Cannot access Spybot updates or Microsoft update after cleaning tidserv trojan

P

Psybernetic

New member
I've already "cleaned" the infection from my computer, but I still can't connect to updates other than Symantec Live Update and it takes an unnecessary amount of time for my browsers to load up pages I want to visit. Also, some of the programs in the registry have been uninstalled for like... over a year.

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/7/2005 11:24:05 AM
System Uptime: 4/30/2010 2:55:53 AM (70 hours ago)

Motherboard: Dell Inc. | | 0GM819
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | CPU | 2659/1333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 5.939 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is CDROM ()
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) Active Management Technology - SOL
Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Manufacturer: Intel
Name: Intel(R) Active Management Technology - SOL (COM3)
PNP Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Service: Serial

==== System Restore Points ===================

RP1: 3/28/2010 10:10:54 PM - System Checkpoint
RP2: 3/30/2010 3:24:29 AM - System Checkpoint
RP3: 3/31/2010 4:07:45 AM - System Checkpoint
RP4: 4/1/2010 4:36:46 AM - System Checkpoint
RP5: 4/2/2010 5:21:14 AM - System Checkpoint
RP6: 4/3/2010 6:16:00 AM - System Checkpoint
RP7: 4/4/2010 6:16:59 AM - System Checkpoint
RP8: 4/5/2010 7:15:54 AM - System Checkpoint
RP9: 4/6/2010 8:15:54 AM - System Checkpoint
RP10: 4/6/2010 11:54:52 PM - Removed Command & Conquer™ 4 Tiberian Twilight
RP11: 4/6/2010 11:57:15 PM - Removed DK Optimize
RP12: 4/8/2010 4:05:05 AM - System Checkpoint
RP13: 4/9/2010 4:24:11 AM - System Checkpoint
RP14: 4/10/2010 5:06:18 AM - System Checkpoint
RP15: 4/10/2010 11:36:07 AM - Installed DirectX
RP16: 4/10/2010 12:29:47 PM - Removed Intel(R) Processor ID Utility
RP17: 4/11/2010 1:06:22 PM - System Checkpoint
RP18: 4/12/2010 1:07:25 PM - System Checkpoint
RP19: 4/13/2010 2:06:18 PM - System Checkpoint
RP20: 4/14/2010 3:07:26 PM - System Checkpoint
RP21: 4/15/2010 4:06:21 PM - System Checkpoint
RP22: 4/16/2010 4:07:25 PM - System Checkpoint
RP23: 4/17/2010 6:46:47 PM - System Checkpoint
RP24: 4/18/2010 10:08:07 PM - System Checkpoint
RP25: 4/19/2010 11:36:39 PM - System Checkpoint
RP26: 4/21/2010 12:22:40 AM - System Checkpoint
RP27: 4/22/2010 12:46:56 AM - System Checkpoint
RP28: 4/23/2010 1:24:02 AM - System Checkpoint
RP29: 4/24/2010 7:57:03 AM - System Checkpoint
RP30: 4/25/2010 8:45:51 AM - System Checkpoint
RP31: 4/26/2010 9:37:51 AM - System Checkpoint
RP32: 4/27/2010 10:38:59 AM - System Checkpoint
RP33: 4/28/2010 11:46:54 AM - System Checkpoint
RP34: 4/29/2010 12:23:33 PM - System Checkpoint
RP35: 4/30/2010 1:40:05 AM - Installed HiJackThis
RP36: 5/1/2010 2:48:04 AM - System Checkpoint
RP37: 5/2/2010 3:03:40 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
7-Zip 4.65
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Color Common Settings
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Setup
Advanced Batch Converter
Age of Empires III - The WarChiefs
AlienGUIse Theme Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aspell English Dictionary-0.50-2
Aspell German Dictionary-0.50-2
ATI - Software Uninstall Utility
AusLogics Disk Defrag
AutoUpdate
AviSynth 2.5
Bonjour
BufferChm
CCleaner
CDBurnerXP
CDDRV_Installer
CDisplay 1.8
Choice Guard
Cole2k Media - Codec Pack (Advanced) 6.1.0
Combined Community Codec Pack 2009-09-09
Command & Conquer™ Red Alert™ 3
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Curse Client
CursorFX
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp Music Converter
dBpoweramp Windows Media Audio 10 Codec
DDS Converter 2.1
Dell ETS Factory Installation
Destinations
Dimension 4 v5.0
Director
DirectX for Managed Code Update (Summer 2004)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DocProc
DocumentViewer
Download Manager 2.3.10
Dragon Age Awakening Redesigned
Dragon Age Awakening Redesigned©
Dragon Age Awakening Velanna Redesigned©
Dragon Age Redesigned © Morrigan
Dragon Age Redesigned Oghren©
Dragon Age Redesigned©
Dragon Age Redesigned© Zevran
Dragon Age Redesigned© Leliana
Dragon Age Redesigned© Sten
Dragon Age Redesigned© Wynne
Dragon Age: Origins
DVD Shrink 3.2
EA Download Manager
Earthsim
Electricsheep Screensaver 2.7b18
EphPod
erLT
ERUNT 1.1j
FileZilla 2.2.32
FMOD Programmers API Win32
FoxyTunes for Firefox
Game Maker 8.0
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
GIMP 2.6.8
GlassFish V2 UR1
GNU Aspell 0.50-3
Gpg4win (2.0.2)
GTK+ Runtime 2.14.7 rev a (remove only)
High Definition Audio Driver Package - KB835221
HiJackThis
HostExplorer 2008
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
HPSystemDiagnostics
InstantShare
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) PRO Alerting Agent
Intel(R) PRO Network Connections 12.1.12.4
Intel® Active Management Technology
Intel® Management Engine Interface
iTunes
J2SE Runtime Environment 5.0 Update 6
Java DB 10.4.2.1
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 14
Java(TM) SE Development Kit 6 Update 6
Junk Mail filter update
KeyScrambler
KhalInstallWrapper
Last.fm 1.5.4.24567
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 3.1 (Symantec Corporation)
Logitech SetPoint
Magic ISO Maker v5.5 (build 0272)
MagicDisc 2.7.105
Mass Effect 2
Medieval CUE Splitter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft WSE 3.0 Runtime
MIT Kerberos for Windows 3.2.0
MobileMe Control Panel
Monkey's Audio
MotioninJoy ds3 driver version 0.4.0002
Mouse Suite for Desktop Computers
Move Media Player
Mozilla Firefox (3.6.3)
Mozilla Thunderbird (3.0.4)
Mozilla Thunderbird 2.0.0.x
MSDN Library for Microsoft Visual Studio 2008 Express Editions
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NetBeans IDE 6.7.1
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
OGA Notifier 2.0.0048.0
PCSX2 - Playstation 2 Emulator
Pcsx2 0.9.6
PeerBlock 1.0.0 (r181)
PhotoGallery
Pidgin
PowerDVD
PowerISO
PrintScreen
Python 2.5
Q-Xpress Installer 1.1.9
QFolder
QuickProjects
QuickTime
Real Alternative 1.8.0
SearchAssist
SecureCRT 5.5.1
SecureW2 TTLS Client 3.2.0 for Windows 2K/XP
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SkinsHP1
Skype™ 4.1
Sonic Activation Module
SoulSeek Client 156c
SoundMAX
Spybot - Search & Destroy
SQL Server System CLR Types
Star Wars: The Force Unleashed
StarCraft
Steam
Sun GlassFish Enterprise Server v2.1
Sun GlassFish Enterprise Server v3 Prelude
Sygate Personal Firewall
Symantec AntiVirus
System Requirements Lab
TBS WMP Plug-in
TES Construction Set
TortoiseSVN 1.5.0.13316 (32 bit)
TrayApp
Uniblue SpeedUpMyPC 2009
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Vampire - Bloodlines
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
Warcraft III: All Products
WebFldrs XP
WebReg
Windows Automatic Update Service (WAUS)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Presentation Foundation
Windows XP Service Pack 3
WinPcap 4.1.1
wxPython 2.8.7.1 (ansi) for Python 2.5
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

4/30/2010 11:34:43 PM, error: Serial [45] - The serial driver detected a hardware failure on device \Device\Serial0 and will disable this device.

