WNMHINDR.EXE
c:\windows\wpd99.drv
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
-------\Service_gasfkymlvwpsoa
((((((((((((((((((((((((( Files Created from 2009-09-08 to 2009-10-08 )))))))))))))))))))))))))))))))
.
2009-10-07 12:15 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-07 12:15 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-07 12:15 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-10-07 12:15 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-10-07 12:15 . 2009-10-07 12:15 -------- d-----w- c:\program files\Avira
2009-10-07 12:15 . 2009-10-07 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-04 06:52 . 2009-10-04 06:52 -------- d-----w- c:\program files\ERUNT
2009-10-04 05:25 . 2009-10-04 05:27 -------- d-----w- c:\program files\SpywareBlaster
2009-10-04 04:09 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-04 04:08 . 2009-10-04 04:08 -------- d-----w- c:\program files\Windows Defender
2009-09-21 05:45 . 2009-09-21 05:45 -------- d-----w- c:\documents and settings\Cyril Tircuit\.Gamut
2009-09-21 05:45 . 2009-09-21 05:45 -------- d-----w- c:\program files\Volity Games
2009-09-08 01:03 . 2009-09-08 01:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-08 00:11 . 2004-02-07 05:21 8529 --sha-w- c:\windows\system32\mmf.sys
2009-10-07 23:04 . 2004-12-21 06:14 -------- d-----w- c:\program files\mIRC
2009-10-07 19:10 . 2006-06-01 02:09 -------- d-----w- c:\program files\LogMeIn
2009-10-07 12:18 . 2006-02-22 02:53 -------- d-----w- c:\documents and settings\Cyril Tircuit\Application Data\Shareaza
2009-10-07 12:17 . 2004-12-18 05:19 -------- d-----w- c:\program files\Kazaa Lite Revolution
2009-10-07 12:16 . 2004-03-15 02:18 -------- d-----w- c:\program files\eMule
2009-10-04 00:11 . 2004-01-28 13:21 -------- d-----w- c:\program files\Java
2009-10-02 23:08 . 2008-04-27 02:43 -------- d-----w- c:\documents and settings\Cyril Tircuit\Application Data\OpenOffice.org2
2009-10-02 23:04 . 2004-02-06 02:01 -------- d-----w- c:\program files\Trillian
2009-10-01 19:10 . 2007-05-30 01:00 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 19:10 . 2006-06-01 02:09 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-01 19:10 . 2006-06-01 02:09 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-28 05:30 . 2005-07-12 02:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-18 06:06 . 2009-07-01 00:58 -------- d-----w- c:\program files\Process Lasso
2009-09-17 04:02 . 2005-07-12 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-10 18:54 . 2008-08-02 03:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-08-02 03:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 19:10 . 2006-05-25 20:01 11552 ----a-w- c:\windows\system32\LMImirr2.dll
2009-09-07 19:10 . 2006-05-25 20:01 25248 ----a-w- c:\windows\system32\LMImirr.dll
2009-09-02 03:11 . 2004-07-19 01:53 -------- d-----w- c:\program files\PokerStars
2009-09-01 02:21 . 2004-01-28 13:52 111848 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-01 02:20 . 2009-09-01 02:20 -------- d-----w- c:\program files\MSECache
2009-08-27 23:54 . 2008-08-09 06:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-23 21:48 . 2004-08-03 01:56 -------- d-----w- c:\program files\Full Tilt Poker
2009-08-22 02:44 . 2009-08-22 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-19 03:42 . 2009-08-19 03:36 -------- d-----w- c:\program files\clrmamepro
2009-08-16 00:04 . 2009-08-16 00:04 -------- d-----w- c:\program files\Microsoft Corporation
2009-08-09 01:02 . 2007-09-01 20:50 -------- d-----w- c:\documents and settings\Cyril Tircuit\Application Data\Move Networks
2009-08-06 23:24 . 2004-08-03 19:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-03 18:59 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-03 18:59 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2002-08-29 11:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2002-08-29 11:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-03 19:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2005-08-30 17:34 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-05-26 08:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2002-08-29 11:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-07-25 09:23 . 2009-02-14 09:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-02-27 22:20 . 2008-02-27 22:20 0 ----a-w- c:\program files\temp01
2004-03-11 18:27 . 2006-11-11 05:54 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2008-08-16 22:42 . 2008-08-16 22:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 22:42 . 2008-08-16 22:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 22:42 . 2008-08-16 22:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 22:42 . 2008-08-16 22:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 22:43 . 2008-08-16 22:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 22:42 . 2008-08-16 22:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 22:42 . 2008-08-16 22:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 13:41 . 2008-05-21 13:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 13:41 . 2008-05-21 13:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 13:41 . 2008-05-21 13:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 18:58 . 2008-06-05 18:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 22:42 . 2008-08-16 22:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2007-08-03 03:26 . 2007-08-03 03:26 8 --sh--r- c:\windows\SYSTEM32\594137F75B.sys
2005-02-16 06:12 . 2005-02-08 02:32 56 --sh--r- c:\windows\SYSTEM32\5BF7374159.sys
2006-05-03 09:06 . 2007-08-12 22:44 163328 --sh--r- c:\windows\SYSTEM32\flvDX.dll
2007-02-21 10:47 . 2009-01-26 04:36 31232 --sh--r- c:\windows\SYSTEM32\msfDX.dll
2008-03-16 12:30 . 2009-01-26 04:36 216064 --sh--r- c:\windows\SYSTEM32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-04 700416]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-09-19 406016]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 479232]
"Windows Media Connect 2"="c:\program files\Windows Media Connect 2\WMCCFG.exe" [2006-10-19 8704]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="g:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="g:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-05 267064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Adobe Photo Downloader"="g:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"ProcessGovernor"="c:\program files\Process Lasso\processgovernor.exe" [2009-09-17 167952]
"Malwarebytes Anti-Malware (reboot)"="g:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\Cyril Tircuit\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]
OpenOffice.org 2.4.lnk - g:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-6-7 553021]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- c:\program files\Common Files\Stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 19:10 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Cyril Tircuit^Start Menu^Programs^Startup^Freenet.lnk]
path=c:\documents and settings\Cyril Tircuit\Start Menu\Programs\Startup\Freenet.lnk
backup=c:\windows\pss\Freenet.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FAH@C:+Folding@Home+FAH502-Console.exe"=2 (0x2)
"Boonty Games"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"g:\\HM3\\hm3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Program Files\\NETAMIN\\UBO_2007\\game\\ubo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"g:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"g:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"g:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\worldwide soccer manager 2009\\wsm.exe"=
"g:\\Program Files\\Cyanide\\Blood Bowl\\BB.exe"=
"g:\\Program Files\\Cyanide\\Blood Bowl\\Autorun\\Exe\\Autorun.exe"=
R1 Odptdi;Odptdi;c:\windows\SYSTEM32\DRIVERS\odptdi.sys [8/4/2009 8:56 PM 46744]
R1 UserPort;UserPort;c:\windows\SYSTEM32\DRIVERS\UserPort.sys [1/17/2005 2:04 AM 4256]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/7/2009 8:15 AM 108289]
R2 FlipShare Service;FlipShare Service;c:\program files\Pure Digital Technologies\FlipShare\FlipShareService.exe [11/13/2008 1:17 PM 439616]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [5/29/2007 8:59 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [5/29/2007 9:00 PM 47640]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\PostgreSQL\8.2\bin\pg_ctl.exe [9/17/2007 9:09 AM 79948]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [5/2/2007 2:12 PM 865280]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\SYSTEM32\DRIVERS\BT848.sys [2/10/2005 12:08 AM 371349]
S2 BT878;Hauppauge Streaming Data Capture Device;c:\windows\SYSTEM32\DRIVERS\bt878.sys [2/8/2005 9:03 PM 23552]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2/7/2004 1:21 AM 2560]
S3 Alpham;Ideazon ZBoard Composite Keyboard Driver;c:\windows\SYSTEM32\DRIVERS\Alpham.sys [3/12/2006 2:11 PM 37248]
S3 musbehco;musbehco;\??\c:\docume~1\CYRILT~1\LOCALS~1\Temp\musbehco.sys --> c:\docume~1\CYRILT~1\LOCALS~1\Temp\musbehco.sys [?]
S3 radpms;Driver for RADPMS Device;c:\windows\SYSTEM32\DRIVERS\radpms.sys [5/25/2006 4:01 PM 12192]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\SYSTEM32\DRIVERS\xbreader.sys [3/13/2004 9:00 PM 19677]
S4 FAH@C:+Folding@Home+FAH502-Console.exe;FAH@C:+Folding@Home+FAH502-Console.exe;c:\folding@home\FAH502-Console.exe -svcstart --> c:\folding@home\FAH502-Console.exe -svcstart [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\CChat25.inf,PerUserAdd.NT
.
Contents of the 'Scheduled Tasks' folder
2009-10-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
2009-10-07 c:\windows\Tasks\User_Feed_Synchronization-{26F4A45D-D1E1-4F4A-8D03-D6AE36C71F0E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:58]
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer provided by Comcast
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Copy to Semagic - c:\program files\Semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Semagic - c:\program files\Semagic\link.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - c:\program files\gamingclubMPP\MPPoker.exe
DPF: ActiveGS.cab - hxxp://www.virtualapple.com/activegs.cab
DPF: {0F42F280-2D6E-4B19-95A9-18D8DADB9309} - hxxp://www.betfred.com/company/gamessections/common/betfredlauncher.cab
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://scpwga.ops.placeware.com/etc/place/GOLF/SCGpws-a1/5.1.2.150/lib/quicksilver.cab
DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX
DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} - hxxp://eq2beta.station.sony.com/friends_and_family_reg/soesysinfo.cab
DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - hxxp://ds1.downloadtech.net/cn1060/pcpowerscan.cab
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://66.98.130.69/DGTx.CAB
FF - ProfilePath - c:\documents and settings\Cyril Tircuit\Application Data\Mozilla\Firefox\Profiles\gm8lftz4.default\
FF - plugin: c:\documents and settings\Cyril Tircuit\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Cyril Tircuit\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJava11.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJava12.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJava13.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJava14.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJava32.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJPI142_05.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Opera7\Program\Plugins\NPOJI610.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\nppl3260.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\npwmsdrm.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\npwthost.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: g:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: g:\program files\Opera\program\plugins\npdsplay.dll
FF - plugin: g:\program files\Opera\program\plugins\NPSWF32.dll
FF - plugin: g:\program files\Opera\program\plugins\npwmsdrm.dll
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
AddRemove-MLB.com - g:\program files\MLB.com
AddRemove-Poker - c:\casino\Poker\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 20:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
"ServiceDll"="c:\windows\System32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Folding@Home+FAH502-Console.exe]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gasfkymlvwpsoa]
"imagepath"="\systemroot\system32\drivers\gasfkyvygjkrom.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1238369667-1849383070-2841337673-1008\Software\Cryptic\KRCOH]
@Denied: (2) (Everyone)
"Locale"=dword:00000000
"accountName"=""
"gamma"="1.000000"
"fxSoundVolume"="1.000000"
"musicSoundVolume"="0.600000"
"dontSaveName"="0"
"reverseMouseButtons"="0"
"screenX"="1024"
"screenY"="768"
"refreshRate"="60"
"screenX_pos"="0"
"screenY_pos"="0"
"maximized"="0"
"fullScreen"="1"
"mipLevel"="0"
"characterMipLevel"="0"
"texLodBias"="2"
"texAniso"="4"
"worldDetailLevel"="1.000000"
"entityDetailLevel"="1.000000"
"shadowsOn"="1"
"physicsOn"="1"
"maxParticles"="50000"
"maxParticleFill"="10.000000"
"suppressFx"="0"
"forceSoftwareAudio"="0"
"enableVBOs"="1"
"enableJoystick"="1"
"enable3DSound"="0"
"renderScaleX"="1.000000"
"renderScaleY"="1.000000"
"useRenderScale"="0"
"shaderDetail"="3"
"useWater"="2"
"useBloom"="1"
"bloomMagnitude"="1.000000"
"useDOF"="1"
"dofMagnitude"="1.000000"
"antiAliasing"="1"
"useLightmaps"="0"
"useVSync"="1"
[HKEY_USERS\S-1-5-21-1238369667-1849383070-2841337673-1008\Software\SecuROM\License information*]
"datasecu"=hex:ef,41,df,7b,03,50,16,1c,7a,02,df,89,16,de,5e,17,a6,98,c1,3e,b3,
0b,db,36,9f,a6,70,bb,dc,c7,a3,86,45,a6,29,53,6a,83,fe,14,b1,8f,75,cb,c5,21,\
"rkeysecu"=hex:a7,a5,49,b3,e2,c0,d3,c3,ed,2f,12,9e,cf,70,df,cf
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-039f-a077-606cfd62c15f}\InprocServer32*]
"Class"=hex:10,57,5f,9b,2a,4f,31,34,01,c9,51,03,7b,ff,f4,5e,01,cd,40,a1,7f,66,
50,4e,48,24,0f,41,ac,fd,0b,9c,9d,6c,8f,4c,42,01,91,52,9d,37,db,6d,58,91,5b,\
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-049c-680c-a1f0fd62c15f}\InprocServer32*]