==== End Of File ===========================


DDS (Ver_10-03-17.01) - NTFSx86
Run by Psybernetic at 0:36:15.50 on Mon 05/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1062 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\java.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\GNU\GnuPG\gpg-agent.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\mozilla.org\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Psybernetic\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5071020
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [DS3 Tool] c:\program files\motioninjoy\ds3\DS3_Tool.exe -mini
uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [PMX Daemon] ICO.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\acrobat 8.1\reader\Reader_sl.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\microsoft office\office12\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: NameServer = 93.188.163.170,93.188.166.58
TCP: {E77D028A-76B7-4915-9B4E-11E747B17E32} = 93.188.163.170,93.188.166.58
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: MIT_KFW -
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: WB - c:\program files\alienguise\fastload.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {439113CE-2797-47E8-BA3D-03F300777207} - "c:\program files\hummingbird\connectivity\13.00\accessories\HumSettings.exe" INSTALL=ALL NoFreeWhenWOW64=1 LOGGINGLEVEL=5
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\psyber~1\applic~1\mozilla\firefox\profiles\x6xr40ns.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\psybernetic\application data\mozilla\firefox\profiles\x6xr40ns.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\psybernetic\application data\mozilla\firefox\profiles\x6xr40ns.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\documents and settings\psybernetic\application data\mozilla\firefox\profiles\x6xr40ns.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\psybernetic\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\psybernetic\application data\mozilla\firefox\profiles\x6xr40ns.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\psybernetic\application data\mozilla\firefox\profiles\x6xr40ns.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla.org\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla.org\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla.org\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R2 DirMngr;DirMngr;c:\program files\gnu\gnupg\dirmngr.exe [2010-4-12 242176]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2008-8-17 217088]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-10-20 2525720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-29 102448]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-4-24 115312]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-2-16 48128]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100502.005\naveng.sys [2010-5-2 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100502.005\navex15.sys [2010-5-2 1324720]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-3-27 14424]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 hpdj00;hpdj00;c:\docume~1\psyber~1\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=hp photosmart 2600 series -product=aio --> c:\docume~1\psyber~1\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=HP Photosmart 2600 series -product=aio [?]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-1-23 42832]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1228208]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]
S3 shspusb;Samsung High Speed USB Driver disks;c:\windows\system32\drivers\hspusb.sys --> c:\windows\system32\drivers\HSPUSB.sys [?]
S4 vsdatant;vsdatant; [x]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-04-30 06:56:31 21 ----a-w- c:\windows\S.dirmngr
2010-04-30 05:51:14 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-30 05:40:05 0 d-----w- c:\program files\TrendMicro
2010-04-29 14:31:44 0 d-----w- c:\docume~1\psyber~1\applic~1\gnupg
2010-04-29 14:31:43 0 d-----w- c:\docume~1\alluse~1\applic~1\GNU
2010-04-29 14:31:30 0 d-----w- c:\program files\GNU
2010-04-29 01:17:35 0 d-----w- c:\program files\iPod
2010-04-29 01:13:29 0 d-----w- c:\program files\Bonjour
2010-04-20 18:08:24 222958020 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 14-08-24).dump
2010-04-20 18:02:51 19477596 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 14-02-51).dump
2010-04-20 17:57:18 236519688 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-57-18).dump
2010-04-20 17:56:29 12 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-56-29).dump
2010-04-20 17:55:42 10809948 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-55-42).dump
2010-04-20 17:53:37 129460692 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-53-37).dump
2010-04-20 17:52:11 23710872 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-52-11).dump
2010-04-20 17:49:58 167453472 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-49-58).dump
2010-04-20 17:30:46 36022872 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-30-46).dump
2010-04-20 17:27:54 35844348 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-27-54).dump
2010-04-10 15:30:39 0 d-----w- c:\program files\Download Manager
2010-04-10 14:37:40 0 d-----w- c:\program files\Star Wars The Force Unleashed
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

==================== Find3M ====================

2010-04-03 04:05:30 915530 ----a-w- C:\appbckp2.reg
2010-04-03 04:05:30 346 ----a-w- C:\appbckp1.reg
2010-03-28 23:58:53 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2010-03-28 04:52:35 122581 -c--a-w- c:\windows\War3Unin.dat
2010-03-16 07:37:50 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 07:37:50 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 07:37:50 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 07:37:50 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 07:37:50 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 07:37:44 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-12 15:26:36 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-02-04 15:01:14 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 15:01:14 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 15:01:14 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 15:01:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2008-07-06 02:38:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070520080706\index.dat

============= FINISH: 0:36:29.12 ===============
 
Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).



After that:

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
ComboFix:

ComboFix 10-05-05.0D - Psybernetic 05/06/2010 15:52:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1290 [GMT -4:00]
Running from: c:\documents and settings\Psybernetic\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\install.exe
c:\program files\CustomXML\customxml.log
c:\program files\CustomXML\ProtectionDll.dll
c:\program files\CustomXML\rules.dat
c:\program files\CustomXML\TrafficDll.dll
c:\windows\pthreadGC2.dll