"Class"=hex:cf,e3,f3,ae,21,89,17,86,d0,f6,09,2c,5a,07,c7,50,96,74,3e,67,ea,36,
89,ee,b4,f3,d5,20,95,7b,5d,a9,24,3c,be,ee,0f,aa,79,bd,d6,b1,05,b5,21,15,da,\
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-301b-0128-dd11fd62c15f}\InprocServer32*]
"Class"=hex:ad,22,6d,bc,1d,5a,38,f9,68,06,65,52,18,77,3f,0e,b9,8a,2e,63,e4,d1,
b3,35,3a,9e,c6,9d,33,68,a4,34,88,d8,d1,99,07,b7,bc,17,96,32,4a,34,28,25,ae,\
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-33c3-1ca4-3deefd62c15f}\InprocServer32*]
"Class"=hex:28,20,52,ff,22,b5,4c,3c,10,f7,05,56,a3,d4,5f,74,1b,00,f0,32,d1,2c,
70,8b,2a,02,f2,c0,e7,de,a6,12,30,21,06,9b,c1,04,0c,ee,ba,ea,a5,96,0e,45,68,\
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-761c-f7b0-5884fd62c15f}\InprocServer32*]
"Class"=hex:f2,e2,24,cf,9c,1d,8c,6a,ff,de,8d,08,41,74,77,b4,6f,c8,20,96,a7,2c,
fc,1e,a2,b7,f1,3b,c1,e4,43,05,4e,eb,3b,b9,13,2a,e8,e7,fd,ef,6a,03,87,3b,1d,\
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-82d7-1dea-6b6bfd62c15f}\InprocServer32*]
"Class"=hex:1d,b7,fd,b1,b1,0f,2a,04,54,7a,0d,c5,24,e9,b8,fa,bb,a6,df,c1,e6,f2,
c9,cb,c0,00,33,b7,ff,f7,a3,bc,b5,4c,23,2a,5c,20,32,81,72,e3,25,12,ad,b6,73,\
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-f770-1484-e2c6fd62c15f}\InprocServer32*]
"Class"=hex:fe,d6,38,26,3a,40,0b,1c,5b,ec,10,39,35,ea,6d,12,3d,82,da,e6,ed,f3,
61,db,e1,f2,36,ee,7a,8b,12,c5,5b,54,e8,67,27,2e,cc,8f,26,a1,35,a4,a3,ad,4a,\
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2]
"1"=hex:f3,63,02,17,10,0f,8c,72,44,b1,bf,31,22,25,c4,7d,41,89,c7,a7,5f,90,bb,
a2
"2"=hex:05,42,30,42,a7,15,e9,31,44,4c,e8,ce,26,93,4c,ff,dc,fd,7a,28,38,0d,79,
b8
"3"=hex:f3,63,02,17,10,0f,8c,72,44,b1,bf,31,22,25,c4,7d,38,a8,bc,ca,16,d6,08,
eb,9c,8b,9c,0d,35,8b,99,e4,25,24,80,ac,1f,d3,6a,72
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2\AAEBAA674720777F98D3CB19E52B3725]
"1"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,2f,ad,11,35,1e,74,d2,
f6,85,c6,80,d5,b6,ed,0d,87
"2"=hex:56,f3,50,11,98,55,25,42
"3"=hex:0d,02,76,9b,d0,ee,7a,d3,ec,6b,a6,1d,7a,1f,8d,07,fe,32,11,dc,79,68,8d,
5b,66,56,e4,9b,4b,d6,4f,33,2c,3e,8e,1e,42,bb,12,fa,54,b5,55,93,6a,6f,46,57,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,2f,ad,11,35,1e,74,d2,
f6,2e,2b,e0,1b,c2,9e,49,42,53,a9,a5,ab,d9,82,65,c7,aa,4b,84,16,df,84,04,20,\
"7"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,2f,ad,11,35,1e,74,d2,
f6,d6,93,62,58,16,ac,98,9d,fb,96,15,df,14,58,40,fd,da,1c,0b,31,a3,58,f4,6f,\
"8"=hex:f9,32,08,f3,11,ba,69,2e,90,81,3d,5b,21,25,fe,af,cb,e2,64,81,6f,cd,a6,
70,45,64,af,dc,d8,f4,5f,c0,7f,03,ab,9d,a6,c3,b0,a1,a2,0c,b2,a5,25,03,56,1a,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:28,cc,6f,ca,d3,24,24,b2,9e,e2,37,98,4f,a9,84,a6,86,48,1c,60,46,9a,34,
b4,51,56,9a,12,77,c6,2c,3b,cf,99,75,9e,69,b0,cc,68,d1,c0,59,51,56,3c,31,1b,\
"13"=hex:50,98,b2,c6,de,26,ec,fe,67,97,32,86,b4,a3,0e,1f,29,55,8c,ab,a6,3c,04,
91
"14"=hex:83,34,31,f7,8e,d5,03,43,c8,8e,e9,f6,fc,e8,bb,e7,f8,34,65,93,0a,d3,2c,
14
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:c5,b2,2a,7e,21,51,0e,5f,4f,ea,e5,70,4c,a5,a8,f2
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:51,aa,d6,fe,52,dd,6e,df,a6,c0,71,8c,27,ef,be,b7,de,dc,78,c4,3a,cd,ce,
df,e7,42,98,b4,02,1b,e5,d4,e6,ac,ec,fd,91,d6,1b,b5,b9,45,7a,e4,79,a2,5d,89,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847]
"1"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,86,2b,9b,9b,f3,96,a9,
e9
"2"=hex:05,83,26,a9,dc,b6,17,45,de,2e,f0,41,a5,95,91,56,fe,07,ca,23,63,6c,c8,
df,a0,cb,29,a7,07,62,23,54
"3"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,39,39,6a,6e,1d,99,29,
0e,9a,9e,61,33,16,37,68,38,ee,25,f6,f1,91,9f,21,a9,58,ec,19,f6,96,30,78,09
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847\6356076A6F83BB1BBBE6B14F244E53BE]
"1"=hex:7e,63,ed,e4,ff,c6,da,b0,00,85,ab,7b,99,1c,f6,df,8b,3c,15,1f,e9,72,d8,
8c
"2"=hex:c2,16,dc,3c,cc,7d,65,bf
"3"=hex:ab,e5,08,bd,60,22,08,42,fc,d6,93,9b,b9,63,46,91,c5,ed,cd,49,4d,c9,72,
5d,11,88,48,8b,19,9e,cf,69,3f,2a,e7,8d,44,15,c4,6f,d2,30,f8,d6,0e,f7,57,9e,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,5c,6c,8a,b0,95,8d,88,
02,e9,37,15,54,28,a1,4d,91,f4,19,4f,4b,df,bd,95,c2,74,9c,18,d8,b7,e1,e6,9e,\
"8"=hex:63,9c,d5,b1,a8,6b,cf,d2,d0,af,ae,cf,af,57,79,a8,d3,76,5b,34,3d,40,9a,
54,9a,76,54,55,01,9d,ce,91,e4,a3,8b,fe,21,cb,ac,63
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:55,0c,d6,b4,90,c5,27,45
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847\71592AD0C035DEE1BE6646B535DAE2B3]
"1"=hex:ac,12,b3,27,1a,54,0c,b8,d6,4e,43,57,d3,a1,8a,e4,a1,b4,b6,b4,d3,e1,31,
61
"2"=hex:cd,ac,64,a5,44,89,7f,95
"3"=hex:c5,91,ff,1b,f4,e0,15,00,e2,f3,ad,c4,1c,bc,c8,85,84,c2,95,3b,e2,df,64,
53,73,54,72,65,d0,eb,8b,55,76,ca,3f,ce,33,05,ba,37,bb,3f,92,7f,fd,15,8b,51,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:ac,12,b3,27,1a,54,0c,b8,d6,4e,43,57,d3,a1,8a,e4,fe,fd,41,69,58,8d,dc,
1f,4f,f1,d7,c6,79,44,4b,fd,01,2b,4a,ce,59,d1,8f,e9,a3,00,1c,0b,1c,9e,05,d7,\
"7"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,5c,6c,8a,b0,95,8d,88,
02,5c,f2,b7,9f,8e,b8,9a,b3,1a,00,68,de,e7,74,fc,3a,28,4e,42,29,c5,0b,c6,18,\
"8"=hex:3a,0c,22,0f,83,09,d5,8f,b3,cc,8a,ae,a8,9d,35,4a,32,36,89,96,90,a2,36,
77,8b,1e,3b,69,a7,85,8c,2c,27,d8,d6,60,22,d7,cd,56
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:33,14,9d,5d,aa,fb,2f,b7,8b,74,1e,91,47,35,5e,f4,12,4a,4f,f1,7f,c4,08,
54,5f,53,d7,cb,90,13,56,f0,02,5f,54,7c,59,ee,38,51,36,70,77,f7,f2,be,10,4b,\
"13"=hex:00,6a,5e,c7,d3,94,88,4b,58,1a,d0,96,7b,5f,3a,6c,a0,ed,f1,9d,70,63,aa,
42
"14"=hex:74,0c,73,ed,fd,4b,bf,31
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:1b,b7,20,bc,ab,01,8f,59,dc,c1,22,eb,b0,32,fb,8c
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:7a,f7,7a,b0,a1,77,da,c4,e5,cb,d7,0d,17,a2,dc,f2,e7,f5,54,c1,a9,e0,9b,
e0,c1,68,e3,89,a4,a9,10,67,b3,e0,87,0a,6e,19,17,e0,1e,af,db,fc,48,3f,f6,d2,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \501529F2142DBB50]
"1"=hex:55,71,d5,88,d4,e8,c4,23,86,c5,84,77,3a,01,80,8c
"2"=hex:e7,27,cf,42,f4,44,fe,c6,7c,92,71,43,d3,fc,2b,88,fa,d9,fe,5d,52,9c,ef,
9a,2a,6d,72,a6,74,ac,7c,c2
"3"=hex:55,71,d5,88,d4,e8,c4,23,fd,b6,60,5b,fa,86,28,a7,15,7e,26,7e,15,53,b1,
53,45,c5,e4,e2,cb,6f,56,41,9f,13,40,18,4a,19,41,af,82,2c,15,9b,68,3b,4e,c0
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \501529F2142DBB50\A9E17DC1A54D1D28BB40F338A2C6273E]
"1"=hex:80,21,ee,d1,6b,60,09,6f,f8,87,24,43,64,25,4c,aa,b2,18,c8,df,6b,eb,72,
a3,0a,b2,c0,1f,52,da,0b,fb
"2"=hex:81,20,8f,ab,28,6a,52,9c
"3"=hex:40,5d,fd,fc,c0,d1,f7,10,50,15,2f,20,c4,8c,cc,b2,73,6e,71,1a,3e,05,f7,
2d,d4,28,7b,2f,77,8d,f8,bb,b7,a2,9f,3f,18,3b,eb,5d,ca,73,a3,b9,36,dd,54,5a,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:80,21,ee,d1,6b,60,09,6f,f8,87,24,43,64,25,4c,aa,b2,18,c8,df,6b,eb,72,
a3,c2,b5,a5,be,18,5e,8d,12,a5,96,30,c8,e8,9b,a0,07,34,11,26,76,4a,05,43,f8,\
"7"=hex:80,21,ee,d1,6b,60,09,6f,f8,87,24,43,64,25,4c,aa,b2,18,c8,df,6b,eb,72,
a3,0a,b2,c0,1f,52,da,0b,fb
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,65,47,71,48,e9,1d,9d,
ae,8d,a8,42,08,32,10,f7,67,cf,df,52,86,31,35,e0,07,c7,f4,11,f0,ed,74,e2,7b,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:26,d0,b3,36,9b,35,dc,68,46,d9,8a,21,4c,75,19,3b,b7,ca,f2,3d,95,b5,c3,
41,04,c5,49,6c,d3,74,3c,0d,4c,2e,7b,ba,a8,f1,bb,0a,97,e9,2b,e1,77,3b,af,a4,\
"13"=hex:43,6b,c5,09,e9,29,f1,ab,31,04,2d,2b,c7,d2,c2,5f,e2,7a,1c,e1,1b,df,42,
e1
"14"=hex:a6,c1,97,cd,4d,ca,f1,2d
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:c8,e3,a2,8e,3c,35,5e,f7,b0,3a,94,18,f4,45,54,ee
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:e1,1e,b0,ec,2c,11,cc,6b,b5,5d,8d,ba,f5,91,5e,85,bb,15,38,b0,b1,1a,ae,
31,4c,1c,5e,a5,e4,03,d6,ca,99,3d,aa,cd,be,a3,e5,fe,32,c0,1c,14,11,e5,c0,95,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56,ff,58,ba,e9,e0,76,1f,5b,ab,
75
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,f2,c9,99,66,1f,10,89,7d,ec,36,ce,6f,e7,65,ad,a4
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:f9,cc,02,85,fe,b7,d2,a9
"3"=hex:13,41,9d,1a,4a,97,3e,5b,87,84,71,d7,9a,3c,fb,b9,dc,f1,d0,70,1e,33,8d,
21,0f,37,c2,ba,05,7e,59,ce,d3,88,29,e2,0a,12,ec,c3,eb,78,e2,c4,e9,b4,f0,71,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,26,25,3f,70,a0,18,4f,08,87,1d,bb,69,7c,1b,12,24
"8"=hex:f9,32,08,f3,11,ba,69,2e,90,81,3d,5b,21,25,fe,af,42,9b,b5,eb,ed,1b,ad,
a2,4e,bd,f0,68,6a,99,17,97,a0,d4,d2,c2,fa,56,45,3d,d9,ae,ec,94,45,b1,f1,7a,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:dd,1b,56,16,83,6b,de,2b
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,36,d7,56,53,fe,9f,3d,f9
"2"=hex:8c,23,2d,03,75,bd,a0,cd
"3"=hex:07,43,bb,b0,dd,99,83,f4,0e,48,8f,ee,4f,a4,8a,34,38,0c,2c,bf,e4,ba,be,
eb,0e,4e,4a,bf,15,e5,d0,11,48,ab,92,47,65,bb,7a,7e,de,5f,40,1a,3e,04,6e,32,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,9f,f9,03,77,68,81,1b,0c,34,a2,88,30,12,be,09,a0
"8"=hex:f9,32,08,f3,11,ba,69,2e,90,81,3d,5b,21,25,fe,af,42,9b,b5,eb,ed,1b,ad,
a2,4e,bd,f0,68,6a,99,17,97,d7,dd,16,b3,37,5b,c3,9d,6d,a3,82,63,d8,5e,fd,15,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:07,96,b3,35,9e,5a,1a,0b
"11"=hex:7d,ba,74,77,fe,09,92,36
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,0d,ef,4b,fc,af,c2,2e,ad
"2"=hex:04,29,6a,69,56,d3,ea,41,db,c1,1a,08,f4,34,4d,ff
"3"=hex:04,ba,b3,ef,bf,3e,9a,1b,a1,28,fb,76,22,be,69,05,c6,a2,3c,5b,db,09,79,
f9,8b,50,4a,66,8e,58,15,2d,8a,f9,87,8a,ed,6f,86,36,aa,24,91,fe,18,78,65,3c,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,46,88,2f,82,3b,10,0c,a3,06,e2,b9,2d,01,08,b4,c2,45,19,67,50,8b,89,d1,c8,\
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,49,3e,e5,49,ef,df,ad,a2
"8"=hex:f9,32,08,f3,11,ba,69,2e,90,81,3d,5b,21,25,fe,af,42,9b,b5,eb,ed,1b,ad,
a2,4e,bd,f0,68,6a,99,17,97,d7,dd,16,b3,37,5b,c3,9d,6d,a3,82,63,d8,5e,fd,15,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:41,db,06,14,03,38,a9,21,3a,5b,6e,c2,31,07,2a,ca,f6,9b,f9,9d,ed,a5,cd,
71,d7,f3,b9,82,de,2c,5c,eb,e7,30,3d,3b,91,f5,e5,22,34,26,1f,d8,8e,56,13,b9,\
"13"=hex:18,34,4b,f2,86,3b,d1,a4,25,61,ce,ef,e8,08,d4,f7,54,1b,c5,95,f2,4a,12,
a2
"14"=hex:bd,67,9b,ef,47,fb,15,8c,ba,a8,71,3f,47,d1,f1,06
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:4d,41,c1,c1,78,a9,ed,bf,73,80,ed,ca,df,61,89,82
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:99,66,a4,70,6b,eb,37,c3,ff,a4,92,a5,f7,86,b5,90,16,bd,95,e3,2d,62,c2,
ca,2a,cc,39,67,d4,fa,58,df,4d,f0,9d,65,92,dd,77,60,4c,4f,a4,56,54,d3,44,80,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
c2
"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
76,64,10,04,f0,92,77,f9,20
"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\DBF31101A5C3B93315CBBEA90ED13257]
"1"=hex:05,63,4e,ca,af,1d,39,e0,e8,3b,06,bc,35,26,5b,04,02,70,fd,49,72,ea,3f,
0d,c1,ed,7b,62,a7,87,bb,89
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:d8,0d,82,df,19,ff,ed,39,58,12,9e,3d,63,1e,61,77,be,f0,26,a2,65,16,11,
42,93,a5,cc,a7,54,19,09,8f,13,bf,30,4b,eb,2c,2f,41,0b,5f,4d,6e,ba,89,94,6f,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:05,63,4e,ca,af,1d,39,e0,e8,3b,06,bc,35,26,5b,04,02,70,fd,49,72,ea,3f,
0d,81,f9,b8,67,b0,fb,0a,0f,84,cd,37,ae,8a,a5,20,73,2d,2d,dc,36,8a,f5,37,12,\
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
"8"=hex:63,9c,d5,b1,a8,6b,cf,d2,78,23,e8,cc,c3,11,62,0f,34,b6,74,7e,19,05,6b,
97,61,a0,36,c1,7f,b9,95,54,69,c6,42,51,04,f7,87,fa
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:d3,c9,69,c2,6c,89,68,55,99,cf,cd,97,c8,ef,31,a4,a4,bf,f0,0c,b1,cc,15,
31,64,ce,16,6b,69,70,80,58,df,f9,3e,3e,b2,c0,07,a4,60,19,f0,be,5e,70,29,93,\
"13"=hex:a4,12,c4,cb,3f,15,c3,87,56,63,59,4a,87,9d,ef,83,e8,f5,e5,6a,56,30,4c,
d2
"14"=hex:79,6a,b1,0b,fb,82,9f,17
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:56,01,d5,04,e6,63,a1,1f,8e,e9,f7,5b,c8,ee,b8,a8
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:39,f3,1e,8e,d0,bd,f5,1c,70,ff,71,4b,08,0a,86,19,7e,d3,5a,84,82,74,fd,
51,1d,5c,94,52,6e,db,04,e2,f9,62,89,e0,b1,f2,64,86,0c,c6,00,e4,3f,54,ef,24,\
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gasfkymlvwpsoa]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\gasfkyvygjkrom.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\program files\Common Files\Stardock\mcpstub.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(2484)
c:\program files\Common Files\Stardock\mcpcore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\program files\SmartFTP\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Stardock\sdmcp.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\PostgreSQL\8.2\bin\postgres.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\PostgreSQL\8.2\bin\postgres.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PostgreSQL\8.2\bin\postgres.exe
c:\program files\PostgreSQL\8.2\bin\postgres.exe
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\windows\SYSTEM32\wscntfy.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
g:\program files\Logitech\Video\FxSvr2.exe
g:\program files\OpenOffice.org 2.4\program\soffice.exe
g:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-10-08 20:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-08 00:56
Pre-Run: 4,098,666,496 bytes free
Post-Run: 4,303,134,720 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
698 --- E O F --- 2009-06-24 03:26
Step # 1: Run CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
KILLALL::
Driver::
musbehco
File::
c:\docume~1\CYRILT~1\LOCALS~1\Temp\musbehco.sys
c:\windows\system32\drivers\gasfkyvygjkrom.sys
Folder::
c:\documents and settings\Cyril Tircuit\Application Data\Shareaza
c:\program files\Kazaa Lite Revolution
c:\program files\eMule
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gasfkymlvwpsoa]
DDS::
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Note: This CFScript is for use on ctircuit's computer only! Do not use it on your computer.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
In your next post/reply, I need to see the following:
1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh DDS Log taken after Step 1 has been completed.
ctircuit
2009-10-09, 07:43
As requested...