----- BITS: Possible infected sites -----

hxxp://sus.isc.upenn.edu
.
((((((((((((((((((((((((( Files Created from 2010-04-06 to 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-05-04 22:52 . 2010-05-04 22:52 -------- d-----w- C:\psybernetic
2010-05-04 22:51 . 2010-05-04 22:51 -------- d-----w- C:\Documents
2010-05-04 21:40 . 2010-05-04 22:09 -------- d-----w- c:\program files\NetBeans 6.8
2010-05-04 21:13 . 2010-05-04 23:12 -------- d-----w- C:\cygwin
2010-05-03 09:23 . 2010-05-03 09:23 3153 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2010-05-03 06:41 . 2010-05-04 05:30 -------- d-----w- c:\program files\sges-v3
2010-05-03 04:31 . 2010-05-03 04:32 -------- d-----w- c:\program files\ERUNT
2010-05-03 04:26 . 2010-05-03 04:26 -------- d-----w- c:\documents and settings\Psybernetic\Local Settings\Application Data\Cooliris
2010-05-03 04:25 . 2010-02-25 23:04 57856 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-05-03 04:25 . 2010-02-25 23:04 545280 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-05-03 04:25 . 2010-02-25 23:04 4689408 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-05-03 04:25 . 2010-02-25 23:04 425984 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-05-03 04:25 . 2010-02-25 23:04 153088 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-05-03 04:25 . 2010-02-25 23:04 103424 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-05-02 17:50 . 2010-05-02 17:50 -------- d-----w- c:\documents and settings\Psybernetic\Local Settings\Application Data\Help
2010-04-30 05:51 . 2010-04-30 05:51 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-30 05:40 . 2010-04-30 05:40 388096 ----a-r- c:\documents and settings\Psybernetic\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-30 05:40 . 2010-04-30 05:40 -------- d-----w- c:\program files\TrendMicro
2010-04-29 14:31 . 2010-04-29 14:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\GNU
2010-04-29 14:31 . 2010-04-29 14:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\gnupg
2010-04-29 14:31 . 2010-05-06 07:16 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\gnupg
2010-04-29 14:31 . 2010-04-29 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\GNU
2010-04-29 14:31 . 2010-04-29 14:31 -------- d-----w- c:\program files\GNU
2010-04-29 06:50 . 2009-11-25 10:48 184320 ----a-w- c:\documents and settings\Psybernetic\Application Data\Thunderbird\Profiles\7blnaouh.default\extensions\{847b3a00-7ab1-11d4-8f02-006008948af5}\platform\WINNT_x86-msvc\components\enigmime-x86-msvc.dll
2010-04-29 05:59 . 2009-09-18 13:28 421888 ----a-w- c:\documents and settings\Psybernetic\Application Data\Thunderbird\Profiles\7blnaouh.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2010-04-29 05:04 . 2010-04-29 05:04 -------- d-----w- c:\documents and settings\Psybernetic\Local Settings\Application Data\Thunderbird
2010-04-29 05:04 . 2010-04-29 05:04 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\Thunderbird
2010-04-29 01:17 . 2010-04-29 01:17 -------- d-----w- c:\program files\iPod
2010-04-29 01:13 . 2010-04-29 01:13 -------- d-----w- c:\program files\Bonjour
2010-04-29 01:11 . 2010-04-29 01:11 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.11\SetupAdmin.exe
2010-04-10 15:30 . 2010-04-10 15:30 -------- d-----w- c:\program files\Download Manager
2010-04-10 14:37 . 2010-05-04 21:15 -------- d-----w- c:\program files\Star Wars The Force Unleashed
2010-04-10 07:12 . 2010-04-10 07:12 85504 ----a-w- c:\documents and settings\Psybernetic\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 19:58 . 2009-06-30 03:10 -------- d-----w- c:\program files\CustomXML
2010-05-06 19:50 . 2007-10-25 18:57 -------- d-----w- c:\program files\Symantec AntiVirus
2010-05-06 19:46 . 2010-02-25 02:33 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\uTorrent
2010-05-06 19:16 . 2010-03-27 19:20 -------- d-----w- c:\program files\PeerBlock
2010-05-06 05:44 . 2010-02-16 21:11 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\vlc
2010-05-06 04:55 . 2007-10-25 19:09 -------- d-----w- c:\program files\Warcraft III
2010-05-03 10:40 . 2008-02-25 19:23 -------- d-----w- c:\program files\Soulseek
2010-05-03 09:22 . 2008-03-23 18:57 534904 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-05-03 06:09 . 2007-10-25 18:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-03 05:58 . 2010-03-17 02:54 1159112 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-02 18:26 . 2008-02-28 00:40 -------- d-----w- c:\program files\EphPod
2010-05-02 17:50 . 2010-01-20 04:37 -------- d-----w- c:\program files\StarCraft
2010-04-29 02:55 . 2007-10-26 15:20 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\.purple
2010-04-29 01:18 . 2009-11-01 08:17 -------- d-----w- c:\program files\iTunes
2010-04-29 01:17 . 2007-10-25 19:10 -------- d-----w- c:\program files\Common Files\Apple
2010-04-28 20:37 . 2008-10-21 22:25 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-10 15:41 . 2007-10-25 23:31 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\IGN_DLM
2010-04-10 07:13 . 2008-03-06 03:52 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-10 07:12 . 2008-03-06 03:52 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\SystemRequirementsLab
2010-04-09 03:15 . 2007-10-25 23:20 -------- d-----w- c:\program files\Electronic Arts
2010-04-07 07:58 . 2010-01-27 02:21 -------- d-----w- c:\program files\Mass Effect 2
2010-04-07 03:56 . 2007-11-29 03:46 -------- d-----w- c:\program files\IncGamers Client
2010-04-03 23:23 . 2010-04-03 23:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23 . 2010-04-03 23:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23 . 2010-04-03 23:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23 . 2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23 . 2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22 . 2010-04-03 23:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 04:05 . 2010-04-03 04:05 915530 ----a-w- C:\appbckp2.reg
2010-04-03 04:05 . 2010-04-03 04:05 346 ----a-w- C:\appbckp1.reg
2010-04-02 20:54 . 2008-10-21 22:27 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-04-01 00:59 . 2010-04-01 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-01 00:56 . 2009-06-02 03:38 -------- d-----w- c:\program files\QuickTime
2010-03-29 01:59 . 2010-03-29 00:40 -------- d-----w- c:\program files\Dragon Age
2010-03-29 01:40 . 2009-11-05 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare
2010-03-29 00:59 . 2009-02-23 03:18 -------- d-----w- c:\program files\Common Files\BioWare
2010-03-28 21:50 . 2007-10-25 19:27 -------- d-----w- c:\program files\Lavasoft
2010-03-28 21:50 . 2010-03-28 21:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-28 21:50 . 2007-10-25 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-28 04:52 . 2007-10-25 19:12 122581 -c--a-w- c:\windows\War3Unin.dat
2010-03-27 06:13 . 2010-03-27 06:13 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\NVIDIA
2010-03-27 05:50 . 2008-08-31 02:12 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-27 05:39 . 2007-10-25 19:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-27 01:13 . 2007-12-11 09:18 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\dvdcss
2010-03-26 21:34 . 2009-01-19 10:30 -------- d-----w- c:\program files\CCleaner
2010-03-26 01:45 . 2008-03-08 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-24 02:29 . 2010-03-24 02:29 1201 ----a-w- c:\documents and settings\Psybernetic\Application Data\.purple\certificates\x509\tls_peers\login.facebook.com
2010-03-24 02:29 . 2007-10-26 15:19 -------- d-----w- c:\program files\Pidgin
2010-03-24 00:41 . 2010-03-24 00:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{DE032019-B933-4DF4-9174-48C52613DA13}
2010-03-24 00:41 . 2010-03-24 00:41 -------- d-----w- c:\program files\Stardock
2010-03-20 09:27 . 2010-03-20 09:27 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\Command and Conquer 4
2010-02-26 01:23 . 2010-02-26 01:23 2157 ----a-w- c:\documents and settings\Psybernetic\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2010-02-21 18:45 . 2007-10-20 04:42 305176 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-02-18 06:25 . 2010-02-18 06:25 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-16 20:12 . 2010-02-16 20:12 12862 ----a-r- c:\documents and settings\Psybernetic\Application Data\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2010-01-19 77824]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-02-24 1771320]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"="ICO.EXE" [2007-03-08 49152]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2008-07-14 408088]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1044480]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-28 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-28 137752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Acrobat 8.1\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-6 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 03:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-24 21:54 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_06\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_06\\jre\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\TlkEdit.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Documents and Settings\\Psybernetic\\Local Settings\\Apps\\2.0\\E9LZ54J8.5V7\\3WNDY9LK.OWZ\\curs..tion_eee711038731a406_0004.0000_1430d97334050788\\CurseClient.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [1/23/2007 3:58 AM 133968]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]
R2 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [8/17/2008 4:40 AM 217088]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [10/20/2007 12:57 AM 2525720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/5/2010 8:02 PM 102448]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [4/24/2008 5:22 AM 115312]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/26/2007 11:52 AM 685816]
S2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [4/12/2010 4:19 PM 242176]
S2 hpdj00;hpdj00;c:\docume~1\PSYBER~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Photosmart 2600 series -product=aio --> c:\docume~1\PSYBER~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Photosmart 2600 series -product=aio [?]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [1/23/2007 3:45 AM 42832]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 4:07 PM 25832]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1228208]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2/16/2010 6:30 PM 48128]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [3/27/2010 3:20 PM 14424]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416]
S3 shspusb;Samsung High Speed USB Driver disks;c:\windows\system32\DRIVERS\HSPUSB.sys --> c:\windows\system32\DRIVERS\HSPUSB.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{439113CE-2797-47E8-BA3D-03F300777207}]
2007-04-29 07:24 99960 ----a-w- c:\program files\Hummingbird\Connectivity\13.00\Accessories\HumSettings.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52]

2010-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Psybernetic\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\mozilla.org\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla.org\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-PeerGuardian - c:\program files\PeerGuardian2\pg2.exe
HKLM-Run-nwiz - nwiz.exe
Notify-AtiExtEvent - (no file)
Notify-MIT_KFW - (no file)
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-{A1062847-0846-427A-92A1-BB8251A91E91} - c:\program files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe
AddRemove-Dragon Age Awakening Redesigned© - c:\documents and settings\Psybernetic\My Documents\BioWare\Dragon Age\packages\core\override\Dragon Age Redesigned\Uninstall Dracomies True textures.exe
AddRemove-Dragon Age Redesigned Oghren© - c:\documents and settings\Psybernetic\My Documents\BioWare\Dragon Age\packages\core\override\Uninstall Oghren.exe
AddRemove-Dragon Age Redesigned © Morrigan - c:\documents and settings\Psybernetic\My Documents\BioWare\Dragon Age\packages\core\override\Uninstall Morrigan.exe
AddRemove-Dragon Age Redesigned© - c:\documents and settings\Psybernetic\My Documents\BioWare\Dragon Age\packages\core\override\Uninstall Recommended settings.exe
AddRemove-Dragon Age Redesigned© Zevran - c:\documents and settings\Psybernetic\My Documents\BioWare\Dragon Age\packages\core\override\Uninstall Zevran.exe
AddRemove-Dragon Age Redesigned© Leliana - c:\documents and settings\Psybernetic\My Documents\BioWare\Dragon Age\packages\core\override\Uninstall Leliana.exe
AddRemove-Dragon Age Redesigned© Sten - c:\documents and settings\Psybernetic\My Documents\BioWare\Dragon Age\packages\core\override\Uninstall Sten.exe
AddRemove-Dragon Age Redesigned© Wynne - c:\documents and settings\Psybernetic\My Documents\BioWare\Dragon Age\packages\core\override\Uninstall Wynne.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 15:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1319632398-1721202201-1800976716-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-1319632398-1721202201-1800976716-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:74,9b,77,e2,45,16,83,de,c4,1b,5e,7f,ce,3d,ce,6b,d1,cf,f7,b9,64,af,a5,
2f,5e,85,5f,2c,9f,6b,a6,b8,fc,d6,6a,57,86,ba,8c,82,13,fe,5c,cb,9f,b7,02,8d,\
"??"=hex:b1,a4,78,21,28,c1,dc,09,78,f7,04,71,e1,18,cd,d3

[HKEY_USERS\S-1-5-21-1319632398-1721202201-1800976716-1005\Software\SecuROM\License information*]
"datasecu"=hex:80,26,1e,35,95,80,db,a6,e0,dd,0b,a1,0f,0c,d4,9e,e8,10,78,70,d4,
69,d9,d9,fb,7a,c1,58,02,40,70,8e,41,3f,7e,47,b5,71,91,ac,1d,8f,77,a3,6f,81,\
"rkeysecu"=hex:ea,49,9a,8c,77,23,c6,1b,d2,3a,4a,6e,79,a1,43,3f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\AlienGUIse\fastload.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-05-06 16:00:54
ComboFix-quarantined-files.txt 2010-05-06 20:00

Pre-Run: 38,104,272,896 bytes free
Post-Run: 38,256,226,304 bytes free

- - End Of File - - DB6E29570BA90599ED7288A7F05760E3

DDS:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Psybernetic at 16:22:46.23 on Thu 05/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1176 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\java.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.1\Reader\Reader_sl.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Psybernetic\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [DS3 Tool] c:\program files\motioninjoy\ds3\DS3_Tool.exe -mini
uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\acrobat 8.1\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\microsoft office\office12\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: WB - c:\program files\alienguise\fastload.dll
AppInit_DLLs: c:\windows\system32\wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {439113CE-2797-47E8-BA3D-03F300777207} - "c:\program files\hummingbird\connectivity\13.00\accessories\HumSettings.exe" INSTALL=ALL NoFreeWhenWOW64=1 LOGGINGLEVEL=5
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\psyber~1\applic~1\mozilla\firefox\profiles\x6xr40ns.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\psybernetic\application data\mozilla\firefox\profiles\x6xr40ns.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\psybernetic\application data\mozilla\firefox\profiles\x6xr40ns.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\documents and settings\psybernetic\application data\mozilla\firefox\profiles\x6xr40ns.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\psybernetic\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\psybernetic\application data\mozilla\firefox\profiles\x6xr40ns.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\psybernetic\application data\mozilla\firefox\profiles\x6xr40ns.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla.org\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla.org\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla.org\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R2 DirMngr;DirMngr;c:\program files\gnu\gnupg\dirmngr.exe [2010-4-12 242176]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2008-8-17 217088]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-10-20 2525720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-5 102448]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-4-24 115312]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100505.004\naveng.sys [2010-5-5 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100505.004\navex15.sys [2010-5-5 1324720]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-3-27 14424]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 hpdj00;hpdj00;c:\docume~1\psyber~1\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=hp photosmart 2600 series -product=aio --> c:\docume~1\psyber~1\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=HP Photosmart 2600 series -product=aio [?]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-1-23 42832]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1228208]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-2-16 48128]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]
S3 shspusb;Samsung High Speed USB Driver disks;c:\windows\system32\drivers\hspusb.sys --> c:\windows\system32\drivers\HSPUSB.sys [?]
S4 vsdatant;vsdatant; [x]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-05-06 19:50:44 98816 ----a-w- c:\windows\sed.exe
2010-05-06 19:50:44 77312 ----a-w- c:\windows\MBR.exe
2010-05-06 19:50:44 256512 ----a-w- c:\windows\PEV.exe
2010-05-06 19:50:44 161792 ----a-w- c:\windows\SWREG.exe
2010-05-06 19:49:41 21 ----a-w- c:\windows\S.dirmngr
2010-05-04 22:52:19 0 d-----w- C:\psybernetic
2010-05-04 22:51:38 0 d-----w- C:\Documents
2010-05-04 22:48:14 36999 ----a-w- c:\documents and settings\psybernetic\peerblock.dmp
2010-05-04 21:40:10 0 d-----w- c:\program files\NetBeans 6.8
2010-05-04 21:13:14 0 d-----w- C:\cygwin
2010-05-03 09:23:21 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.bmp
2010-05-03 09:23:21 3153 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2010-05-03 06:41:24 0 d-----w- c:\program files\sges-v3
2010-04-30 05:51:14 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-30 05:40:05 0 d-----w- c:\program files\TrendMicro
2010-04-29 14:31:44 0 d-----w- c:\docume~1\psyber~1\applic~1\gnupg
2010-04-29 14:31:43 0 d-----w- c:\docume~1\alluse~1\applic~1\GNU
2010-04-29 14:31:30 0 d-----w- c:\program files\GNU
2010-04-29 01:17:35 0 d-----w- c:\program files\iPod
2010-04-29 01:13:29 0 d-----w- c:\program files\Bonjour
2010-04-20 18:08:24 222958020 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 14-08-24).dump
2010-04-20 18:02:51 19477596 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 14-02-51).dump
2010-04-20 17:57:18 236519688 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-57-18).dump
2010-04-20 17:56:29 12 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-56-29).dump
2010-04-20 17:55:42 10809948 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-55-42).dump
2010-04-20 17:53:37 129460692 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-53-37).dump
2010-04-20 17:52:11 23710872 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-52-11).dump
2010-04-20 17:49:58 167453472 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-49-58).dump
2010-04-20 17:30:46 36022872 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-30-46).dump
2010-04-20 17:27:54 35844348 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-27-54).dump
2010-04-10 15:30:39 0 d-----w- c:\program files\Download Manager
2010-04-10 14:37:40 0 d-----w- c:\program files\Star Wars The Force Unleashed
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

==================== Find3M ====================

2010-05-03 09:22:53 534904 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-04-03 23:23:18 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23:16 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23:16 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 04:05:30 915530 ----a-w- C:\appbckp2.reg
2010-04-03 04:05:30 346 ----a-w- C:\appbckp1.reg
2010-04-02 20:54:38 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-28 23:58:53 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2010-03-28 04:52:35 122581 -c--a-w- c:\windows\War3Unin.dat
2008-07-06 02:38:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070520080706\index.dat
 
I forgot to mention above that I tried to get the recovery console, but since I apparently can't connect to Microsoft's download site, I couldn't get it.
 
Please run ComboFix again and let it try to install recovery console.
 
It's giving me an error saying I'm not connected to the internet, but I know that the machine is hooked up. I have all firewalls, antivirus, and other such programs disabled.

The speed issue and not being able to connect to the Spybot and Microsoft updaters seems to be resolved, however..

On a side note, do you happen to know how I can get the link to "My Documents" in "My Computer" to go to the correct directory, by any chance? That also seems to have been an effect of the trojan, and it hasn't been resolved.
 
Hi,

Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the quote box into a new file:

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
ping -n 2 google.com
route print
)
start Log1.txt
del %0
Click to expand...

  • Go to the File menu at the top of the Notepad and select Save as.
  • Select save in: desktop
  • Fill in File name: test.bat
  • Save as type: All file types (*.*)
  • Click save.
  • Close the Notepad.
  • Locate and double-click tast.bat on the desktop.
  • A notepad opens, copy and paste the content it (log1.txt) to your reply.
 
IPCONFIG log

Windows IP Configuration



Host Name . . . . . . . . . . . . : Mars

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.mi.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.mi.comcast.net.

Description . . . . . . . . . . . : Intel(R) 82566DM-2 Gigabit Network Connection

Physical Address. . . . . . . . . : 00-1A-A0-DA-F1-62

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::21a:a0ff:feda:f162%4

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.87.77.134

68.87.72.134

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : Friday, May 07, 2010 1:29:55 PM

Lease Expires . . . . . . . . . . : Saturday, May 08, 2010 1:29:55 PM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-FB-F6-E7-F4-48-54

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 2001:0:4137:9e76:0:fbf6:e7f4:4854

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : hsd1.mi.comcast.net.

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-66

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.102%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: cns.westlandrdc.mi.michigan.comcast.net
Address: 68.87.77.134

Name: google.com
Addresses: 209.85.225.105, 209.85.225.147, 209.85.225.99, 209.85.225.104
209.85.225.103, 209.85.225.106



Pinging google.com [209.85.225.99] with 32 bytes of data:



Reply from 209.85.225.99: bytes=32 time=2103ms TTL=52

Reply from 209.85.225.99: bytes=32 time=50ms TTL=52



Ping statistics for 209.85.225.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 50ms, Maximum = 2103ms, Average = 1076ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1a a0 da f1 62 ...... Intel(R) 82566DM-2 Gigabit Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.102 192.168.1.102 20
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 20
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 20
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 20
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
Click to expand...
 