ComboFix 09-10-06.04 - Cyril Tircuit 10/09/2009 0:21.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.1751 [GMT -4:00]
Running from: c:\documents and settings\Cyril Tircuit\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Cyril Tircuit\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
* Created a new restore point
FILE ::
"c:\docume~1\CYRILT~1\LOCALS~1\Temp\musbehco.sys"
"c:\windows\system32\drivers\gasfkyvygjkrom.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Cyril Tircuit\Application Data\Shareaza
c:\documents and settings\Cyril Tircuit\Application Data\Shareaza\Torrents\ACID LOOPS 3.torrent
c:\documents and settings\Cyril Tircuit\Application Data\Shareaza\Torrents\IFM 21-30.torrent
c:\documents and settings\Cyril Tircuit\Application Data\Shareaza\Torrents\zidane.zip.torrent
c:\program files\eMule
c:\program files\eMule\config\clients.met
c:\program files\eMule\config\emfriends.met
c:\program files\eMule\config\known.met
c:\program files\eMule\config\preferences.ini
c:\program files\eMule\config\server_met.old
c:\program files\eMule\downloads.txt
c:\program files\eMule\Template.eMuleSkin.ini
c:\program files\Kazaa Lite Revolution
c:\program files\Kazaa Lite Revolution\klextlock.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_gasfkymlvwpsoa
-------\Legacy_MUSBEHCO
-------\Service_musbehco
((((((((((((((((((((((((( Files Created from 2009-09-09 to 2009-10-09 )))))))))))))))))))))))))))))))
.
2009-10-08 01:55 . 2009-10-08 01:56 -------- d-----w- c:\documents and settings\Cyril Tircuit\Application Data\PCToolsFirewallPlus
2009-10-08 01:49 . 2009-09-23 19:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-08 01:49 . 2009-09-16 18:19 87656 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-08 01:49 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-08 01:49 . 2009-10-08 01:49 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-08 01:49 . 2009-09-16 12:39 70280 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-10-08 01:49 . 2009-08-14 16:44 32552 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-10-08 01:49 . 2009-07-29 13:54 46592 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2009-10-08 01:49 . 2009-09-08 16:48 115088 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2009-10-07 12:15 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-07 12:15 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-07 12:15 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-10-07 12:15 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-10-07 12:15 . 2009-10-07 12:15 -------- d-----w- c:\program files\Avira
2009-10-07 12:15 . 2009-10-07 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-10-04 06:52 . 2009-10-04 06:52 -------- d-----w- c:\program files\ERUNT
2009-10-04 05:25 . 2009-10-04 05:27 -------- d-----w- c:\program files\SpywareBlaster
2009-10-04 04:09 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-04 04:08 . 2009-10-04 04:08 -------- d-----w- c:\program files\Windows Defender
2009-09-21 05:45 . 2009-09-21 05:45 -------- d-----w- c:\documents and settings\Cyril Tircuit\.Gamut
2009-09-21 05:45 . 2009-09-21 05:45 -------- d-----w- c:\program files\Volity Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-09 04:58 . 2004-02-07 05:21 8529 --sha-w- c:\windows\system32\mmf.sys
2009-10-09 04:19 . 2006-06-01 02:09 -------- d-----w- c:\program files\LogMeIn
2009-10-09 04:02 . 2004-12-21 06:14 -------- d-----w- c:\program files\mIRC
2009-10-08 01:59 . 2007-02-04 01:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-08 01:57 . 2008-04-27 02:43 -------- d-----w- c:\documents and settings\Cyril Tircuit\Application Data\OpenOffice.org2
2009-10-04 00:11 . 2004-01-28 13:21 -------- d-----w- c:\program files\Java
2009-10-02 23:04 . 2004-02-06 02:01 -------- d-----w- c:\program files\Trillian
2009-10-01 19:10 . 2007-05-30 01:00 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 19:10 . 2006-06-01 02:09 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-01 19:10 . 2006-06-01 02:09 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-28 05:30 . 2005-07-12 02:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-18 06:06 . 2009-07-01 00:58 -------- d-----w- c:\program files\Process Lasso
2009-09-17 04:02 . 2005-07-12 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-16 06:20 . 2009-10-08 01:49 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 05:12 . 2009-10-08 01:49 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 05:01 . 2009-10-08 01:49 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-10 18:54 . 2008-08-02 03:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-08-02 03:09 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 19:10 . 2006-05-25 20:01 11552 ----a-w- c:\windows\system32\LMImirr2.dll
2009-09-07 19:10 . 2006-05-25 20:01 25248 ----a-w- c:\windows\system32\LMImirr.dll
2009-09-02 03:11 . 2004-07-19 01:53 -------- d-----w- c:\program files\PokerStars
2009-09-01 02:21 . 2004-01-28 13:52 111848 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-01 02:20 . 2009-09-01 02:20 -------- d-----w- c:\program files\MSECache
2009-08-27 23:54 . 2008-08-09 06:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-23 21:48 . 2004-08-03 01:56 -------- d-----w- c:\program files\Full Tilt Poker
2009-08-22 02:44 . 2009-08-22 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-08-19 03:42 . 2009-08-19 03:36 -------- d-----w- c:\program files\clrmamepro
2009-08-16 00:04 . 2009-08-16 00:04 -------- d-----w- c:\program files\Microsoft Corporation
2009-08-06 23:24 . 2004-08-03 19:02 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-03 18:59 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-03 18:59 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2002-08-29 11:00 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2002-08-29 11:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-03 19:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2005-08-30 17:34 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-05-26 08:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2002-08-29 11:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-07-25 09:23 . 2009-02-14 09:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-02-27 22:20 . 2008-02-27 22:20 0 ----a-w- c:\program files\temp01
2004-03-11 18:27 . 2006-11-11 05:54 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2008-08-16 22:42 . 2008-08-16 22:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 22:42 . 2008-08-16 22:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 22:42 . 2008-08-16 22:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 22:42 . 2008-08-16 22:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 22:43 . 2008-08-16 22:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 22:42 . 2008-08-16 22:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 22:42 . 2008-08-16 22:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 13:41 . 2008-05-21 13:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 13:41 . 2008-05-21 13:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 13:41 . 2008-05-21 13:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 18:58 . 2008-06-05 18:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 22:42 . 2008-08-16 22:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2007-08-03 03:26 . 2007-08-03 03:26 8 --sh--r- c:\windows\SYSTEM32\594137F75B.sys
2005-02-16 06:12 . 2005-02-08 02:32 56 --sh--r- c:\windows\SYSTEM32\5BF7374159.sys
2006-05-03 09:06 . 2007-08-12 22:44 163328 --sh--r- c:\windows\SYSTEM32\flvDX.dll
2007-02-21 10:47 . 2009-01-26 04:36 31232 --sh--r- c:\windows\SYSTEM32\msfDX.dll
2008-03-16 12:30 . 2009-01-26 04:36 216064 --sh--r- c:\windows\SYSTEM32\nbDX.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-08_00.15.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-09 04:58 . 2009-10-09 04:58 16384 c:\windows\temp\Perflib_Perfdata_548.dat
+ 2009-10-09 04:58 . 2009-10-09 04:58 16384 c:\windows\temp\Perflib_Perfdata_154.dat
+ 2009-10-08 01:56 . 2009-10-08 01:56 532992 c:\windows\Installer\4b6ee.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 68856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-04 700416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-09-19 406016]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 479232]
"Windows Media Connect 2"="c:\program files\Windows Media Connect 2\WMCCFG.exe" [2006-10-19 8704]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="g:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="g:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-05 267064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Adobe Photo Downloader"="g:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"ProcessGovernor"="c:\program files\Process Lasso\processgovernor.exe" [2009-09-17 167952]
"Malwarebytes Anti-Malware (reboot)"="g:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"00PCTFW"="g:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-09-24 2971608]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\Cyril Tircuit\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-7-17 49152]
OpenOffice.org 2.4.lnk - g:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-6-7 553021]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 ----a-w- c:\program files\Common Files\Stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-01 19:10 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Cyril Tircuit^Start Menu^Programs^Startup^Freenet.lnk]
path=c:\documents and settings\Cyril Tircuit\Start Menu\Programs\Startup\Freenet.lnk
backup=c:\windows\pss\Freenet.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FAH@C:+Folding@Home+FAH502-Console.exe"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"g:\\HM3\\hm3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"g:\\Program Files\\NETAMIN\\UBO_2007\\game\\ubo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"g:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"g:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"g:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\worldwide soccer manager 2009\\wsm.exe"=
"g:\\Program Files\\Cyanide\\Blood Bowl\\BB.exe"=
"g:\\Program Files\\Cyanide\\Blood Bowl\\Autorun\\Exe\\Autorun.exe"=
R1 Odptdi;Odptdi;c:\windows\SYSTEM32\DRIVERS\odptdi.sys [8/4/2009 8:56 PM 46744]
R1 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [10/7/2009 9:49 PM 229304]
R1 UserPort;UserPort;c:\windows\SYSTEM32\DRIVERS\UserPort.sys [1/17/2005 2:04 AM 4256]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/7/2009 8:15 AM 108289]
R2 FlipShare Service;FlipShare Service;c:\program files\Pure Digital Technologies\FlipShare\FlipShareService.exe [11/13/2008 1:17 PM 439616]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [5/29/2007 8:59 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [5/29/2007 9:00 PM 47640]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\SYSTEM32\DRIVERS\PCTAppEvent.sys [10/7/2009 9:49 PM 87656]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\PostgreSQL\8.2\bin\pg_ctl.exe [9/17/2007 9:09 AM 79948]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [5/2/2007 2:12 PM 865280]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\SYSTEM32\DRIVERS\pctNdis-DNS.sys [10/7/2009 9:49 PM 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\SYSTEM32\DRIVERS\pctNdis-PacketFilter.sys [10/7/2009 9:49 PM 70280]
R3 pctNDIS;PC Tools Driver;c:\windows\SYSTEM32\DRIVERS\pctNdis.sys [10/7/2009 9:49 PM 46592]
R3 pctplfw;pctplfw;c:\windows\SYSTEM32\DRIVERS\pctplfw.sys [10/7/2009 9:49 PM 115088]
S2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\SYSTEM32\DRIVERS\BT848.sys [2/10/2005 12:08 AM 371349]
S2 BT878;Hauppauge Streaming Data Capture Device;c:\windows\SYSTEM32\DRIVERS\bt878.sys [2/8/2005 9:03 PM 23552]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2/7/2004 1:21 AM 2560]
S3 Alpham;Ideazon ZBoard Composite Keyboard Driver;c:\windows\SYSTEM32\DRIVERS\Alpham.sys [3/12/2006 2:11 PM 37248]
S3 radpms;Driver for RADPMS Device;c:\windows\SYSTEM32\DRIVERS\radpms.sys [5/25/2006 4:01 PM 12192]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\SYSTEM32\DRIVERS\xbreader.sys [3/13/2004 9:00 PM 19677]
S4 FAH@C:+Folding@Home+FAH502-Console.exe;FAH@C:+Folding@Home+FAH502-Console.exe;c:\folding@home\FAH502-Console.exe -svcstart --> c:\folding@home\FAH502-Console.exe -svcstart [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\CChat25.inf,PerUserAdd.NT
.
Contents of the 'Scheduled Tasks' folder
2009-10-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
2009-10-09 c:\windows\Tasks\User_Feed_Synchronization-{26F4A45D-D1E1-4F4A-8D03-D6AE36C71F0E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 16:58]
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer provided by Comcast
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Copy to Semagic - c:\program files\Semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Semagic - c:\program files\Semagic\link.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - c:\program files\gamingclubMPP\MPPoker.exe
DPF: ActiveGS.cab - hxxp://www.virtualapple.com/activegs.cab
DPF: {0F42F280-2D6E-4B19-95A9-18D8DADB9309} - hxxp://www.betfred.com/company/gamessections/common/betfredlauncher.cab
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://scpwga.ops.placeware.com/etc/place/GOLF/SCGpws-a1/5.1.2.150/lib/quicksilver.cab
DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX
DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} - hxxp://eq2beta.station.sony.com/friends_and_family_reg/soesysinfo.cab
DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - hxxp://ds1.downloadtech.net/cn1060/pcpowerscan.cab
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://66.98.130.69/DGTx.CAB
FF - ProfilePath - c:\documents and settings\Cyril Tircuit\Application Data\Mozilla\Firefox\Profiles\gm8lftz4.default\
FF - plugin: c:\documents and settings\Cyril Tircuit\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Cyril Tircuit\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\npdrmv2.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\npdsplay.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJava11.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJava12.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJava13.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJava14.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJava32.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPJPI142_05.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Opera7\Program\Plugins\NPOJI610.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\nppl3260.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\npwmsdrm.dll
FF - plugin: c:\program files\Opera7\Program\Plugins\npwthost.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLC\npvlc.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: g:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: g:\program files\Opera\program\plugins\npdsplay.dll
FF - plugin: g:\program files\Opera\program\plugins\NPSWF32.dll
FF - plugin: g:\program files\Opera\program\plugins\npwmsdrm.dll
.