Hi,

Do you have other system which you could use to download this file and then transfer it to infected system's desktop? Please do so and then drag 'n' drop the file to ComboFix.exe (disable antivirus protection first).
 
Sygate was set to allow all, causing Windows to yell at me for not having an enabled firewall for this scan.

ComboFix 10-05-08.03 - Psybernetic 05/09/2010 12:42:06.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1021 [GMT -4:00]
Running from: c:\documents and settings\Psybernetic\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Psybernetic\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Psybernetic\Application Data\PnkBstrK.sys

.
((((((((((((((((((((((((( Files Created from 2010-04-09 to 2010-05-09 )))))))))))))))))))))))))))))))
.

2010-05-09 16:16 . 2010-05-09 16:16 -------- d-----w- C:\Python26
2010-05-09 15:50 . 2010-05-09 15:50 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\Blender Foundation
2010-05-09 15:50 . 2010-05-09 15:50 -------- d-----w- c:\program files\Blender Foundation
2010-05-07 18:22 . 2010-05-07 18:22 503808 ----a-w- c:\documents and settings\Psybernetic\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6016cd4d-n\msvcp71.dll
2010-05-07 18:22 . 2010-05-07 18:22 499712 ----a-w- c:\documents and settings\Psybernetic\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6016cd4d-n\jmc.dll
2010-05-07 18:22 . 2010-05-07 18:22 348160 ----a-w- c:\documents and settings\Psybernetic\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6016cd4d-n\msvcr71.dll
2010-05-07 18:22 . 2010-05-07 18:22 61440 ----a-w- c:\documents and settings\Psybernetic\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-55ec4db5-n\decora-sse.dll
2010-05-07 18:22 . 2010-05-07 18:22 12800 ----a-w- c:\documents and settings\Psybernetic\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-55ec4db5-n\decora-d3d.dll
2010-05-07 18:22 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-07 18:15 . 2010-05-07 18:15 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-07 18:15 . 2010-05-07 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-05-07 18:12 . 2004-03-13 11:43 135249 ----a-w- c:\windows\system32\hpzlnt10.dll
2010-05-07 18:11 . 2004-04-12 11:10 90112 ----a-r- c:\windows\system32\hpovst08.dll
2010-05-07 18:03 . 2010-05-07 18:23 104661 ----a-w- c:\windows\hpoins04.dat
2010-05-07 18:03 . 2004-06-21 10:14 17176 ------w- c:\windows\hpomdl04.dat
2010-05-07 02:14 . 2010-05-07 02:14 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-07 02:14 . 2010-05-07 02:11 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-07 02:14 . 2010-05-07 02:11 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-07 02:14 . 2008-04-22 06:08 123552 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-05-07 02:14 . 2008-03-05 22:22 122054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe
2010-05-07 02:13 . 2010-05-07 02:13 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-07 02:13 . 2008-04-22 06:08 123552 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Codec\DivXCodecUninstall.exe
2010-05-07 02:13 . 2010-05-07 02:13 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-07 02:13 . 2010-05-07 02:13 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-07 02:13 . 2010-05-07 02:13 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-07 02:13 . 2010-05-07 02:13 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-07 02:12 . 2010-05-07 02:12 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-07 02:11 . 2010-05-07 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-07 00:54 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-07 00:24 . 2010-05-07 00:24 866224 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-05-07 00:24 . 2010-05-07 00:24 871320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-05-07 00:24 . 2010-05-07 00:24 1598464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-05-07 00:24 . 2010-05-07 00:24 755096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-05-07 00:24 . 2010-05-07 00:24 834248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-05-07 00:24 . 2010-05-07 00:24 1285864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-05-06 21:26 . 2010-05-06 21:26 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\Windows Desktop Search
2010-05-06 20:39 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-05-04 22:51 . 2010-05-04 22:51 -------- d-----w- C:\Documents
2010-05-04 21:40 . 2010-05-04 22:09 -------- d-----w- c:\program files\NetBeans 6.8
2010-05-04 21:13 . 2010-05-04 23:12 -------- d-----w- C:\cygwin
2010-05-03 09:23 . 2010-05-03 09:23 3153 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2010-05-03 06:41 . 2010-05-04 05:30 -------- d-----w- c:\program files\sges-v3
2010-05-03 04:31 . 2010-05-03 04:32 -------- d-----w- c:\program files\ERUNT
2010-05-03 04:26 . 2010-05-03 04:26 -------- d-----w- c:\documents and settings\Psybernetic\Local Settings\Application Data\Cooliris
2010-05-03 04:25 . 2010-02-25 23:04 57856 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-05-03 04:25 . 2010-02-25 23:04 545280 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-05-03 04:25 . 2010-02-25 23:04 4689408 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-05-03 04:25 . 2010-02-25 23:04 425984 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-05-03 04:25 . 2010-02-25 23:04 153088 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-05-03 04:25 . 2010-02-25 23:04 103424 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-05-02 17:50 . 2010-05-02 17:50 -------- d-----w- c:\documents and settings\Psybernetic\Local Settings\Application Data\Help
2010-04-30 05:51 . 2010-04-30 05:51 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-30 05:40 . 2010-04-30 05:40 388096 ----a-r- c:\documents and settings\Psybernetic\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-30 05:40 . 2010-04-30 05:40 -------- d-----w- c:\program files\TrendMicro
2010-04-29 14:31 . 2010-04-29 14:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\GNU
2010-04-29 14:31 . 2010-04-29 14:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\gnupg
2010-04-29 14:31 . 2010-05-06 20:25 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\gnupg
2010-04-29 14:31 . 2010-04-29 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\GNU
2010-04-29 14:31 . 2010-04-29 14:31 -------- d-----w- c:\program files\GNU
2010-04-29 06:50 . 2009-11-25 10:48 184320 ----a-w- c:\documents and settings\Psybernetic\Application Data\Thunderbird\Profiles\7blnaouh.default\extensions\{847b3a00-7ab1-11d4-8f02-006008948af5}\platform\WINNT_x86-msvc\components\enigmime-x86-msvc.dll
2010-04-29 05:59 . 2009-09-18 13:28 421888 ----a-w- c:\documents and settings\Psybernetic\Application Data\Thunderbird\Profiles\7blnaouh.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2010-04-29 05:04 . 2010-04-29 05:04 -------- d-----w- c:\documents and settings\Psybernetic\Local Settings\Application Data\Thunderbird
2010-04-29 05:04 . 2010-04-29 05:04 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\Thunderbird
2010-04-29 01:17 . 2010-04-29 01:17 -------- d-----w- c:\program files\iPod
2010-04-29 01:13 . 2010-04-29 01:13 -------- d-----w- c:\program files\Bonjour
2010-04-29 01:11 . 2010-04-29 01:11 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.11\SetupAdmin.exe
2010-04-10 15:30 . 2010-04-10 15:30 -------- d-----w- c:\program files\Download Manager
2010-04-10 07:12 . 2010-04-10 07:12 85504 ----a-w- c:\documents and settings\Psybernetic\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 16:22 . 2007-10-25 18:57 -------- d-----w- c:\program files\Symantec AntiVirus
2010-05-09 16:22 . 2008-10-21 22:25 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-09 16:19 . 2010-02-25 02:33 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\uTorrent
2010-05-09 07:20 . 2010-02-16 21:11 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\vlc
2010-05-09 03:26 . 2010-03-27 19:20 -------- d-----w- c:\program files\PeerBlock
2010-05-08 05:49 . 2007-10-25 19:09 -------- d-----w- c:\program files\Warcraft III
2010-05-08 02:49 . 2007-10-31 08:27 -------- d-----w- c:\program files\Guild Wars
2010-05-07 18:22 . 2007-10-20 04:54 -------- d-----w- c:\program files\Common Files\Java
2010-05-07 18:22 . 2007-10-20 04:54 -------- d-----w- c:\program files\Java
2010-05-07 18:15 . 2009-10-30 04:04 -------- d-----w- c:\program files\HP
2010-05-07 18:09 . 2007-11-10 12:24 -------- d-----w- c:\program files\DivX
2010-05-07 02:12 . 2009-05-06 01:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-06 21:45 . 2007-10-25 23:18 -------- d-----w- c:\program files\Windows Desktop Search
2010-05-06 20:44 . 2008-03-08 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-03 10:40 . 2008-02-25 19:23 -------- d-----w- c:\program files\Soulseek
2010-05-03 09:22 . 2008-03-23 18:57 534904 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-05-03 06:09 . 2007-10-25 18:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-02 18:26 . 2008-02-28 00:40 -------- d-----w- c:\program files\EphPod
2010-05-02 17:50 . 2010-01-20 04:37 -------- d-----w- c:\program files\StarCraft
2010-04-29 02:55 . 2007-10-26 15:20 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\.purple
2010-04-29 01:18 . 2009-11-01 08:17 -------- d-----w- c:\program files\iTunes
2010-04-29 01:17 . 2007-10-25 19:10 -------- d-----w- c:\program files\Common Files\Apple
2010-04-10 15:41 . 2007-10-25 23:31 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\IGN_DLM
2010-04-10 07:13 . 2008-03-06 03:52 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-10 07:12 . 2008-03-06 03:52 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\SystemRequirementsLab
2010-04-09 03:15 . 2007-10-25 23:20 -------- d-----w- c:\program files\Electronic Arts
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-07 07:58 . 2010-01-27 02:21 -------- d-----w- c:\program files\Mass Effect 2
2010-04-07 03:56 . 2007-11-29 03:46 -------- d-----w- c:\program files\IncGamers Client
2010-04-03 23:23 . 2010-04-03 23:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23 . 2010-04-03 23:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23 . 2010-04-03 23:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23 . 2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23 . 2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22 . 2010-04-03 23:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 04:05 . 2010-04-03 04:05 915530 ----a-w- C:\appbckp2.reg
2010-04-03 04:05 . 2010-04-03 04:05 346 ----a-w- C:\appbckp1.reg
2010-04-02 20:54 . 2008-10-21 22:27 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-04-01 00:59 . 2010-04-01 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-01 00:56 . 2009-06-02 03:38 -------- d-----w- c:\program files\QuickTime
2010-03-29 01:59 . 2010-03-29 00:40 -------- d-----w- c:\program files\Dragon Age
2010-03-29 01:40 . 2009-11-05 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare
2010-03-29 00:59 . 2009-02-23 03:18 -------- d-----w- c:\program files\Common Files\BioWare
2010-03-28 21:50 . 2007-10-25 19:27 -------- d-----w- c:\program files\Lavasoft
2010-03-28 21:50 . 2010-03-28 21:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-28 21:50 . 2007-10-25 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-28 04:52 . 2007-10-25 19:12 122581 -c--a-w- c:\windows\War3Unin.dat
2010-03-27 06:13 . 2010-03-27 06:13 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\NVIDIA
2010-03-27 05:50 . 2008-08-31 02:12 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-27 05:39 . 2007-10-25 19:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-27 01:13 . 2007-12-11 09:18 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\dvdcss
2010-03-26 21:34 . 2009-01-19 10:30 -------- d-----w- c:\program files\CCleaner
2010-03-24 02:29 . 2010-03-24 02:29 1201 ----a-w- c:\documents and settings\Psybernetic\Application Data\.purple\certificates\x509\tls_peers\login.facebook.com
2010-03-24 02:29 . 2007-10-26 15:19 -------- d-----w- c:\program files\Pidgin
2010-03-24 00:41 . 2010-03-24 00:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{DE032019-B933-4DF4-9174-48C52613DA13}
2010-03-24 00:41 . 2010-03-24 00:41 -------- d-----w- c:\program files\Stardock
2010-03-20 09:27 . 2010-03-20 09:27 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\Command and Conquer 4
2010-03-20 01:52 . 2010-03-20 01:52 2145280 ----a-w- c:\windows\system32\python26.dll
2010-03-10 06:15 . 2004-08-11 21:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-26 01:23 . 2010-02-26 01:23 2157 ----a-w- c:\documents and settings\Psybernetic\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2010-02-25 06:24 . 2004-08-11 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-11 21:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-21 18:45 . 2007-10-20 04:42 305176 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-02-18 06:25 . 2010-02-18 06:25 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-16 20:12 . 2010-02-16 20:12 12862 ----a-r- c:\documents and settings\Psybernetic\Application Data\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2010-02-16 14:08 . 2004-08-11 21:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 02:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-11 21:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-11 21:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-05-07_05.21.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-09 16:21 . 2010-05-09 16:21 16384 c:\windows\Temp\Perflib_Perfdata_674.dat
+ 2004-03-23 08:05 . 2004-03-23 08:05 61440 c:\windows\system32\spool\drivers\w32x86\3\hpztbi10.dll
+ 2004-03-23 08:04 . 2004-03-23 08:04 69632 c:\windows\system32\spool\drivers\w32x86\3\hpzflt10.dll
+ 2010-02-22 21:56 . 2004-04-12 11:10 36864 c:\windows\system32\spool\drivers\w32x86\3\hpofax08.dll
+ 2009-10-30 04:06 . 2004-03-18 20:39 57344 c:\windows\system32\HPZisn12.dll
- 2009-10-30 04:06 . 2004-03-18 21:39 57344 c:\windows\system32\HPZisn12.dll
- 2009-10-30 04:06 . 2004-03-18 21:39 94208 c:\windows\system32\HPZipt12.dll
+ 2009-10-30 04:06 . 2004-03-18 20:39 94208 c:\windows\system32\HPZipt12.dll
- 2009-10-30 04:06 . 2004-03-18 21:55 65536 c:\windows\system32\HPZipm12.exe
+ 2009-10-30 04:06 . 2004-03-18 20:55 65536 c:\windows\system32\HPZipm12.exe
+ 2009-10-30 04:06 . 2004-03-18 20:38 61440 c:\windows\system32\HPZinw12.exe
- 2009-10-30 04:06 . 2004-03-18 21:38 61440 c:\windows\system32\HPZinw12.exe
+ 2010-05-09 16:16 . 2010-05-09 16:16 94208 c:\windows\Installer\{4723F199-FA64-4233-8E6E-9FCCC95A18EE}\python_icon.exe
+ 2009-10-30 04:08 . 2001-08-17 17:53 6784 c:\windows\system32\drivers\serscan.sys
- 2009-10-30 04:08 . 2001-08-17 18:53 6784 c:\windows\system32\drivers\serscan.sys
- 2009-10-30 04:08 . 2001-08-17 18:53 6784 c:\windows\system32\dllcache\serscan.sys
+ 2009-10-30 04:08 . 2001-08-17 17:53 6784 c:\windows\system32\dllcache\serscan.sys
+ 2004-03-23 08:05 . 2004-03-23 08:05 155708 c:\windows\system32\spool\drivers\w32x86\3\hpzvip10.dll
+ 2004-03-23 08:05 . 2004-03-23 08:05 172032 c:\windows\system32\spool\drivers\w32x86\3\hpztbu10.exe
+ 2004-03-23 08:05 . 2004-03-23 08:05 163840 c:\windows\system32\spool\drivers\w32x86\3\hpzstw10.exe
+ 2004-03-23 08:05 . 2004-03-23 08:05 385024 c:\windows\system32\spool\drivers\w32x86\3\hpzstc10.exe
+ 2004-03-13 11:43 . 2004-03-13 11:43 180315 c:\windows\system32\spool\drivers\w32x86\3\hpzsnt10.dll
+ 2004-03-23 08:05 . 2004-03-23 08:05 679936 c:\windows\system32\spool\drivers\w32x86\3\hpzslk10.dll
+ 2004-03-23 08:05 . 2004-03-23 08:05 368640 c:\windows\system32\spool\drivers\w32x86\3\hpzres10.dll
+ 2004-03-23 08:05 . 2004-03-23 08:05 331776 c:\windows\system32\spool\drivers\w32x86\3\hpzpre10.exe
+ 2004-03-23 08:05 . 2004-03-23 08:05 143360 c:\windows\system32\spool\drivers\w32x86\3\hpzpcl10.dll
+ 2004-03-13 11:43 . 2004-03-13 11:43 135249 c:\windows\system32\spool\drivers\w32x86\3\hpzlnt10.dll
+ 2004-03-23 08:05 . 2004-03-23 08:05 200704 c:\windows\system32\spool\drivers\w32x86\3\hpzjui10.dll
+ 2004-03-23 08:05 . 2004-03-23 08:05 352256 c:\windows\system32\spool\drivers\w32x86\3\hpzime10.dll
+ 2004-03-23 08:04 . 2004-03-23 08:04 647168 c:\windows\system32\spool\drivers\w32x86\3\hpzeng10.exe
+ 2004-04-06 17:33 . 2004-04-06 17:33 344064 c:\windows\system32\spool\drivers\w32x86\3\hpzcon10.dll
+ 2004-04-06 17:34 . 2004-04-06 17:34 196608 c:\windows\system32\spool\drivers\w32x86\3\hpzcoi10.dll
+ 2004-03-23 08:04 . 2004-03-23 08:04 286720 c:\windows\system32\spool\drivers\w32x86\3\hpzcfg10.exe
+ 2004-04-07 12:17 . 2004-04-07 12:17 184959 c:\windows\system32\spool\drivers\w32x86\3\hpof2610.dat
+ 2010-05-07 18:22 . 2010-04-12 21:29 153376 c:\windows\system32\javaws.exe
- 2009-08-30 02:00 . 2009-10-11 09:17 145184 c:\windows\system32\javaw.exe
+ 2010-05-07 18:22 . 2010-04-12 21:29 145184 c:\windows\system32\javaw.exe
- 2009-08-30 02:00 . 2009-10-11 09:17 145184 c:\windows\system32\java.exe
+ 2010-05-07 18:22 . 2010-04-12 21:29 145184 c:\windows\system32\java.exe
+ 2009-10-30 04:06 . 2004-03-18 20:56 204800 c:\windows\system32\HPZipr12.dll
- 2009-10-30 04:06 . 2004-03-18 21:56 204800 c:\windows\system32\HPZipr12.dll
- 2009-10-30 04:06 . 2004-03-18 21:53 278584 c:\windows\system32\HPZidr12.dll
+ 2009-10-30 04:06 . 2004-03-18 20:53 278584 c:\windows\system32\HPZidr12.dll
- 2004-08-11 21:24 . 1998-10-29 21:45 306688 c:\windows\IsUninst.exe
+ 2004-08-11 21:24 . 1998-10-29 20:45 306688 c:\windows\IsUninst.exe
+ 2010-05-09 16:16 . 2010-05-09 16:16 589824 c:\windows\Installer\7ff16f1.msi
+ 2010-05-07 18:22 . 2010-05-07 18:22 180224 c:\windows\Installer\2bc95f3.msi
+ 2010-05-07 18:18 . 2010-05-07 18:18 206848 c:\windows\Installer\2bc95e4.msi
+ 2010-05-07 18:18 . 2010-05-07 18:18 129536 c:\windows\Installer\2bc95df.msi
+ 2010-05-07 18:18 . 2010-05-07 18:18 130048 c:\windows\Installer\2bc95da.msi
+ 2010-05-07 18:17 . 2010-05-07 18:17 324608 c:\windows\Installer\2bc95d5.msi
+ 2010-05-07 18:15 . 2010-05-07 18:15 219136 c:\windows\Installer\2bc95d0.msi
+ 2010-05-07 18:15 . 2010-05-07 18:15 129536 c:\windows\Installer\2bc95cb.msi
+ 2010-05-07 18:15 . 2010-05-07 18:15 540672 c:\windows\Installer\2bc95c6.msi
+ 2010-05-07 18:15 . 2010-05-07 18:15 426496 c:\windows\Installer\2bc95c1.msi
+ 2010-05-07 18:14 . 2010-05-07 18:14 338432 c:\windows\Installer\2bc959f.msi
+ 2010-05-07 18:14 . 2010-05-07 18:14 285184 c:\windows\Installer\2bc9597.msi
+ 2010-05-07 18:14 . 2010-05-07 18:14 134144 c:\windows\Installer\2bc9590.msi
+ 2004-04-08 22:51 . 2004-04-08 22:51 7331840 c:\windows\system32\spool\drivers\w32x86\3\hpztbx10.exe
+ 2004-03-13 11:44 . 2004-03-13 11:44 1695744 c:\windows\system32\spool\drivers\w32x86\3\hpzrm310.dll
+ 2004-03-13 11:44 . 2004-03-13 11:44 3182592 c:\windows\system32\spool\drivers\w32x86\3\hpzr3210.dll
+ 2004-03-23 08:05 . 2004-03-23 08:05 1671168 c:\windows\system32\spool\drivers\w32x86\3\hpzims10.dll
+ 2004-03-23 08:05 . 2004-03-23 08:05 1589248 c:\windows\system32\spool\drivers\w32x86\3\hpzimc10.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2010-01-19 77824]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-02-24 1771320]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"="ICO.EXE" [2007-03-08 49152]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2008-07-14 408088]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1044480]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-28 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-28 137752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Acrobat 8.1\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-6 813584]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 03:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-24 21:54 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_06\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_06\\jre\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\TlkEdit.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Documents and Settings\\Psybernetic\\Local Settings\\Apps\\2.0\\E9LZ54J8.5V7\\3WNDY9LK.OWZ\\curs..tion_eee711038731a406_0004.0000_1430d97334050788\\CurseClient.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [1/23/2007 3:58 AM 133968]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]
R2 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [8/17/2008 4:40 AM 217088]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [10/20/2007 12:57 AM 2525720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/5/2010 8:02 PM 102448]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [4/24/2008 5:22 AM 115312]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [3/27/2010 3:20 PM 14424]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/26/2007 11:52 AM 685816]
S2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [4/12/2010 4:19 PM 242176]
S2 hpdj00;hpdj00;c:\docume~1\PSYBER~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Photosmart 2600 series -product=aio --> c:\docume~1\PSYBER~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Photosmart 2600 series -product=aio [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1285864]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [1/23/2007 3:45 AM 42832]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 4:07 PM 25832]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2/16/2010 6:30 PM 48128]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416]
S3 shspusb;Samsung High Speed USB Driver disks;c:\windows\system32\DRIVERS\HSPUSB.sys --> c:\windows\system32\DRIVERS\HSPUSB.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{439113CE-2797-47E8-BA3D-03F300777207}]
2007-04-29 07:24 99960 ----a-w- c:\program files\Hummingbird\Connectivity\13.00\Accessories\HumSettings.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 00:24]