- - - - ORPHANS REMOVED - - - -
AddRemove-MLB.com - g:\program files\MLB.com
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-09 00:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
"ServiceDll"="c:\windows\System32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+Folding@Home+FAH502-Console.exe]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1238369667-1849383070-2841337673-1008\Software\Cryptic\KRCOH]
@Denied: (2) (Everyone)
"Locale"=dword:00000000
"accountName"=""
"gamma"="1.000000"
"fxSoundVolume"="1.000000"
"musicSoundVolume"="0.600000"
"dontSaveName"="0"
"reverseMouseButtons"="0"
"screenX"="1024"
"screenY"="768"
"refreshRate"="60"
"screenX_pos"="0"
"screenY_pos"="0"
"maximized"="0"
"fullScreen"="1"
"mipLevel"="0"
"characterMipLevel"="0"
"texLodBias"="2"
"texAniso"="4"
"worldDetailLevel"="1.000000"
"entityDetailLevel"="1.000000"
"shadowsOn"="1"
"physicsOn"="1"
"maxParticles"="50000"
"maxParticleFill"="10.000000"
"suppressFx"="0"
"forceSoftwareAudio"="0"
"enableVBOs"="1"
"enableJoystick"="1"
"enable3DSound"="0"
"renderScaleX"="1.000000"
"renderScaleY"="1.000000"
"useRenderScale"="0"
"shaderDetail"="3"
"useWater"="2"
"useBloom"="1"
"bloomMagnitude"="1.000000"
"useDOF"="1"
"dofMagnitude"="1.000000"
"antiAliasing"="1"
"useLightmaps"="0"
"useVSync"="1"
[HKEY_USERS\S-1-5-21-1238369667-1849383070-2841337673-1008\Software\SecuROM\License information*]
"datasecu"=hex:ef,41,df,7b,03,50,16,1c,7a,02,df,89,16,de,5e,17,a6,98,c1,3e,b3,
0b,db,36,9f,a6,70,bb,dc,c7,a3,86,45,a6,29,53,6a,83,fe,14,b1,8f,75,cb,c5,21,\
"rkeysecu"=hex:a7,a5,49,b3,e2,c0,d3,c3,ed,2f,12,9e,cf,70,df,cf
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-039f-a077-606cfd62c15f}\InprocServer32*]
"Class"=hex:10,57,5f,9b,2a,4f,31,34,01,c9,51,03,7b,ff,f4,5e,01,cd,40,a1,7f,66,
50,4e,48,24,0f,41,ac,fd,0b,9c,9d,6c,8f,4c,42,01,91,52,9d,37,db,6d,58,91,5b,\
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-049c-680c-a1f0fd62c15f}\InprocServer32*]
"Class"=hex:cf,e3,f3,ae,21,89,17,86,d0,f6,09,2c,5a,07,c7,50,96,74,3e,67,ea,36,
89,ee,b4,f3,d5,20,95,7b,5d,a9,24,3c,be,ee,0f,aa,79,bd,d6,b1,05,b5,21,15,da,\
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-301b-0128-dd11fd62c15f}\InprocServer32*]
"Class"=hex:ad,22,6d,bc,1d,5a,38,f9,68,06,65,52,18,77,3f,0e,b9,8a,2e,63,e4,d1,
b3,35,3a,9e,c6,9d,33,68,a4,34,88,d8,d1,99,07,b7,bc,17,96,32,4a,34,28,25,ae,\
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-33c3-1ca4-3deefd62c15f}\InprocServer32*]
"Class"=hex:28,20,52,ff,22,b5,4c,3c,10,f7,05,56,a3,d4,5f,74,1b,00,f0,32,d1,2c,
70,8b,2a,02,f2,c0,e7,de,a6,12,30,21,06,9b,c1,04,0c,ee,ba,ea,a5,96,0e,45,68,\
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-761c-f7b0-5884fd62c15f}\InprocServer32*]
"Class"=hex:f2,e2,24,cf,9c,1d,8c,6a,ff,de,8d,08,41,74,77,b4,6f,c8,20,96,a7,2c,
fc,1e,a2,b7,f1,3b,c1,e4,43,05,4e,eb,3b,b9,13,2a,e8,e7,fd,ef,6a,03,87,3b,1d,\
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-82d7-1dea-6b6bfd62c15f}\InprocServer32*]
"Class"=hex:1d,b7,fd,b1,b1,0f,2a,04,54,7a,0d,c5,24,e9,b8,fa,bb,a6,df,c1,e6,f2,
c9,cb,c0,00,33,b7,ff,f7,a3,bc,b5,4c,23,2a,5c,20,32,81,72,e3,25,12,ad,b6,73,\
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C09C5BC9-8988-f770-1484-e2c6fd62c15f}\InprocServer32*]
"Class"=hex:fe,d6,38,26,3a,40,0b,1c,5b,ec,10,39,35,ea,6d,12,3d,82,da,e6,ed,f3,
61,db,e1,f2,36,ee,7a,8b,12,c5,5b,54,e8,67,27,2e,cc,8f,26,a1,35,a4,a3,ad,4a,\
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\System32\\OLE32.DLL"
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2]
"1"=hex:f3,63,02,17,10,0f,8c,72,44,b1,bf,31,22,25,c4,7d,41,89,c7,a7,5f,90,bb,
a2
"2"=hex:05,42,30,42,a7,15,e9,31,44,4c,e8,ce,26,93,4c,ff,dc,fd,7a,28,38,0d,79,
b8
"3"=hex:f3,63,02,17,10,0f,8c,72,44,b1,bf,31,22,25,c4,7d,38,a8,bc,ca,16,d6,08,
eb,9c,8b,9c,0d,35,8b,99,e4,25,24,80,ac,1f,d3,6a,72
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2\AAEBAA674720777F98D3CB19E52B3725]
"1"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,2f,ad,11,35,1e,74,d2,
f6,85,c6,80,d5,b6,ed,0d,87
"2"=hex:56,f3,50,11,98,55,25,42
"3"=hex:0d,02,76,9b,d0,ee,7a,d3,ec,6b,a6,1d,7a,1f,8d,07,fe,32,11,dc,79,68,8d,
5b,66,56,e4,9b,4b,d6,4f,33,2c,3e,8e,1e,42,bb,12,fa,54,b5,55,93,6a,6f,46,57,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,2f,ad,11,35,1e,74,d2,
f6,2e,2b,e0,1b,c2,9e,49,42,53,a9,a5,ab,d9,82,65,c7,aa,4b,84,16,df,84,04,20,\
"7"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,2f,ad,11,35,1e,74,d2,
f6,d6,93,62,58,16,ac,98,9d,fb,96,15,df,14,58,40,fd,da,1c,0b,31,a3,58,f4,6f,\
"8"=hex:f9,32,08,f3,11,ba,69,2e,90,81,3d,5b,21,25,fe,af,cb,e2,64,81,6f,cd,a6,
70,45,64,af,dc,d8,f4,5f,c0,7f,03,ab,9d,a6,c3,b0,a1,a2,0c,b2,a5,25,03,56,1a,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:28,cc,6f,ca,d3,24,24,b2,9e,e2,37,98,4f,a9,84,a6,86,48,1c,60,46,9a,34,
b4,51,56,9a,12,77,c6,2c,3b,cf,99,75,9e,69,b0,cc,68,d1,c0,59,51,56,3c,31,1b,\
"13"=hex:50,98,b2,c6,de,26,ec,fe,67,97,32,86,b4,a3,0e,1f,29,55,8c,ab,a6,3c,04,
91
"14"=hex:83,34,31,f7,8e,d5,03,43,c8,8e,e9,f6,fc,e8,bb,e7,f8,34,65,93,0a,d3,2c,
14
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:c5,b2,2a,7e,21,51,0e,5f,4f,ea,e5,70,4c,a5,a8,f2
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:51,aa,d6,fe,52,dd,6e,df,a6,c0,71,8c,27,ef,be,b7,de,dc,78,c4,3a,cd,ce,
df,e7,42,98,b4,02,1b,e5,d4,e6,ac,ec,fd,91,d6,1b,b5,b9,45,7a,e4,79,a2,5d,89,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847]
"1"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,86,2b,9b,9b,f3,96,a9,
e9
"2"=hex:05,83,26,a9,dc,b6,17,45,de,2e,f0,41,a5,95,91,56,fe,07,ca,23,63,6c,c8,
df,a0,cb,29,a7,07,62,23,54
"3"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,39,39,6a,6e,1d,99,29,
0e,9a,9e,61,33,16,37,68,38,ee,25,f6,f1,91,9f,21,a9,58,ec,19,f6,96,30,78,09
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847\6356076A6F83BB1BBBE6B14F244E53BE]
"1"=hex:7e,63,ed,e4,ff,c6,da,b0,00,85,ab,7b,99,1c,f6,df,8b,3c,15,1f,e9,72,d8,
8c
"2"=hex:c2,16,dc,3c,cc,7d,65,bf
"3"=hex:ab,e5,08,bd,60,22,08,42,fc,d6,93,9b,b9,63,46,91,c5,ed,cd,49,4d,c9,72,
5d,11,88,48,8b,19,9e,cf,69,3f,2a,e7,8d,44,15,c4,6f,d2,30,f8,d6,0e,f7,57,9e,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,5c,6c,8a,b0,95,8d,88,
02,e9,37,15,54,28,a1,4d,91,f4,19,4f,4b,df,bd,95,c2,74,9c,18,d8,b7,e1,e6,9e,\
"8"=hex:63,9c,d5,b1,a8,6b,cf,d2,d0,af,ae,cf,af,57,79,a8,d3,76,5b,34,3d,40,9a,
54,9a,76,54,55,01,9d,ce,91,e4,a3,8b,fe,21,cb,ac,63
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:55,0c,d6,b4,90,c5,27,45
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847\71592AD0C035DEE1BE6646B535DAE2B3]
"1"=hex:ac,12,b3,27,1a,54,0c,b8,d6,4e,43,57,d3,a1,8a,e4,a1,b4,b6,b4,d3,e1,31,
61
"2"=hex:cd,ac,64,a5,44,89,7f,95
"3"=hex:c5,91,ff,1b,f4,e0,15,00,e2,f3,ad,c4,1c,bc,c8,85,84,c2,95,3b,e2,df,64,
53,73,54,72,65,d0,eb,8b,55,76,ca,3f,ce,33,05,ba,37,bb,3f,92,7f,fd,15,8b,51,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:ac,12,b3,27,1a,54,0c,b8,d6,4e,43,57,d3,a1,8a,e4,fe,fd,41,69,58,8d,dc,
1f,4f,f1,d7,c6,79,44,4b,fd,01,2b,4a,ce,59,d1,8f,e9,a3,00,1c,0b,1c,9e,05,d7,\
"7"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,5c,6c,8a,b0,95,8d,88,
02,5c,f2,b7,9f,8e,b8,9a,b3,1a,00,68,de,e7,74,fc,3a,28,4e,42,29,c5,0b,c6,18,\
"8"=hex:3a,0c,22,0f,83,09,d5,8f,b3,cc,8a,ae,a8,9d,35,4a,32,36,89,96,90,a2,36,
77,8b,1e,3b,69,a7,85,8c,2c,27,d8,d6,60,22,d7,cd,56
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:33,14,9d,5d,aa,fb,2f,b7,8b,74,1e,91,47,35,5e,f4,12,4a,4f,f1,7f,c4,08,
54,5f,53,d7,cb,90,13,56,f0,02,5f,54,7c,59,ee,38,51,36,70,77,f7,f2,be,10,4b,\
"13"=hex:00,6a,5e,c7,d3,94,88,4b,58,1a,d0,96,7b,5f,3a,6c,a0,ed,f1,9d,70,63,aa,
42
"14"=hex:74,0c,73,ed,fd,4b,bf,31
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:1b,b7,20,bc,ab,01,8f,59,dc,c1,22,eb,b0,32,fb,8c
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:7a,f7,7a,b0,a1,77,da,c4,e5,cb,d7,0d,17,a2,dc,f2,e7,f5,54,c1,a9,e0,9b,
e0,c1,68,e3,89,a4,a9,10,67,b3,e0,87,0a,6e,19,17,e0,1e,af,db,fc,48,3f,f6,d2,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \501529F2142DBB50]
"1"=hex:55,71,d5,88,d4,e8,c4,23,86,c5,84,77,3a,01,80,8c
"2"=hex:e7,27,cf,42,f4,44,fe,c6,7c,92,71,43,d3,fc,2b,88,fa,d9,fe,5d,52,9c,ef,
9a,2a,6d,72,a6,74,ac,7c,c2
"3"=hex:55,71,d5,88,d4,e8,c4,23,fd,b6,60,5b,fa,86,28,a7,15,7e,26,7e,15,53,b1,
53,45,c5,e4,e2,cb,6f,56,41,9f,13,40,18,4a,19,41,af,82,2c,15,9b,68,3b,4e,c0
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \501529F2142DBB50\A9E17DC1A54D1D28BB40F338A2C6273E]
"1"=hex:80,21,ee,d1,6b,60,09,6f,f8,87,24,43,64,25,4c,aa,b2,18,c8,df,6b,eb,72,
a3,0a,b2,c0,1f,52,da,0b,fb
"2"=hex:81,20,8f,ab,28,6a,52,9c
"3"=hex:40,5d,fd,fc,c0,d1,f7,10,50,15,2f,20,c4,8c,cc,b2,73,6e,71,1a,3e,05,f7,
2d,d4,28,7b,2f,77,8d,f8,bb,b7,a2,9f,3f,18,3b,eb,5d,ca,73,a3,b9,36,dd,54,5a,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:80,21,ee,d1,6b,60,09,6f,f8,87,24,43,64,25,4c,aa,b2,18,c8,df,6b,eb,72,
a3,c2,b5,a5,be,18,5e,8d,12,a5,96,30,c8,e8,9b,a0,07,34,11,26,76,4a,05,43,f8,\
"7"=hex:80,21,ee,d1,6b,60,09,6f,f8,87,24,43,64,25,4c,aa,b2,18,c8,df,6b,eb,72,
a3,0a,b2,c0,1f,52,da,0b,fb
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,65,47,71,48,e9,1d,9d,
ae,8d,a8,42,08,32,10,f7,67,cf,df,52,86,31,35,e0,07,c7,f4,11,f0,ed,74,e2,7b,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:26,d0,b3,36,9b,35,dc,68,46,d9,8a,21,4c,75,19,3b,b7,ca,f2,3d,95,b5,c3,
41,04,c5,49,6c,d3,74,3c,0d,4c,2e,7b,ba,a8,f1,bb,0a,97,e9,2b,e1,77,3b,af,a4,\
"13"=hex:43,6b,c5,09,e9,29,f1,ab,31,04,2d,2b,c7,d2,c2,5f,e2,7a,1c,e1,1b,df,42,
e1
"14"=hex:a6,c1,97,cd,4d,ca,f1,2d
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:c8,e3,a2,8e,3c,35,5e,f7,b0,3a,94,18,f4,45,54,ee
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:e1,1e,b0,ec,2c,11,cc,6b,b5,5d,8d,ba,f5,91,5e,85,bb,15,38,b0,b1,1a,ae,
31,4c,1c,5e,a5,e4,03,d6,ca,99,3d,aa,cd,be,a3,e5,fe,32,c0,1c,14,11,e5,c0,95,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,04,7d,73,7b,41,5e,94,
fd
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56,ff,58,ba,e9,e0,76,1f,5b,ab,
75
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,f2,c9,99,66,1f,10,89,7d,ec,36,ce,6f,e7,65,ad,a4
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\48236A7EED3B8895E98434D6DCE253AC]
"1"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,d5,a9,6f,e0,2c,05,4e,14
"2"=hex:f9,cc,02,85,fe,b7,d2,a9
"3"=hex:13,41,9d,1a,4a,97,3e,5b,87,84,71,d7,9a,3c,fb,b9,dc,f1,d0,70,1e,33,8d,
21,0f,37,c2,ba,05,7e,59,ce,d3,88,29,e2,0a,12,ec,c3,eb,78,e2,c4,e9,b4,f0,71,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:08,26,de,b9,bd,1e,cc,2a,55,96,fd,b8,7e,1b,23,82,71,bb,5a,5f,e0,12,25,
42,0c,3f,30,d4,d3,b8,cd,35,26,25,3f,70,a0,18,4f,08,87,1d,bb,69,7c,1b,12,24
"8"=hex:f9,32,08,f3,11,ba,69,2e,90,81,3d,5b,21,25,fe,af,42,9b,b5,eb,ed,1b,ad,
a2,4e,bd,f0,68,6a,99,17,97,a0,d4,d2,c2,fa,56,45,3d,d9,ae,ec,94,45,b1,f1,7a,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:dd,1b,56,16,83,6b,de,2b
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,36,d7,56,53,fe,9f,3d,f9
"2"=hex:8c,23,2d,03,75,bd,a0,cd
"3"=hex:07,43,bb,b0,dd,99,83,f4,0e,48,8f,ee,4f,a4,8a,34,38,0c,2c,bf,e4,ba,be,
eb,0e,4e,4a,bf,15,e5,d0,11,48,ab,92,47,65,bb,7a,7e,de,5f,40,1a,3e,04,6e,32,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,9f,f9,03,77,68,81,1b,0c,34,a2,88,30,12,be,09,a0
"8"=hex:f9,32,08,f3,11,ba,69,2e,90,81,3d,5b,21,25,fe,af,42,9b,b5,eb,ed,1b,ad,
a2,4e,bd,f0,68,6a,99,17,97,d7,dd,16,b3,37,5b,c3,9d,6d,a3,82,63,d8,5e,fd,15,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:07,96,b3,35,9e,5a,1a,0b
"11"=hex:7d,ba,74,77,fe,09,92,36
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\F347AA9A592B216D597E028785020CD4]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,0d,ef,4b,fc,af,c2,2e,ad
"2"=hex:04,29,6a,69,56,d3,ea,41,db,c1,1a,08,f4,34,4d,ff
"3"=hex:04,ba,b3,ef,bf,3e,9a,1b,a1,28,fb,76,22,be,69,05,c6,a2,3c,5b,db,09,79,
f9,8b,50,4a,66,8e,58,15,2d,8a,f9,87,8a,ed,6f,86,36,aa,24,91,fe,18,78,65,3c,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,46,88,2f,82,3b,10,0c,a3,06,e2,b9,2d,01,08,b4,c2,45,19,67,50,8b,89,d1,c8,\
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,49,3e,e5,49,ef,df,ad,a2
"8"=hex:f9,32,08,f3,11,ba,69,2e,90,81,3d,5b,21,25,fe,af,42,9b,b5,eb,ed,1b,ad,
a2,4e,bd,f0,68,6a,99,17,97,d7,dd,16,b3,37,5b,c3,9d,6d,a3,82,63,d8,5e,fd,15,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:41,db,06,14,03,38,a9,21,3a,5b,6e,c2,31,07,2a,ca,f6,9b,f9,9d,ed,a5,cd,
71,d7,f3,b9,82,de,2c,5c,eb,e7,30,3d,3b,91,f5,e5,22,34,26,1f,d8,8e,56,13,b9,\
"13"=hex:18,34,4b,f2,86,3b,d1,a4,25,61,ce,ef,e8,08,d4,f7,54,1b,c5,95,f2,4a,12,
a2
"14"=hex:bd,67,9b,ef,47,fb,15,8c,ba,a8,71,3f,47,d1,f1,06
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:4d,41,c1,c1,78,a9,ed,bf,73,80,ed,ca,df,61,89,82
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:99,66,a4,70,6b,eb,37,c3,ff,a4,92,a5,f7,86,b5,90,16,bd,95,e3,2d,62,c2,
ca,2a,cc,39,67,d4,fa,58,df,4d,f0,9d,65,92,dd,77,60,4c,4f,a4,56,54,d3,44,80,\
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
c2
"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
76,64,10,04,f0,92,77,f9,20
"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\DBF31101A5C3B93315CBBEA90ED13257]
"1"=hex:05,63,4e,ca,af,1d,39,e0,e8,3b,06,bc,35,26,5b,04,02,70,fd,49,72,ea,3f,
0d,c1,ed,7b,62,a7,87,bb,89
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:d8,0d,82,df,19,ff,ed,39,58,12,9e,3d,63,1e,61,77,be,f0,26,a2,65,16,11,
42,93,a5,cc,a7,54,19,09,8f,13,bf,30,4b,eb,2c,2f,41,0b,5f,4d,6e,ba,89,94,6f,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:05,63,4e,ca,af,1d,39,e0,e8,3b,06,bc,35,26,5b,04,02,70,fd,49,72,ea,3f,
0d,81,f9,b8,67,b0,fb,0a,0f,84,cd,37,ae,8a,a5,20,73,2d,2d,dc,36,8a,f5,37,12,\
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
"8"=hex:63,9c,d5,b1,a8,6b,cf,d2,78,23,e8,cc,c3,11,62,0f,34,b6,74,7e,19,05,6b,
97,61,a0,36,c1,7f,b9,95,54,69,c6,42,51,04,f7,87,fa
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:d3,c9,69,c2,6c,89,68,55,99,cf,cd,97,c8,ef,31,a4,a4,bf,f0,0c,b1,cc,15,
31,64,ce,16,6b,69,70,80,58,df,f9,3e,3e,b2,c0,07,a4,60,19,f0,be,5e,70,29,93,\
"13"=hex:a4,12,c4,cb,3f,15,c3,87,56,63,59,4a,87,9d,ef,83,e8,f5,e5,6a,56,30,4c,
d2
"14"=hex:79,6a,b1,0b,fb,82,9f,17
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:56,01,d5,04,e6,63,a1,1f,8e,e9,f7,5b,c8,ee,b8,a8
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:39,f3,1e,8e,d0,bd,f5,1c,70,ff,71,4b,08,0a,86,19,7e,d3,5a,84,82,74,fd,
51,1d,5c,94,52,6e,db,04,e2,f9,62,89,e0,b1,f2,64,86,0c,c6,00,e4,3f,54,ef,24,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\program files\Common Files\Stardock\mcpstub.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(1024)
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(3484)
c:\program files\Common Files\Stardock\mcpcore.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\program files\SmartFTP\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Stardock\sdmcp.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\ramaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
g:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\PostgreSQL\8.2\bin\postgres.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\PostgreSQL\8.2\bin\postgres.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PostgreSQL\8.2\bin\postgres.exe
c:\program files\PostgreSQL\8.2\bin\postgres.exe
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
g:\program files\Logitech\Video\FxSvr2.exe
g:\program files\OpenOffice.org 2.4\program\soffice.exe
g:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-10-09 1:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-09 05:35
ComboFix2.txt 2009-10-08 00:57
Pre-Run: 4,220,919,808 bytes free
Post-Run: 4,207,337,472 bytes free
693 --- E O F --- 2009-06-24 03:26
ctircuit
2009-10-09, 07:47
DDS (Ver_09-09-29.01) - NTFSx86
Run by Cyril Tircuit at 1:40:09.95 on Fri 10/09/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.1881 [GMT -4:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
g:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
G:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
G:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
G:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
g:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
G:\Program Files\OpenOffice.org 2.4\program\soffice.exe
G:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Cyril Tircuit\Desktop\dds.scr
============== Pseudo HJT Report ===============
mWindow Title = Microsoft Internet Explorer provided by Comcast
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} -
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\g001-1.0.25.0\gnotify.exe
mRun: [Windows Media Connect 2] "c:\program files\windows media connect 2\WMCCFG.exe" /StartQuiet
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] g:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] g:\program files\logitech\video\LogiTray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Adobe Photo Downloader] "g:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "g:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [00PCTFW] "g:\program files\pc tools firewall plus\FirewallGUI.exe" -s
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\cyrilt~1\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\docume~1\cyrilt~1\startm~1\programs\startup\openof~1.lnk - g:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: <NO NAME> =
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Semagic - c:\program files\semagic\link.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepoker\EmpirePoker.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - c:\program files\ultimatebet\UltimateBet.exe
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - c:\program files\gamingclubmpp\MPPoker.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - g:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} c:\program files\partygaming\partypoker\runapp.exe - c:\program files\partygaming\partypoker\runapp.exe\inprocserver32 does not exist!