2010-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Psybernetic\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\mozilla.org\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla.org\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla.org\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.txt=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 12:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1319632398-1721202201-1800976716-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-1319632398-1721202201-1800976716-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:74,9b,77,e2,45,16,83,de,c4,1b,5e,7f,ce,3d,ce,6b,d1,cf,f7,b9,64,af,a5,
2f,5e,85,5f,2c,9f,6b,a6,b8,fc,d6,6a,57,86,ba,8c,82,13,fe,5c,cb,9f,b7,02,8d,\
"??"=hex:b1,a4,78,21,28,c1,dc,09,78,f7,04,71,e1,18,cd,d3

[HKEY_USERS\S-1-5-21-1319632398-1721202201-1800976716-1005\Software\SecuROM\License information*]
"datasecu"=hex:80,26,1e,35,95,80,db,a6,e0,dd,0b,a1,0f,0c,d4,9e,e8,10,78,70,d4,
69,d9,d9,fb,7a,c1,58,02,40,70,8e,41,3f,7e,47,b5,71,91,ac,1d,8f,77,a3,6f,81,\
"rkeysecu"=hex:ea,49,9a,8c,77,23,c6,1b,d2,3a,4a,6e,79,a1,43,3f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\AlienGUIse\fastload.dll
.
Completion time: 2010-05-09 12:47:45
ComboFix-quarantined-files.txt 2010-05-09 16:47
ComboFix2.txt 2010-05-07 05:22
ComboFix3.txt 2010-05-06 20:14
ComboFix4.txt 2010-05-06 20:00

Pre-Run: 27,212,972,032 bytes free
Post-Run: 28,059,435,008 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - BE0C777FFBD965E7ACFE087E3F768BBD
Click to expand...
 
Hi,

Open notepad and copy/paste the text in the codebox below into it:

Code: 
@echo off
for %%g in (
c:\qoobox\quarantine\c\documents and settings\Psybernetic\Application Data\PnkBstrK.sys.vir
) do zip Files_for_submission %%g
del %0

Save this as grab.bat
Choose to Save type as - All Files
Save it on your desktop.
It should look like this:
bat_icon.gif

Double click on grab.bat & allow it to run

A file, Files_for_submission.zip will be created on your desktop.