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: ActiveGS.cab - hxxp://www.virtualapple.com/activegs.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} - hxxp://www.worldwinner.com/games/v41/mines/mines.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} - hxxp://www.albatross18.com/cabs/A18X.ocx
DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - hxxp://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {0F42F280-2D6E-4B19-95A9-18D8DADB9309} - hxxp://www.betfred.com/company/gamessections/common/betfredlauncher.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} - hxxp://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://scpwga.ops.placeware.com/etc/place/GOLF/SCGpws-a1/5.1.2.150/lib/quicksilver.cab
DPF: {41D1977F-4161-4720-800F-EA4903983A38} - hxxp://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} - hxxp://219.117.194.183:1024/home/SonySncRz30View.cab
DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB40} - hxxp://219.106.246.80/home/SonySncZ20View.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094097099602
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125356207484
DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} - hxxp://www.worldwinner.com/games/v44/wordcube/wordcube.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://axis1.cyberbob.ch:91/activex/AxisCamControl.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38019.8350462963
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} - hxxp://eq2beta.station.sony.com/friends_and_family_reg/soesysinfo.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.srtest.com/sysreqlab.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v42/paint/paint.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://gameadvisor.futuremark.com/global/msc37.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} - hxxp://www.worldwinner.com/games/v43/solotriv/solotriv.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - hxxp://ds1.downloadtech.net/cn1060/pcpowerscan.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yvwrctl.cab
DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} - hxxp://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://66.98.130.69/DGTx.CAB
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15028/CTPID.cab
DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} - hxxp://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
Notify: MCPClient - c:\program files\common files\stardock\mcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\program files\common files\stardock\mcpcore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\cyrilt~1\applic~1\mozilla\firefox\profiles\gm8lftz4.default\
FF - plugin: c:\documents and settings\cyril tircuit\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\cyril tircuit\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\opera7\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\opera7\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava11.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava12.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava13.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava14.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava32.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJPI142_05.dll
FF - plugin: c:\program files\opera7\program\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\opera7\program\plugins\NPOJI610.dll
FF - plugin: c:\program files\opera7\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera7\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\opera7\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\opera7\program\plugins\npwthost.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlc\npvlc.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: g:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: g:\program files\opera\program\plugins\npdsplay.dll
FF - plugin: g:\program files\opera\program\plugins\NPSWF32.dll
FF - plugin: g:\program files\opera\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-7 11608]
R1 Odptdi;Odptdi;c:\windows\system32\drivers\odptdi.sys [2009-8-4 46744]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-10-7 229304]
R1 UserPort;UserPort;c:\windows\system32\drivers\UserPort.sys [2005-1-17 4256]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-7 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-7 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-7 55656]
R2 FlipShare Service;FlipShare Service;c:\program files\pure digital technologies\flipshare\FlipShareService.exe [2008-11-13 439616]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-5-29 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-5-29 47640]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-10-7 87656]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;g:\program files\pc tools firewall plus\FWService.exe [2009-10-7 818432]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\postgresql\8.2\bin\pg_ctl.exe [2007-9-17 79948]
R2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2007-5-2 865280]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-10-7 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-10-7 70280]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-10-7 46592]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-10-7 115088]
S2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2005-2-10 371349]
S2 BT878;Hauppauge Streaming Data Capture Device;c:\windows\system32\drivers\bt878.sys [2005-2-8 23552]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2004-2-7 2560]
S3 Alpham;Ideazon ZBoard Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [2006-3-12 37248]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2006-5-25 12192]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2004-3-13 19677]
S4 FAH@C:+Folding@Home+FAH502-Console.exe;FAH@C:+Folding@Home+FAH502-Console.exe;c:\folding@home\fah502-console.exe -svcstart --> c:\folding@home\FAH502-Console.exe -svcstart [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
=============== Created Last 30 ================
2009-10-07 21:55 <DIR> --d----- c:\docume~1\cyrilt~1\applic~1\PCToolsFirewallPlus
2009-10-07 21:49 207,280 a------- c:\windows\system32\drivers\PCTCore.sys
2009-10-07 21:49 87,656 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-07 21:49 7,412 a------- c:\windows\system32\drivers\PCTAppEvent.cat
2009-10-07 21:49 7,383 a------- c:\windows\system32\drivers\pctcore.cat
2009-10-07 21:49 229,304 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-10-07 21:49 7,387 a------- c:\windows\system32\drivers\pctgntdi.cat
2009-10-07 21:49 70,280 a------- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-10-07 21:49 46,592 a------- c:\windows\system32\drivers\pctNdis.sys
2009-10-07 21:49 32,552 a------- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-10-07 21:49 <DIR> --d----- c:\program files\common files\PC Tools
2009-10-07 21:49 115,088 a------- c:\windows\system32\drivers\pctplfw.sys
2009-10-07 19:13 <DIR> a-dshr-- C:\cmdcons
2009-10-07 19:05 229,888 a------- c:\windows\PEV.exe
2009-10-07 19:05 161,792 a------- c:\windows\SWREG.exe
2009-10-07 19:05 98,816 a------- c:\windows\sed.exe
2009-10-07 08:15 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-10-07 08:15 <DIR> --d----- c:\program files\Avira
2009-10-07 08:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-10-04 01:25 <DIR> --d----- c:\program files\SpywareBlaster
2009-10-04 00:09 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-21 01:45 <DIR> --d----- c:\documents and settings\cyril tircuit\.Gamut
2009-09-21 01:45 <DIR> --d----- c:\program files\Volity Games
==================== Find3M ====================
2009-10-09 00:58 8,529 a--sh--- c:\windows\system32\mmf.sys
2009-10-01 15:10 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 15:10 87,352 a------- c:\windows\system32\LMIinit.dll
2009-10-01 15:10 28,984 a------- c:\windows\system32\LMIport.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-07 15:10 25,248 a------- c:\windows\system32\LMImirr.dll
2009-09-07 15:10 11,552 a------- c:\windows\system32\LMImirr2.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2008-02-27 18:20 0 a------- c:\program files\temp01
2004-03-11 14:27 40,960 a------- c:\program files\Uninstall_CDS.exe
2007-08-02 23:26 8 ---shr-- c:\windows\system32\594137F75B.sys
2005-02-16 02:12 56 ---shr-- c:\windows\system32\5BF7374159.sys
2006-05-03 05:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 08:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
============= FINISH: 1:40:43.17 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-09-29.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/2/2004 9:23:09 PM
System Uptime: 10/9/2009 12:57:12 AM (1 hours ago)
Motherboard: Dell Computer Corp. | | 0N2828
Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | Microprocessor | 2593/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 3.95 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
G: is FIXED (NTFS) - 75 GiB total, 3.455 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6133
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6133
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
==== System Restore Points ===================
RP2159: 9/20/2009 10:55:43 PM - System Checkpoint
RP2160: 9/20/2009 10:55:44 PM - System Checkpoint
RP2161: 9/20/2009 10:55:44 PM - System Checkpoint
RP2162: 9/20/2009 10:55:44 PM - System Checkpoint
RP2163: 9/20/2009 10:55:45 PM - System Checkpoint
RP2164: 9/20/2009 10:55:45 PM - System Checkpoint
RP2165: 9/20/2009 10:55:45 PM - System Checkpoint
RP2166: 9/20/2009 10:55:46 PM - Installed Aventail OnDemand Proxy Agent
RP2167: 9/20/2009 10:55:47 PM - System Checkpoint
RP2168: 9/20/2009 10:55:47 PM - System Checkpoint
RP2169: 9/20/2009 10:55:48 PM - System Checkpoint
RP2170: 9/20/2009 10:55:49 PM - System Checkpoint
RP2171: 9/20/2009 10:55:51 PM - System Checkpoint
RP2172: 9/20/2009 10:55:53 PM - System Checkpoint
RP2173: 9/20/2009 10:55:54 PM - System Checkpoint
RP2174: 9/20/2009 10:55:55 PM - System Checkpoint
RP2175: 9/20/2009 10:55:56 PM - System Checkpoint
RP2176: 9/20/2009 10:55:56 PM - System Checkpoint
RP2177: 9/20/2009 10:55:57 PM - System Checkpoint
RP2178: 9/20/2009 10:55:58 PM - System Checkpoint
RP2179: 9/20/2009 10:55:59 PM - System Checkpoint
RP2180: 9/20/2009 10:56:01 PM - System Checkpoint
RP2181: 9/20/2009 10:56:01 PM - Software Distribution Service 3.0
RP2182: 9/20/2009 10:56:03 PM - System Checkpoint
RP2183: 9/20/2009 10:56:04 PM - System Checkpoint
RP2184: 9/20/2009 10:56:06 PM - System Checkpoint
RP2185: 9/20/2009 10:56:07 PM - System Checkpoint
RP2186: 9/20/2009 10:56:08 PM - System Checkpoint
RP2187: 9/20/2009 10:56:08 PM - System Checkpoint
RP2188: 9/20/2009 10:56:09 PM - System Checkpoint
RP2189: 9/20/2009 10:56:10 PM - System Checkpoint
RP2190: 9/20/2009 10:56:11 PM - System Checkpoint
RP2191: 9/20/2009 10:56:12 PM - System Checkpoint
RP2192: 9/20/2009 10:56:12 PM - System Checkpoint
RP2193: 9/20/2009 10:56:13 PM - Installed Compatibility Pack for the 2007 Office system
RP2194: 9/20/2009 10:56:14 PM - System Checkpoint
RP2195: 9/20/2009 10:56:15 PM - System Checkpoint
RP2196: 9/20/2009 10:56:16 PM - System Checkpoint
RP2197: 9/20/2009 10:56:17 PM - System Checkpoint
RP2198: 9/20/2009 10:56:18 PM - System Checkpoint
RP2199: 9/20/2009 10:56:20 PM - Printer Driver LogMeIn Printer Driver Installed
RP2200: 9/20/2009 10:56:20 PM - System Checkpoint
RP2201: 9/20/2009 10:56:21 PM - System Checkpoint
RP2202: 9/20/2009 10:56:21 PM - System Checkpoint
RP2203: 9/20/2009 10:56:21 PM - System Checkpoint
RP2204: 9/20/2009 10:56:23 PM - System Checkpoint
RP2205: 9/20/2009 10:56:23 PM - System Checkpoint
RP2206: 9/20/2009 10:56:23 PM - System Checkpoint
RP2207: 9/20/2009 10:56:24 PM - System Checkpoint
RP2208: 9/20/2009 10:56:24 PM - System Checkpoint
RP2209: 9/20/2009 10:56:24 PM - System Checkpoint
RP2210: 9/20/2009 10:56:24 PM - System Checkpoint
RP2211: 9/20/2009 10:56:24 PM - System Checkpoint
RP2212: 10/7/2009 7:30:49 PM - ComboFix created restore point
RP2213: 10/9/2009 12:18:23 AM - ComboFix created restore point
==== Installed Programs ======================
3ivx MPEG-4 5.0.3 (remove only)
Absolute Poker
AcroChallenge 2.85
Action Replay XBOX 1.30
ActionReplay Xbox
Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11.5
AGEIA PhysX v7.05.06
Airport Mania: First Flight
Albatross18 (NtreevSoft)
Ancient Quest of Saqqarah
Any Video Converter 2.6.7
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArGoSoft Mail Server Freeware
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
AudibleManager
AusLogics Disk Defrag
Auto Gordian Knot 2.40
AutoUpdate
Aventail Access Manager
Aventail OnDemand Proxy Agent
Aventail OPSWAT End Point Control
Aventail Web Proxy Agent
Aventail Webifiers
Avery DesignPro
Avery® Wizard 2.1 for Microsoft® Office Word 2003
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Azada ™
Banctec Service Agreement
Baseball Mogul 2007
BCM V.92 56K Modem
Best Buy Rhapsody
BeTrapped!
Big Fish Games Client
Big Pinata (remove only)
Bingo Cafe
Blood Bowl 1.0.1.2
Bodog Poker Version 2.2.3.1
Boggle Supreme
Bontago
Bookworm Adventures Deluxe 1.0
Bowl Bound College Football
Bowl Bound College Football Update 1.51
Bowl Bound College Football Update 1.52
Brainiversity (remove only)
Breaking News (remove only)
Brother HL-2070N
Bus Driver 1.0
Business Contact Manager for Outlook 2003
CacheStats
Cake Poker
Camtasia Studio 3
Capture Studio Professional 4.05
Caribbean Pirate Quest
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Spanish
ccc-Branding
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help English
CCC Help French
CCC Help German
CCC Help Spanish
CCleaner (remove only)
Citrix XenApp Web Plugin
cladDVD .NET v3.5.6
clrmamepro
COH Character Creator
Color Up: Wedding Scrapbook
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
Cool Edit 96
Corel Paint Shop Pro X
County Fair
Cradle of Rome (remove only)
Crayon Physics Deluxe Demo - release 52
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
Critical Update for Windows Media Player 11 (KB959772)
CrossLoop 2.41
Curse Client
Cuttermaran 1.62
DD Tournament Poker 1.0
DD Tournament Poker Patch 2
DeepBurner v1.8.0.224
DefilerPak 1.19 (Remove Only)
Defraggler (remove only)
DeliPlayer 2
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
DirectShow Dump
DiscWizard for Windows
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
dotamatic 0.2
Doyles Room Poker
Dr. DivX Trial
DS21Patch
DScaler 4.1.10
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD Solution
DVD43 v4.2.0
DVDSentry
DVDx 2.3
EA SPORTS online 2004
Eastside UK pre-game Editor v2007.1.2
Easy CD Ripper 2.25
EasyGPS
EmpirePoker
EQ2MAP Updater 1.0.6
ERUNT 1.1j
Eudora
Europa Universalis III
EVEREST Home Edition v1.10
EverQuest
EverQuest II
EverQuest: Shadows of Luclin
EverQuest: SOV
Excalibur Publishing Limited - 1C\Space Rangers 2
Eyeball Chat 2.2
Fabulous Finds
FairUse Wizard
Fairway Solitaire (remove only)
Family Feud III: Dream Home
FamilyFeudOnlineParty (remove only)
Fast Break College Basketball 2003
FAST Defrag Freeware 2.29 [final]
ffdshow [rev 1723] [2007-12-24]
Flash Renamer 4.62
FlasKMPEG (remove only)
FlipShare
FOF2k7 Utility Suite
Forgotten Riddles - The Mayan Princess (remove only)
Foxit Reader
Freedom Force® vs The 3rd Reich
Front Office Football 2004
Front Office Football 2007
Full Tilt Poker
Fury Race
Future Pinball
Futuremark Measurement Services Client
Gadwin PrintScreen
GameSpy Arcade
GameTime+
Gamut
Garmin Communicator Plugin
Garmin MapSource
Garmin WebUpdater
Geneforge 3
getPlus(R)_ocx
GIMP 2.6.5
GIMPshop .1 beta
Google Earth
Google Gmail Notifier
Governor of Poker
Great Wall of Words (remove only)
GSAK 7.2.2.23 (Final)
GTK+ 2.2.4-20040124 runtime environment
Gunslinger Solitaire
HammerHead Rhythm Station
HandBrake 0.9.3
Hauppauge WinTV-PVR 150 Drivers
Hauppauge WinTV2000
Hell's Kitchen
Hellgate: London
Help and Support Customization
HijackThis 2.0.2
Hold'em Partner
Hollywood Mogul 3
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Memories Disc
HP Photo and Imaging 2.2 - Scanjet 3970 Series
HP Software Update
Huffyuv AVI lossless video codec (Remove Only)
Icy Tower v1.3.1
iISystem Wiper 2.3
Image Analyzer
ImageShack QuickLoad
Impulse
In Nomine 3.1
Inspector Parker
Instant Eyedropper 1.75
InstantCopy
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer Default Page
InterVideo FilterSDK for Hauppauge
IrfanView (remove only)
iriverter
iTunes
iuVCR
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6
King's Bounty. The Legend (Remove Only)
Knytt 1.0.1
Kudos Rock Legend
LADSPA_plugins-win-0.4.15
Letter Lab
Lex Venture: A Crossword Caper
Liong: The Dragon Dance (remove only)
LiteStep
Locomotion
Logitech QuickCam Software
Logitech® Camera Driver
LogMeIn
Lottso! Deluxe (remove only)
Luxor 2 (remove only)
Malwarebytes' Anti-Malware
MapSource - MetroGuide USA
MediaCoder 0.6.1
MediaMonkey 3.0
MemStat XP (remove only)
Merriam Webster's Spell-Jam (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Chat 2.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Interop Forms Redistributable Package 2.0a
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Meeting
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Journal Viewer
mIRC
MIRE 0.12
MLB.com Shuffle (remove only)
Modem Helper
Morpher
Move Media Player
Movies
Mozilla Firefox (3.5.3)
Mozilla Thunderbird (2.0.0.23)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Multimedia Launcher
Music Wars Rebirth
Music Wars Rebirth Demo
MV2Player (remove only)
MVPSavReader
MWSnap 3
nanoPEG-Editor 2.3 Hauppauge Edition
Napster
Napster 3.5 MP3 Encoder
Napster Burn Engine
Neighbors From Hell: On Vacation
Nero OEM
New Star Grand Prix 1.0
New Star Soccer 3
NHL Eastside Hockey Manager 2005
NHL Eastside Hockey Manager 2007
nLite 1.2.1
Nokia Connectivity Cable Driver
Nokia PC Suite
NSS (remove only)
OmniFormat
Online Hold'em Inspector 2.14
OOTP Baseball 2007
OpenOffice.org 2.4
Opera 9.64
PANDA-glGo
Panda ActiveScan
PartyPoker
PartyPokerNet
PC Connectivity Solution
PC Tools Firewall Plus 6.0
PDF Image Extraction Wizard 2.0
PDF Split Merge Pages
Pdf995
PdfEdit995
Pegasus Imaging's PICVideo 3
Peggle Deluxe (remove only)
Photosmart 140,240,7200,7600,7700,7900 Series
PictoWords
Poker Tracker Omaha Version 1.04.00
Poker Tracker Version 2.03.01
PokerAce Hud (remove only)
PokerEV
PokerGrapher
PokerOffice (remove only)
PokerStars
PokerStove version 1.21
Porrasturvat - Stair Dismount (remove only)
PostgreSQL 8.2
Power Defrag 3.02a
PowerDVD
Prism Video Converter
Process Lasso
Profitville
PS7600
PSShortcutsP
PureSim 2004
PureSim Baseball 2007
Puzzle Pirates
QB Challenge 1.0
QuickTime
QuickTime Alternative 1.69
RCT3 Soaked
Real Alternative 1.29
Real Lives 2004
Real Lives 2007
Retro Records 1.0.1
Revo Uninstaller 1.75
Rhapsody Player Engine
Righteous Kill
RollerCoaster Tycoon® 3
Rooms: The Main Building
Safecracker (remove only)
Safecracker Strategy Guide (remove only)
Saints & Sinners Bowling (remove only)
SandScript
School Tycoon
SciFi Casino
Second And Ten College Version 1.1.6
Second And Ten Version 6.0.9
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Semagic (remove only)
Shape Shifter
ShellExView
Shizmoo Web Games (Uproar)
Shockwave
ShotOnline OpenBeta International
ShowShifter
Shutterfly Express
Sid Meier's Civilization 4
Signature995
Silent Storm
SiSoftware Sandra Lite 2005.SR3 (Win64/32/CE)
SiteSpinner V2
SkillJam SecurePlayer
Skins
Skype 3.1
Skype Plugin Manager
Slingo Quest Hawaii
Slingo Supreme
SmartFTP
SmartMorph
SnG Power Tools v1.19b
SNGEGT
Solecismic FTP
Sonic RecordNow!
Sonic Update Manager
Sony ACID XPress 5.0a
SopCast 1.1.2
Sound Blaster Live!
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SpywareBlaster 4.2
Stardock Central
Starters Orders 3
Steam
Sudoku
SUPER © Version 2009.bld.36 (June 10, 2009)
Super Wild Wild Words
SuperMegaSpoof 2.0
System Requirements Lab
Tabloid Tycoon
TEW2005
Texas Calculatem 4 with "AutoRead"
The Gaming Club Poker
The Movies (TM) - StarMaker (TM) Demo
The Movies(TM)
The Price is Right
The Sims 2
The Sims 2 Nightlife
The Sims 2 University
The Ultimate Troubleshooter
TightVNC 1.3.9
Titan Quest
Titan Quest Immortal Throne
TiVo Desktop 2.4a
Total College Basketball
Total Pro Basketball 2005
Total Pro Basketball 2005 1.1 Update
Total Pro Basketball 2005 1.4 Update
Total Pro Golf
Total Pro Golf 2
Tower Bloxx Deluxe
Trillian
Tropico 2: Pirate Cove
Truck Dismount (remove only)
TrueMoneyGames 3.5.6
Tunebite 4.1.0.35
Turbo Subs (remove only)
TVersity Codec Pack 1.2
TVersity Media Server 1.5 Beta
TVUPlayer 2.3.7.1
TweetDeck
UBO 2007 Edition
Ulead DVD MovieFactory 3 SE
Ulead GIF Animator 5 TBYB
UltimateBet
UltimateBuddy
Uninstall Startup Inspector for Windows
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Veetle TV Player 0.9.6
VEGA$ Tycoon
Ventrilo Client
Video Man v.3.0 Trial
ViewSonic Monitor Drivers
ViewSonic Windows XP Signed Files
Virtual Earth 3D (Beta)
Virtual U
Virtual VCR
Visual Pinball
vixy converter uninstall
VobSub v2.23 (Remove Only)
WD Diagnostics
Web Album Generator 1.8.2
WebFldrs XP
Wesabe Uploader 1.1.0
WIDCOMM Bluetooth Software
WikiSearch Toolbar
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMorph™ 3.01
WinMX
WinRAR archiver
WinSCP 3.5
WinZip
Within a Deep Forest 1.1.1
WMMA
Word Slinger
WordBiz version 1.8
Wordcraft (remove only)
Words Kingdom (remove only)
Words That Follow
World of Warcraft
Wrecker Ball: Dream
Wrestling Spirit
Xbox Music Mixer PC Tool
XChange 360
XviD MPEG-4 Video Codec
XviD MPEG4 Video Codec (remove only)
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yohoho! Puzzle Pirates
ZENcast Organizer
Zwei-Stein Video Compositor 3.01 (Beta 2).
==== Event Viewer Messages From Past Week ========
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The WMDM PMSP Service service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The TiVo Beacon service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The PostgreSQL Database Server 8.2 service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The PC Tools Firewall Plus service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The MSSQL$MICROSOFTBCM service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
10/9/2009 12:21:12 AM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/7/2009 7:29:28 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
10/7/2009 7:19:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/7/2009 7:18:57 PM, error: Service Control Manager [7034] - The LicCtrl Service service terminated unexpectedly. It has done this 1 time(s).
10/7/2009 7:18:57 PM, error: Service Control Manager [7034] - The Adobe Active File Monitor V5 service terminated unexpectedly. It has done this 1 time(s).
10/7/2009 7:07:31 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
10/7/2009 7:07:31 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/7/2009 7:07:31 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/2/2009 7:07:37 PM, error: Service Control Manager [7000] - The Hauppauge Streaming Data Capture Device service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/2/2009 7:07:37 PM, error: Service Control Manager [7000] - The Conexant's BtPCI WDM Video Capture service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
==== End Of File ===========================
Step # 1: Remove Poker programs
From your log I can see you've installed poker programs. A lot of poker programs are infected/can infect you with malware.
I would advise you to go to Add/Remove programs and uninstall the following poker program(s):
Absolute Poker
Bodog Poker Version 2.2.3.1
Cake Poker
DD Tournament Poker 1.0
DD Tournament Poker Patch 2
Doyles Room Poker
EmpirePoker
Full Tilt Poker
Governor of Poker
PartyPoker
PartyPokerNet
Poker
Poker Tracker Omaha Version 1.04.00
Poker Tracker Version 2.03.01
PokerAce Hud (remove only)
PokerEV
PokerGrapher
PokerOffice (remove only)
PokerStove version 1.21
The Gaming Club Poker
Here are links to some poker sites regarded as safe for your reference.
1. http://www.pokerstars.net/ - This is a free to use/play site with play money.
2. http://www.pokerstars.com/ - This is a free to use/play site with play money and real money.
Step # 2 Update Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6u16 (http://www.java.com/en/download/manual.jsp).
Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Remove the following old versions of Java:
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_05
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
J2SE Runtime Environment 5.0 Update 10
Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 2
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 15
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
From your desktop double-click on the download to install the newest version.
Step # 3 Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!
Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 24 hours
Then select the items you wish to clean up.
In the Windows Tab:
Clean all entries in the Internet Explorer section except Cookies
Clean all the entries in the Windows Explorer section
Clean all entries in the System section
Clean all entries in the Advanced section
Clean any others that you choose
In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it
Clean all in the Opera section if you use it
Clean Sun Java in the Internet Section
Clean any others that you choose
Click the Run Cleaner button.
A pop up box will appear advising this process will permanently delete files from your system.
Click OK and it will scan and clean your system.
Click exit when done.
If it asks you to reboot at the end, click NO
Step # 4 Run Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware.
Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
Next click the Scanner tab and select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
You can also access the log by doing the following:
Click on the Malwarebytes' Anti-Malware icon to launch the program.
Click on the Logs tab.
Click on the log at the bottom of those listed to highlight it.
Click Open.
Post the MalwareBytes' Log in your next post/reply.
ctircuit? How are things coming along?
ctircuit
2009-10-13, 04:03
MBAM log below. Full disclosure: I did not remove any of the poker programs, as some of them are games that I purchased at retail stores, and others have been recommended to me by (and used by) professional poker players I know. I trust the poker software to be safe. I do hope that this does not lead you to withdraw your assistance, but I did want you to know.
On to the MBAM log!
Malwarebytes' Anti-Malware 1.41
Database version: 2949
Windows 5.1.2600 Service Pack 2
10/12/2009 10:00:51 PM
mbam-log-2009-10-12 (22-00-51).txt
Scan type: Quick Scan
Objects scanned: 137605
Time elapsed: 9 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Full disclosure: I did not remove any of the poker programs, as some of them are games that I purchased at retail stores, and others have been recommended to me by (and used by) professional poker players I know. I trust the poker software to be safe. I do hope that this does not lead you to withdraw your assistance, but I did want you to know.
I recommended you remove those Poker programs, but since you say some are retail and others were recommended to you by pro poker players and you trust the poker programs/games to be safe, its ok for you to keep them. :)
Step # 1 Update Adobe Acrobat Reader
There is a newer version of Adobe Acrobat Reader available. (See Note below)
First, go to Add/Remove Programs and uninstall Adobe Reader 8.1.2.
Please go to this link Adobe Acrobat Reader Download Link (http://www.adobe.com/products/acrobat/readstep2.html)
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts
Note: Adobe 9.1.3 is a large program and if you prefer a smaller program you can get Foxit 3.1 instead from http://www.foxitsoftware.com/pdf/rd_intro.php
If you decide to install Foxit 3.1 instead of Adobe, do the following during Foxit's Setup/Installation process:
Uncheck the following boxes:
I accept the License Terms and want to install Foxit Toolbar
Make Ask.com my default search
Create desktop, quick launch and start menu icon to eBay
Step # 2: Run Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
In your next post/reply, I need to see the following:
1. Kaspersky Log
2. A fresh DDS Log
3. How is your computer doing, any problems?
ctircuit
2009-10-15, 01:43
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, October 14, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 14, 2009 00:50:22
Records in database: 2970962
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\
Scan statistics:
Objects scanned: 393773
Threats found: 14
Infected objects found: 42
Suspicious objects found: 118
Scan duration: 08:51:05
File name / Threat / Threats count
C:\Program Files\mIRC\mirc.exe/C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Documents and Settings\Cyril Tircuit\Application Data\Opera\Opera7\Mail\storage\mbox237.mbs Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\Cyril Tircuit\Application Data\Opera\Opera7\Mail\storage\mbox237.mbs Infected: Email-Worm.Win32.NetSky.q 2
C:\Documents and Settings\Cyril Tircuit\Application Data\Opera\Opera7\Mail\storage\mbox242.mbs Infected: Email-Worm.Win32.NetSky.c 1
C:\Documents and Settings\Cyril Tircuit\Application Data\Opera\Opera7\Mail\storage\mbox250.mbs Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Cyril Tircuit\Application Data\Opera\Opera7\Mail\storage\mbox251.mbs Suspicious: Exploit.HTML.Iframe.FileDownload 2
C:\Documents and Settings\Cyril Tircuit\Application Data\Opera\Opera7\Mail\storage\mbox251.mbs Infected: Email-Worm.Win32.NetSky.q 2
C:\Documents and Settings\Cyril Tircuit\Application Data\Opera\Opera7\Mail\storage\mbox252.mbs Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\Cyril Tircuit\Application Data\Opera\Opera7\Mail\storage\mbox252.mbs Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Cyril Tircuit\Application Data\Qualcomm\Eudora\mbox113.mbx Infected: Email-Worm.Win32.Tanatos.b 1
C:\Documents and Settings\Cyril Tircuit\Application Data\Qualcomm\Eudora\mbox251.mbx Infected: Email-Worm.Win32.Mydoom.a 3
C:\Documents and Settings\Cyril Tircuit\Application Data\Qualcomm\Eudora\mbox49.mbx Infected: Email-Worm.Win32.Tanatos.b 1
C:\Documents and Settings\Cyril Tircuit\Application Data\Qualcomm\Eudora\mbox62.mbx Infected: Email-Worm.Win32.Tanatos.b 1
C:\Documents and Settings\Cyril Tircuit\Application Data\Thunderbird\Profiles\default\d6559ceu.slt\ImapMail\mail.twyst.org\INBOX Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Documents and Settings\Cyril Tircuit\Application Data\Thunderbird\Profiles\default\d6559ceu.slt\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 27
C:\Documents and Settings\Cyril Tircuit\Application Data\Thunderbird\Profiles\default\d6559ceu.slt\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items Suspicious: Trojan-Spy.HTML.Fraud.gen 41
C:\Documents and Settings\Cyril Tircuit\Application Data\Thunderbird\Profiles\default\d6559ceu.slt\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items Infected: Trojan-Downloader.Win32.Small.ehe 1
C:\Documents and Settings\Cyril Tircuit\Application Data\Thunderbird\Profiles\default\d6559ceu.slt\Mail\Local Folders\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\Documents and Settings\Cyril Tircuit\Desktop\BootZilla4.zip Infected: Trojan.Win32.Starter.et 1
C:\Documents and Settings\Cyril Tircuit\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 41
C:\Documents and Settings\Cyril Tircuit\Local Settings\Application Data\Identities\{2C7A8CD0-78FA-427F-BF86-AE333A20DC52}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Downloader.Win32.Small.ehe 1
C:\Program Files\LogMeIn\update\2-30-545.bak\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1
C:\Program Files\LogMeIn\update\2-30-547.bak\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1
C:\Program Files\LogMeIn\update\2-30-547.bak\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1
C:\Program Files\LogMeIn\update\2-30-547.bak\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1
C:\Program Files\LogMeIn\update\2-30-555.bak\LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1
C:\Program Files\LogMeIn\update\2-30-555.bak\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.p 1
C:\Program Files\LogMeIn\update\2-30-555.bak\ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Macromedia\Common\3abfc0261.dll.vir Infected: Trojan.Win32.Scar.li 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\gasfkyvygjkrom.sys.vir Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gasfkyealnwhgu.dll.vir Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gasfkyhklhbqbm.dll.vir Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\gasfkysxqcijfm.dll.vir Infected: Packed.Win32.TDSS.z 1
C:\sentry\Sentry.exe Infected: HackTool.Win32.BruteGen.d 1
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2211\A0146322.sys Infected: Packed.Win32.TDSS.z 1
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2212\A0146376.dll Infected: Trojan.Win32.Scar.li 1
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2212\A0146378.dll Infected: Packed.Win32.TDSS.z 1
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2212\A0146379.dll Infected: Packed.Win32.TDSS.z 1
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP2212\A0146380.dll Infected: Packed.Win32.TDSS.z 1
C:\WINDOWS\Application Data\Opera\OPERA7\Mail\storage\mbox113.mbs Infected: Email-Worm.Win32.Tanatos.b 1
C:\WINDOWS\Application Data\Opera\OPERA7\Mail\storage\mbox251.mbs Infected: Email-Worm.Win32.Mydoom.a 3
C:\WINDOWS\Application Data\Opera\OPERA7\Mail\storage\mbox49.mbs Infected: Email-Worm.Win32.Tanatos.b 1
C:\WINDOWS\Application Data\Opera\OPERA7\Mail\storage\mbox62.mbs Infected: Email-Worm.Win32.Tanatos.b 1
Selected area has been scanned.
ctircuit
2009-10-15, 01:46
DDS (Ver_09-09-29.01) - NTFSx86
Run by Cyril Tircuit at 19:39:47.82 on Wed 10/14/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2559.1329 [GMT -4:00]
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
G:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\runservice.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
g:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
G:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
G:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
G:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
g:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
G:\Program Files\OpenOffice.org 2.4\program\soffice.exe
G:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\mIRC\mirc.exe
G:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Cyril Tircuit\Desktop\dds.scr
============== Pseudo HJT Report ===============
mWindow Title = Microsoft Internet Explorer provided by Comcast
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} -
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\g001-1.0.25.0\gnotify.exe
mRun: [Windows Media Connect 2] "c:\program files\windows media connect 2\WMCCFG.exe" /StartQuiet
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] g:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] g:\program files\logitech\video\LogiTray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Adobe Photo Downloader] "g:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ProcessGovernor] c:\program files\process lasso\processgovernor.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "g:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [00PCTFW] "g:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\cyrilt~1\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\docume~1\cyrilt~1\startm~1\programs\startup\openof~1.lnk - g:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: <NO NAME> =
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Semagic - c:\program files\semagic\link.htm
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepoker\EmpirePoker.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - c:\program files\ultimatebet\UltimateBet.exe
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {A18AC347-2CA3-4e5d-AB86-33BFC7EEB931} - c:\program files\gamingclubmpp\MPPoker.exe
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - g:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} c:\program files\partygaming\partypoker\runapp.exe - c:\program files\partygaming\partypoker\runapp.exe\inprocserver32 does not exist!
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: ActiveGS.cab - hxxp://www.virtualapple.com/activegs.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {04063354-A10E-4427-A1EC-F3CC81587BC6} - hxxp://www.worldwinner.com/games/v41/mines/mines.cab
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} - hxxp://www.albatross18.com/cabs/A18X.ocx
DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - hxxp://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15026/CTSUEng.cab
DPF: {0F42F280-2D6E-4B19-95A9-18D8DADB9309} - hxxp://www.betfred.com/company/gamessections/common/betfredlauncher.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.6.0.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} - hxxp://forms.real.com/real/player/download.html?f=windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://scpwga.ops.placeware.com/etc/place/GOLF/SCGpws-a1/5.1.2.150/lib/quicksilver.cab
DPF: {41D1977F-4161-4720-800F-EA4903983A38} - hxxp://www.worldwinner.com/games/v43/jigsaw/jigsaw.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} - hxxp://219.117.194.183:1024/home/SonySncRz30View.cab
DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB40} - hxxp://219.106.246.80/home/SonySncZ20View.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094097099602
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125356207484
DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} - hxxp://www.worldwinner.com/games/v44/wordcube/wordcube.cab
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {77538FC7-CE52-4704-9865-494FE92BC320} - hxxp://www.ultimatebaseballonline.com/myubo/launchubo.OCX
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://axis1.cyberbob.ch:91/activex/AxisCamControl.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38019.8350462963
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} - hxxp://eq2beta.station.sony.com/friends_and_family_reg/soesysinfo.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.srtest.com/sysreqlab.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v42/paint/paint.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://gameadvisor.futuremark.com/global/msc37.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27FFC5F-D7B9-4349-9F41-F7458B585374} - hxxp://www.worldwinner.com/games/v43/solotriv/solotriv.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://mppv2flash3.valueactive.com/Bet365/FlashAX.cab
DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - hxxp://ds1.downloadtech.net/cn1060/pcpowerscan.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yvwrctl.cab
DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} - hxxp://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://66.98.130.69/DGTx.CAB
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15028/CTPID.cab
DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} - hxxp://www.worldwinner.com/games/v51/h2hpool/h2hpool.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
Notify: MCPClient - c:\program files\common files\stardock\mcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\program files\common files\stardock\mcpcore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\cyrilt~1\applic~1\mozilla\firefox\profiles\gm8lftz4.default\
FF - plugin: c:\documents and settings\cyril tircuit\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\cyril tircuit\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\opera7\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\opera7\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava11.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava12.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava13.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava14.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJava32.dll
FF - plugin: c:\program files\opera7\program\plugins\NPJPI142_05.dll
FF - plugin: c:\program files\opera7\program\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\opera7\program\plugins\NPOJI610.dll
FF - plugin: c:\program files\opera7\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera7\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\opera7\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\opera7\program\plugins\npwthost.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlc\npvlc.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: g:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: g:\program files\opera\program\plugins\npdsplay.dll
FF - plugin: g:\program files\opera\program\plugins\NPSWF32.dll
FF - plugin: g:\program files\opera\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-7 11608]
R1 Odptdi;Odptdi;c:\windows\system32\drivers\odptdi.sys [2009-8-4 46744]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-10-7 229304]
R1 UserPort;UserPort;c:\windows\system32\drivers\UserPort.sys [2005-1-17 4256]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-7 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-7 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-7 55656]
R2 FlipShare Service;FlipShare Service;c:\program files\pure digital technologies\flipshare\FlipShareService.exe [2008-11-13 439616]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2004-2-7 2560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-5-29 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-5-29 47640]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-10-7 87656]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;g:\program files\pc tools firewall plus\FWService.exe [2009-10-7 818432]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;c:\program files\postgresql\8.2\bin\pg_ctl.exe [2007-9-17 79948]
R2 TivoBeacon2;TiVo Beacon;c:\program files\common files\tivo shared\beacon\TiVoBeacon.exe [2007-5-2 865280]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-10-7 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-10-7 70280]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-10-7 46592]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-10-7 115088]
S2 BT848;Conexant's BtPCI WDM Video Capture;c:\windows\system32\drivers\BT848.sys [2005-2-10 371349]
S2 BT878;Hauppauge Streaming Data Capture Device;c:\windows\system32\drivers\bt878.sys [2005-2-8 23552]
S3 Alpham;Ideazon ZBoard Composite Keyboard Driver;c:\windows\system32\drivers\Alpham.sys [2006-3-12 37248]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [2006-5-25 12192]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2004-3-13 19677]
S4 FAH@C:+Folding@Home+FAH502-Console.exe;FAH@C:+Folding@Home+FAH502-Console.exe;c:\folding@home\fah502-console.exe -svcstart --> c:\folding@home\FAH502-Console.exe -svcstart [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
=============== Created Last 30 ================
2009-10-12 21:17 73,728 a------- c:\windows\system32\javacpl.cpl
2009-10-12 21:00 0 a------- c:\windows\system32\REN5AA.tmp
2009-10-12 21:00 0 a------- c:\windows\system32\REN5A9.tmp
2009-10-07 21:55 <DIR> --d----- c:\docume~1\cyrilt~1\applic~1\PCToolsFirewallPlus
2009-10-07 21:49 207,280 a------- c:\windows\system32\drivers\PCTCore.sys
2009-10-07 21:49 87,656 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-07 21:49 7,412 a------- c:\windows\system32\drivers\PCTAppEvent.cat
2009-10-07 21:49 7,383 a------- c:\windows\system32\drivers\pctcore.cat
2009-10-07 21:49 229,304 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-10-07 21:49 7,387 a------- c:\windows\system32\drivers\pctgntdi.cat
2009-10-07 21:49 70,280 a------- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-10-07 21:49 46,592 a------- c:\windows\system32\drivers\pctNdis.sys
2009-10-07 21:49 32,552 a------- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-10-07 21:49 <DIR> --d----- c:\program files\common files\PC Tools
2009-10-07 21:49 115,088 a------- c:\windows\system32\drivers\pctplfw.sys
2009-10-07 19:13 <DIR> a-dshr-- C:\cmdcons
2009-10-07 19:05 229,888 a------- c:\windows\PEV.exe
2009-10-07 19:05 161,792 a------- c:\windows\SWREG.exe
2009-10-07 19:05 98,816 a------- c:\windows\sed.exe
2009-10-07 08:15 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-10-07 08:15 <DIR> --d----- c:\program files\Avira
2009-10-07 08:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-10-04 01:25 <DIR> --d----- c:\program files\SpywareBlaster
2009-10-04 00:09 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-21 01:45 <DIR> --d----- c:\documents and settings\cyril tircuit\.Gamut
2009-09-21 01:45 <DIR> --d----- c:\program files\Volity Games
==================== Find3M ====================
2009-10-12 21:15 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-12 21:08 8,529 a--sh--- c:\windows\system32\mmf.sys
2009-10-01 15:10 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-10-01 15:10 87,352 a------- c:\windows\system32\LMIinit.dll
2009-10-01 15:10 28,984 a------- c:\windows\system32\LMIport.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-07 15:10 25,248 a------- c:\windows\system32\LMImirr.dll
2009-09-07 15:10 11,552 a------- c:\windows\system32\LMImirr2.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2008-02-27 18:20 0 a------- c:\program files\temp01
2004-03-11 14:27 40,960 a------- c:\program files\Uninstall_CDS.exe
2007-08-02 23:26 8 ---shr-- c:\windows\system32\594137F75B.sys
2005-02-16 02:12 56 ---shr-- c:\windows\system32\5BF7374159.sys
2006-05-03 05:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 06:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2008-03-16 08:30 216,064 ---shr-- c:\windows\system32\nbDX.dll
============= FINISH: 19:41:15.21 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-09-29.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/2/2004 9:23:09 PM
System Uptime: 10/12/2009 9:07:24 PM (46 hours ago)
Motherboard: Dell Computer Corp. | | 0N2828
Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | Microprocessor | 2593/800mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 4.171 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
G: is FIXED (NTFS) - 75 GiB total, 3.451 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6133
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6133
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
==== System Restore Points ===================
RP2159: 9/20/2009 10:55:43 PM - System Checkpoint
RP2160: 9/20/2009 10:55:44 PM - System Checkpoint
RP2161: 9/20/2009 10:55:44 PM - System Checkpoint
RP2162: 9/20/2009 10:55:44 PM - System Checkpoint
RP2163: 9/20/2009 10:55:45 PM - System Checkpoint
RP2164: 9/20/2009 10:55:45 PM - System Checkpoint
RP2165: 9/20/2009 10:55:45 PM - System Checkpoint
RP2166: 9/20/2009 10:55:46 PM - Installed Aventail OnDemand Proxy Agent
RP2167: 9/20/2009 10:55:47 PM - System Checkpoint
RP2168: 9/20/2009 10:55:47 PM - System Checkpoint
RP2169: 9/20/2009 10:55:48 PM - System Checkpoint
RP2170: 9/20/2009 10:55:49 PM - System Checkpoint
RP2171: 9/20/2009 10:55:51 PM - System Checkpoint
RP2172: 9/20/2009 10:55:53 PM - System Checkpoint
RP2173: 9/20/2009 10:55:54 PM - System Checkpoint
RP2174: 9/20/2009 10:55:55 PM - System Checkpoint
RP2175: 9/20/2009 10:55:56 PM - System Checkpoint
RP2176: 9/20/2009 10:55:56 PM - System Checkpoint
RP2177: 9/20/2009 10:55:57 PM - System Checkpoint
RP2178: 9/20/2009 10:55:58 PM - System Checkpoint
RP2179: 9/20/2009 10:55:59 PM - System Checkpoint
RP2180: 9/20/2009 10:56:01 PM - System Checkpoint
RP2181: 9/20/2009 10:56:01 PM - Software Distribution Service 3.0
RP2182: 9/20/2009 10:56:03 PM - System Checkpoint
RP2183: 9/20/2009 10:56:04 PM - System Checkpoint
RP2184: 9/20/2009 10:56:06 PM - System Checkpoint
RP2185: 9/20/2009 10:56:07 PM - System Checkpoint
RP2186: 9/20/2009 10:56:08 PM - System Checkpoint
RP2187: 9/20/2009 10:56:08 PM - System Checkpoint
RP2188: 9/20/2009 10:56:09 PM - System Checkpoint
RP2189: 9/20/2009 10:56:10 PM - System Checkpoint
RP2190: 9/20/2009 10:56:11 PM - System Checkpoint
RP2191: 9/20/2009 10:56:12 PM - System Checkpoint
RP2192: 9/20/2009 10:56:12 PM - System Checkpoint
RP2193: 9/20/2009 10:56:13 PM - Installed Compatibility Pack for the 2007 Office system
RP2194: 9/20/2009 10:56:14 PM - System Checkpoint
RP2195: 9/20/2009 10:56:15 PM - System Checkpoint
RP2196: 9/20/2009 10:56:16 PM - System Checkpoint
RP2197: 9/20/2009 10:56:17 PM - System Checkpoint
RP2198: 9/20/2009 10:56:18 PM - System Checkpoint
RP2199: 9/20/2009 10:56:20 PM - Printer Driver LogMeIn Printer Driver Installed
RP2200: 9/20/2009 10:56:20 PM - System Checkpoint
RP2201: 9/20/2009 10:56:21 PM - System Checkpoint
RP2202: 9/20/2009 10:56:21 PM - System Checkpoint
RP2203: 9/20/2009 10:56:21 PM - System Checkpoint
RP2204: 9/20/2009 10:56:23 PM - System Checkpoint
RP2205: 9/20/2009 10:56:23 PM - System Checkpoint
RP2206: 9/20/2009 10:56:23 PM - System Checkpoint
RP2207: 9/20/2009 10:56:24 PM - System Checkpoint
RP2208: 9/20/2009 10:56:24 PM - System Checkpoint
RP2209: 9/20/2009 10:56:24 PM - System Checkpoint
RP2210: 9/20/2009 10:56:24 PM - System Checkpoint
RP2211: 9/20/2009 10:56:24 PM - System Checkpoint
RP2212: 10/7/2009 7:30:49 PM - ComboFix created restore point
RP2213: 10/9/2009 12:18:23 AM - ComboFix created restore point
RP2214: 10/9/2009 4:01:53 AM - Software Distribution Service 3.0
RP2215: 10/12/2009 8:35:12 PM - Removed Java 2 Runtime Environment, SE v1.4.2
RP2216: 10/12/2009 8:36:45 PM - Removed Java 2 Runtime Environment, SE v1.4.2_04
RP2217: 10/12/2009 8:38:05 PM - Removed Java 2 Runtime Environment, SE v1.4.2_05
RP2218: 10/12/2009 8:40:01 PM - Removed Java(TM) 6 Update 12
RP2219: 10/12/2009 8:42:00 PM - Removed Java(TM) SE Runtime Environment 6
RP2220: 10/12/2009 8:43:33 PM - Removed Java(TM) 6 Update 2
RP2221: 10/12/2009 8:45:24 PM - Removed Java(TM) 6 Update 4
RP2222: 10/12/2009 8:46:57 PM - Removed Java(TM) 6 Update 5
RP2223: 10/12/2009 8:50:30 PM - Removed J2SE Runtime Environment 5.0 Update 10
RP2224: 10/12/2009 8:52:09 PM - Removed J2SE Runtime Environment 5.0 Update 9
RP2225: 10/12/2009 8:56:36 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP2226: 10/12/2009 8:58:02 PM - Removed J2SE Runtime Environment 5.0 Update 5
RP2227: 10/12/2009 8:59:36 PM - Removed J2SE Runtime Environment 5.0 Update 2
RP2228: 10/12/2009 9:15:11 PM - Installed Java(TM) 6 Update 16
RP2229: 10/12/2009 10:56:33 PM - Software Distribution Service 3.0
RP2230: 10/13/2009 4:00:48 AM - Software Distribution Service 3.0
==== Installed Programs ======================
3ivx MPEG-4 5.0.3 (remove only)
Absolute Poker
AcroChallenge 2.85
Action Replay XBOX 1.30
ActionReplay Xbox
Ad-Aware SE Personal
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 2.1
Adobe Photoshop Elements 5.0
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11.5
AGEIA PhysX v7.05.06
Airport Mania: First Flight
Albatross18 (NtreevSoft)
Ancient Quest of Saqqarah
Any Video Converter 2.6.7
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArGoSoft Mail Server Freeware
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
AudibleManager
AusLogics Disk Defrag
Auto Gordian Knot 2.40
AutoUpdate
Aventail Access Manager
Aventail OnDemand Proxy Agent
Aventail OPSWAT End Point Control
Aventail Web Proxy Agent
Aventail Webifiers
Avery DesignPro
Avery® Wizard 2.1 for Microsoft® Office Word 2003
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
Azada ™
Banctec Service Agreement
Baseball Mogul 2007
BCM V.92 56K Modem
Best Buy Rhapsody
BeTrapped!
Big Fish Games Client
Big Pinata (remove only)
Bingo Cafe
Blood Bowl 1.0.1.2
Bodog Poker Version 2.2.3.1
Boggle Supreme
Bontago
Bookworm Adventures Deluxe 1.0
Bowl Bound College Football
Bowl Bound College Football Update 1.51
Bowl Bound College Football Update 1.52
Brainiversity (remove only)
Breaking News (remove only)
Brother HL-2070N
Bus Driver 1.0
Business Contact Manager for Outlook 2003
CacheStats
Cake Poker
Camtasia Studio 3
Capture Studio Professional 4.05
Caribbean Pirate Quest
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Spanish
ccc-Branding
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help English
CCC Help French
CCC Help German
CCC Help Spanish
CCleaner (remove only)
Citrix XenApp Web Plugin
cladDVD .NET v3.5.6
clrmamepro
COH Character Creator
Color Up: Wedding Scrapbook
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
Cool Edit 96
Corel Paint Shop Pro X
County Fair
Cradle of Rome (remove only)
Crayon Physics Deluxe Demo - release 52
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
Critical Update for Windows Media Player 11 (KB959772)
CrossLoop 2.41
Curse Client
Cuttermaran 1.62
DD Tournament Poker 1.0
DD Tournament Poker Patch 2
DeepBurner v1.8.0.224
DefilerPak 1.19 (Remove Only)
Defraggler (remove only)
DeliPlayer 2
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
DirectShow Dump
DiscWizard for Windows
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
dotamatic 0.2
Doyles Room Poker
Dr. DivX Trial
DS21Patch
DScaler 4.1.10
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD Solution
DVD43 v4.2.0
DVDSentry
DVDx 2.3
EA SPORTS online 2004
Eastside UK pre-game Editor v2007.1.2
Easy CD Ripper 2.25
EasyGPS
EmpirePoker
EQ2MAP Updater 1.0.6
ERUNT 1.1j
Eudora
Europa Universalis III
EVEREST Home Edition v1.10
EverQuest
EverQuest II
EverQuest: Shadows of Luclin
EverQuest: SOV
Excalibur Publishing Limited - 1C\Space Rangers 2
Eyeball Chat 2.2
Fabulous Finds
FairUse Wizard
Fairway Solitaire (remove only)
Family Feud III: Dream Home
FamilyFeudOnlineParty (remove only)
Fast Break College Basketball 2003
FAST Defrag Freeware 2.29 [final]
ffdshow [rev 1723] [2007-12-24]
Flash Renamer 4.62
FlasKMPEG (remove only)
FlipShare
FOF2k7 Utility Suite
Forgotten Riddles - The Mayan Princess (remove only)
Foxit Reader
Freedom Force® vs The 3rd Reich
Front Office Football 2004
Front Office Football 2007
Full Tilt Poker
Fury Race
Future Pinball
Futuremark Measurement Services Client
Gadwin PrintScreen
GameSpy Arcade
GameTime+
Gamut
Garmin Communicator Plugin
Garmin MapSource
Garmin WebUpdater
Geneforge 3
getPlus(R)_ocx
GIMP 2.6.5
GIMPshop .1 beta
Google Earth
Google Gmail Notifier
Governor of Poker
Great Wall of Words (remove only)
GSAK 7.2.2.23 (Final)
GTK+ 2.2.4-20040124 runtime environment
Gunslinger Solitaire
HammerHead Rhythm Station
HandBrake 0.9.3
Hauppauge WinTV-PVR 150 Drivers
Hauppauge WinTV2000
Hell's Kitchen
Hellgate: London
Help and Support Customization
HijackThis 2.0.2
Hold'em Partner
Hollywood Mogul 3
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Memories Disc
HP Photo and Imaging 2.2 - Scanjet 3970 Series
HP Software Update
Huffyuv AVI lossless video codec (Remove Only)
Icy Tower v1.3.1
iISystem Wiper 2.3
Image Analyzer
ImageShack QuickLoad
Impulse
In Nomine 3.1
Inspector Parker
Instant Eyedropper 1.75
InstantCopy
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer Default Page
InterVideo FilterSDK for Hauppauge
IrfanView (remove only)
iTunes
iuVCR
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Java(TM) 6 Update 16
King's Bounty. The Legend (Remove Only)
Knytt 1.0.1
Kudos Rock Legend
LADSPA_plugins-win-0.4.15
Letter Lab
Lex Venture: A Crossword Caper
Liong: The Dragon Dance (remove only)
Locomotion
Logitech QuickCam Software
Logitech® Camera Driver
LogMeIn
Lottso! Deluxe (remove only)
Luxor 2 (remove only)
Malwarebytes' Anti-Malware
MapSource - MetroGuide USA
MediaCoder 0.6.1
MediaMonkey 3.0
MemStat XP (remove only)
Merriam Webster's Spell-Jam (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Chat 2.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Interop Forms Redistributable Package 2.0a
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Meeting
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Journal Viewer
mIRC
MIRE 0.12
MLB.com Shuffle (remove only)
Modem Helper
Morpher
Movies
Mozilla Firefox (3.5.3)
Mozilla Thunderbird (2.0.0.23)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Multimedia Launcher
Music Wars Rebirth
Music Wars Rebirth Demo
MV2Player (remove only)
MVPSavReader
MWSnap 3
nanoPEG-Editor 2.3 Hauppauge Edition
Napster
Napster 3.5 MP3 Encoder
Napster Burn Engine
Neighbors From Hell: On Vacation
Nero OEM
New Star Grand Prix 1.0
New Star Soccer 3
NHL Eastside Hockey Manager 2005
NHL Eastside Hockey Manager 2007
nLite 1.2.1
Nokia Connectivity Cable Driver
Nokia PC Suite
NSS (remove only)
OmniFormat
Online Hold'em Inspector 2.14
OOTP Baseball 2007
OpenOffice.org 2.4
Opera 9.64
PANDA-glGo
Panda ActiveScan
PartyPoker
PartyPokerNet
PC Connectivity Solution
PC Tools Firewall Plus 6.0
PDF Image Extraction Wizard 2.0
PDF Split Merge Pages
Pdf995
PdfEdit995
Pegasus Imaging's PICVideo 3
Peggle Deluxe (remove only)
Photosmart 140,240,7200,7600,7700,7900 Series
PictoWords
Poker Tracker Omaha Version 1.04.00
Poker Tracker Version 2.03.01
PokerAce Hud (remove only)
PokerEV
PokerGrapher
PokerOffice (remove only)
PokerStars
PokerStove version 1.21
Porrasturvat - Stair Dismount (remove only)
PostgreSQL 8.2
Power Defrag 3.02a
PowerDVD
Prism Video Converter
Process Lasso
Profitville
PS7600
PSShortcutsP
PureSim 2004
PureSim Baseball 2007
QB Challenge 1.0
QuickTime
QuickTime Alternative 1.69
RCT3 Soaked
Real Alternative 1.29
Real Lives 2004
Real Lives 2007
Retro Records 1.0.1
Revo Uninstaller 1.75
Rhapsody Player Engine
Righteous Kill
RollerCoaster Tycoon® 3
Rooms: The Main Building
Safecracker (remove only)
Safecracker Strategy Guide (remove only)
Saints & Sinners Bowling (remove only)
SandScript
School Tycoon
SciFi Casino
Second And Ten College Version 1.1.6
Second And Ten Version 6.0.9
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Semagic (remove only)
Shape Shifter
ShellExView
Shizmoo Web Games (Uproar)
Shockwave
ShotOnline OpenBeta International
ShowShifter
Shutterfly Express
Sid Meier's Civilization 4
Signature995
Silent Storm
SiSoftware Sandra Lite 2005.SR3 (Win64/32/CE)
SiteSpinner V2
SkillJam SecurePlayer
Skins
Skype 3.1
Skype Plugin Manager
Slingo Quest Hawaii
Slingo Supreme
SmartFTP
SmartMorph
SnG Power Tools v1.19b
SNGEGT
Solecismic FTP
Sonic RecordNow!
Sonic Update Manager
Sony ACID XPress 5.0a
SopCast 1.1.2
Sound Blaster Live!
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SpywareBlaster 4.2
Stardock Central
Steam
Sudoku
SUPER © Version 2009.bld.36 (June 10, 2009)
Super Wild Wild Words
SuperMegaSpoof 2.0
System Requirements Lab
Tabloid Tycoon
TEW2005
Texas Calculatem 4 with "AutoRead"
The Gaming Club Poker
The Movies (TM) - StarMaker (TM) Demo
The Movies(TM)
The Price is Right
The Sims 2
The Sims 2 Nightlife
The Sims 2 University
The Ultimate Troubleshooter
TightVNC 1.3.9
Titan Quest
Titan Quest Immortal Throne
TiVo Desktop 2.4a
Total College Basketball
Total Pro Basketball 2005
Total Pro Basketball 2005 1.1 Update
Total Pro Basketball 2005 1.4 Update
Total Pro Golf
Total Pro Golf 2
Tower Bloxx Deluxe
Trillian
Tropico 2: Pirate Cove
Truck Dismount (remove only)
TrueMoneyGames 3.5.6
Tunebite 4.1.0.35
Turbo Subs (remove only)
TVersity Codec Pack 1.2
TVersity Media Server 1.5 Beta
TVUPlayer 2.3.7.1
TweetDeck
UBO 2007 Edition
Ulead DVD MovieFactory 3 SE
Ulead GIF Animator 5 TBYB
UltimateBet
UltimateBuddy
Uninstall Startup Inspector for Windows
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Veetle TV Player 0.9.6
VEGA$ Tycoon
Ventrilo Client
Video Man v.3.0 Trial
ViewSonic Monitor Drivers
ViewSonic Windows XP Signed Files
Virtual Earth 3D (Beta)
Virtual U
Virtual VCR
Visual Pinball
vixy converter uninstall
VobSub v2.23 (Remove Only)
WD Diagnostics
Web Album Generator 1.8.2
WebFldrs XP
Wesabe Uploader 1.1.0
WIDCOMM Bluetooth Software
WikiSearch Toolbar
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMorph™ 3.01
WinMX
WinRAR archiver
WinSCP 3.5
WinZip
Within a Deep Forest 1.1.1
WMMA
Word Slinger
WordBiz version 1.8
Wordcraft (remove only)
Words Kingdom (remove only)
World of Warcraft
Wrecker Ball: Dream
Wrestling Spirit
Xbox Music Mixer PC Tool
XChange 360
XviD MPEG-4 Video Codec
XviD MPEG4 Video Codec (remove only)
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
ZENcast Organizer
Zwei-Stein Video Compositor 3.01 (Beta 2).
==== Event Viewer Messages From Past Week ========
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The WMDM PMSP Service service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The TiVo Beacon service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The PostgreSQL Database Server 8.2 service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The PC Tools Firewall Plus service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The MSSQL$MICROSOFTBCM service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The FlipShare Service service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
10/9/2009 12:21:12 AM, error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
10/9/2009 12:21:12 AM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/7/2009 7:32:09 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
10/7/2009 7:31:54 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/7/2009 7:31:11 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
10/7/2009 7:31:11 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/7/2009 7:29:53 PM, error: Service Control Manager [7034] - The LicCtrl Service service terminated unexpectedly. It has done this 1 time(s).
10/7/2009 7:29:53 PM, error: Service Control Manager [7034] - The Adobe Active File Monitor V5 service terminated unexpectedly. It has done this 1 time(s).
10/7/2009 7:29:28 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
10/7/2009 7:29:28 PM, error: Service Control Manager [7000] - The Hauppauge Streaming Data Capture Device service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/7/2009 7:29:28 PM, error: Service Control Manager [7000] - The Conexant's BtPCI WDM Video Capture service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
==== End Of File ===========================
ctircuit
2009-10-15, 01:48
The computer seems to be running fine. Not having the redirect problems at this time. I am now running an antivirus and a firewall, and I feel much safer. All of your help is appreciated so far!!
Kaspersky found files in the Qoobox folder which is where ComboFix keeps its quarantined files. I'll show how to remove them in an upcoming post. Kaspersky also found some infected System Restore points, they are harmless where they are. I'll show how to remove them and set a new clean one in an upcoming post.
I'd like for you to go the following mail programs and delete all e-mails in the Junk, Spam and Bulk Folders. Also delete any e-mails you no longer need in the Inbox of these Mail programs:
Opera 7 Mail
Eudora
ThunderBird
Outlook Express
Finally, delete these files, if found:
C:\Documents and Settings\Cyril Tircuit\Desktop\BootZilla4.zip
C:\sentry\Sentry.exe
Let me know if you have any problems with any of the above.
ctircuit
2009-10-18, 01:34
OK, these steps are done. I'm ready for the next ones!
If there are no more problems, you are good to go. :)
You can delete the following files off of your computer:
DDS.scr
GMER.zip
GMER.exe
The GMER Log
To remove ComboFix, do the following:
Go to Start > Run - type in ComboFix /U & click OK
The following programs are out of date and can be uninstalled:
Ad-Aware SE Personal
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
The latest version of Spybot Search & Destroy is 1.6.2
http://www.safer-networking.org/en/mirrors/index.html
Empty your Recycle Bin.
Please take the time to read my All Clean Post.
Please follow these simple steps in order to keep your computer clean and secure:
This is a good time to clear your existing system restore points and establish a new clean restore point
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Make sure the C:\ drive is selected and click OK. If your computer's Hard Drive is not located on C:, change it to the correct drive letter then click OK.
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created..
Clearing your restore points is not something you should do on a regular basis. Normally, this process only needs to be done after clearing out an infestation of malware.
Make your Internet Explorer more secure This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub frames across different domains to Prompt When all these settings have been made, click on the OK button.
If it asks you if you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Set correct settings for files that should be hidden in Windows XP
Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
If unchecked please checkHide protected operating system files (Recommended)
If necessary check "Display content of system folders"
If necessary Uncheck Hide file extensions for known file types.
Click OK
Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a day. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
Visit Microsoft's Update Site Frequently It is important that you visit Microsoft Updates (http://update.microsoft.com/) regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file (http://www.mvps.org/winhelp2002/hosts.htm) Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE (http://www.bleepingcomputer.com/forums/tutorial51.html) If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button on the task bar at the bottom of your screen Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then doubleclick it. On the dropdown box, change the setting from automatic to manual. Click ok..
Use an alternative instant messenger program.Trillian (http://www.trillian.cc/) and Miranda IM (http://www.miranda-im.com/) These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
Please read Tony Klein's excellent article: How I got Infected in the First Place (http://forums.subratam.org/index.php?showtopic=5931)
Please read Understanding Spyware, Browser Hijackers, and Dialers (http://www.bleepingcomputer.com/forums/tutorial41.html)
Please read Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/tutorial82.html)
If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox (http://www.mozilla.org/products/firefox) or
Opera (http://www.opera.com/download/).
If you decide to use either FireFox or Opera, it is very important that you keep them up to date and check frequently for updates of the browser of your choice.
Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back (http://spyware-free.us/2006/01/time-to-fight-back.html). Follow these steps and your potential for being infected again will reduce dramatically.
Here's a good website to read about Malware prevention:
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
If your computer is running slow, click here (http://www.malwareremoval.com/tutorials/runningslowly.php) for instructions on how to help speed up your computer.
Good luck!
Please reply one last time so that I know you have read my post and this thread can be closed.
ctircuit
2009-10-18, 18:09
I have read your post, and I GREATLY appreciate all of your help. I will keep my computer more secure from now on.
Thank you!!
You're welcome. I'm glad I was able to help you out. :)
Good luck and safe surfing!