Kindly upload the zip file to this website. Include a link to this topic. Let me know when the file has been uploaded.
 
I created and ran the .bat, but it's not making the zip file on my desktop, or anywhere it seems. I did a file search for it, but no results.
 
Hi,

Does c:\qoobox\quarantine\c\documents and settings\Psybernetic\Application Data\PnkBstrK.sys.vir file exist?
 
Hi,

Thanks for the submission.

There were several other .vir files in the quarantine folder. What should be done with them?
Click to expand...
We'll deal those later.


I missed Soulseek earlier. Please uninstall it too.

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Ignore::
c:\documents and settings\Psybernetic\Application Data\PnkBstrK.sys
DeQuarantine::
c:\qoobox\quarantine\c\documents and settings\Psybernetic\Application Data\PnkBstrK.sys.vir
Folder::
c:\documents and settings\Psybernetic\Application Data\uTorrent
c:\program files\Soulseek
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Soulseek\\slsk.exe"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 20.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
ComboFix
ComboFix 10-05-10.03 - Psybernetic 05/11/2010 5:23.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1099 [GMT -4:00]
Running from: c:\documents and settings\Psybernetic\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Psybernetic\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Psybernetic\Application Data\uTorrent
c:\documents and settings\Psybernetic\Application Data\uTorrent\18488-utorrent.1641.dmp
c:\documents and settings\Psybernetic\Application Data\uTorrent\dht.dat
c:\documents and settings\Psybernetic\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Psybernetic\Application Data\uTorrent\Godspeed On The Devils Thunder.torrent
c:\documents and settings\Psybernetic\Application Data\uTorrent\resume.dat
c:\documents and settings\Psybernetic\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Psybernetic\Application Data\uTorrent\rnbAshley.avi.torrent
c:\documents and settings\Psybernetic\Application Data\uTorrent\rss.dat
c:\documents and settings\Psybernetic\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Psybernetic\Application Data\uTorrent\settings.dat
c:\documents and settings\Psybernetic\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Psybernetic\Application Data\uTorrent\utorrent.lng
c:\program files\Soulseek
c:\program files\Soulseek\attributes.cfg
c:\program files\Soulseek\attrstrings.cfg
c:\program files\Soulseek\autoaway.cfg
c:\program files\Soulseek\chatrooms.cfg
c:\program files\Soulseek\chatui.cfg
c:\program files\Soulseek\dlbans.cfg
c:\program files\Soulseek\extensions.cfg
c:\program files\Soulseek\hotlist.cfg
c:\program files\Soulseek\ignores.cfg
c:\program files\Soulseek\login.cfg
c:\program files\Soulseek\pchat.cfg
c:\program files\Soulseek\port.cfg
c:\program files\Soulseek\queue.cfg
c:\program files\Soulseek\queue2.cfg
c:\program files\Soulseek\rcmnd.cfg
c:\program files\Soulseek\save.cfg
c:\program files\Soulseek\search.cfg
c:\program files\Soulseek\shared.cfg
c:\program files\Soulseek\ticker.cfg
c:\program files\Soulseek\transfersview.cfg
c:\program files\Soulseek\ui.cfg
c:\program files\Soulseek\userinfo.cfg
c:\program files\Soulseek\usernotes.cfg
c:\program files\Soulseek\wishlist.cfg

.
((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-11 09:23 . 2010-05-11 09:23 22328 ----a-w- c:\documents and settings\Psybernetic\Application Data\PnkBstrK.sys
2010-05-09 16:16 . 2010-05-09 16:16 -------- d-----w- C:\Python26
2010-05-09 15:50 . 2010-05-09 15:50 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\Blender Foundation
2010-05-09 15:50 . 2010-05-09 15:50 -------- d-----w- c:\program files\Blender Foundation
2010-05-07 18:22 . 2010-05-07 18:22 503808 ----a-w- c:\documents and settings\Psybernetic\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6016cd4d-n\msvcp71.dll
2010-05-07 18:22 . 2010-05-07 18:22 499712 ----a-w- c:\documents and settings\Psybernetic\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6016cd4d-n\jmc.dll
2010-05-07 18:22 . 2010-05-07 18:22 348160 ----a-w- c:\documents and settings\Psybernetic\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6016cd4d-n\msvcr71.dll
2010-05-07 18:22 . 2010-05-07 18:22 61440 ----a-w- c:\documents and settings\Psybernetic\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-55ec4db5-n\decora-sse.dll
2010-05-07 18:22 . 2010-05-07 18:22 12800 ----a-w- c:\documents and settings\Psybernetic\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-55ec4db5-n\decora-d3d.dll
2010-05-07 18:22 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-07 18:15 . 2010-05-07 18:15 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-07 18:15 . 2010-05-07 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2010-05-07 18:12 . 2004-03-13 11:43 135249 ----a-w- c:\windows\system32\hpzlnt10.dll
2010-05-07 18:11 . 2004-04-12 11:10 90112 ----a-r- c:\windows\system32\hpovst08.dll
2010-05-07 18:03 . 2010-05-07 18:23 104661 ----a-w- c:\windows\hpoins04.dat
2010-05-07 18:03 . 2004-06-21 10:14 17176 ------w- c:\windows\hpomdl04.dat
2010-05-07 02:14 . 2010-05-07 02:14 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-07 02:14 . 2010-05-07 02:11 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-07 02:14 . 2010-05-07 02:11 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-07 02:14 . 2008-04-22 06:08 123552 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-05-07 02:14 . 2008-03-05 22:22 122054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Player\DivXPlayerUninstall.exe
2010-05-07 02:13 . 2010-05-07 02:13 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-07 02:13 . 2008-04-22 06:08 123552 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Codec\DivXCodecUninstall.exe
2010-05-07 02:13 . 2010-05-07 02:13 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-07 02:13 . 2010-05-07 02:13 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-07 02:13 . 2010-05-07 02:13 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-07 02:13 . 2010-05-07 02:13 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-07 02:12 . 2010-05-07 02:12 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-07 02:11 . 2010-05-07 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-07 00:54 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-06 21:26 . 2010-05-06 21:26 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\Windows Desktop Search
2010-05-06 20:39 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-05-04 22:51 . 2010-05-04 22:51 -------- d-----w- C:\Documents
2010-05-04 21:40 . 2010-05-04 22:09 -------- d-----w- c:\program files\NetBeans 6.8
2010-05-04 21:13 . 2010-05-04 23:12 -------- d-----w- C:\cygwin
2010-05-03 09:23 . 2010-05-03 09:23 3153 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2010-05-03 06:41 . 2010-05-04 05:30 -------- d-----w- c:\program files\sges-v3
2010-05-03 04:31 . 2010-05-03 04:32 -------- d-----w- c:\program files\ERUNT
2010-05-03 04:26 . 2010-05-03 04:26 -------- d-----w- c:\documents and settings\Psybernetic\Local Settings\Application Data\Cooliris
2010-05-03 04:25 . 2010-02-25 23:04 57856 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-05-03 04:25 . 2010-02-25 23:04 545280 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-05-03 04:25 . 2010-02-25 23:04 4689408 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-05-03 04:25 . 2010-02-25 23:04 425984 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-05-03 04:25 . 2010-02-25 23:04 153088 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-05-03 04:25 . 2010-02-25 23:04 103424 ----a-w- c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-05-02 17:50 . 2010-05-02 17:50 -------- d-----w- c:\documents and settings\Psybernetic\Local Settings\Application Data\Help
2010-04-30 05:51 . 2010-04-30 05:51 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-30 05:40 . 2010-04-30 05:40 388096 ----a-r- c:\documents and settings\Psybernetic\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-30 05:40 . 2010-04-30 05:40 -------- d-----w- c:\program files\TrendMicro
2010-04-29 14:31 . 2010-04-29 14:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\GNU
2010-04-29 14:31 . 2010-04-29 14:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\gnupg
2010-04-29 14:31 . 2010-05-11 09:07 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\gnupg
2010-04-29 14:31 . 2010-04-29 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\GNU
2010-04-29 14:31 . 2010-04-29 14:31 -------- d-----w- c:\program files\GNU
2010-04-29 06:50 . 2009-11-25 10:48 184320 ----a-w- c:\documents and settings\Psybernetic\Application Data\Thunderbird\Profiles\7blnaouh.default\extensions\{847b3a00-7ab1-11d4-8f02-006008948af5}\platform\WINNT_x86-msvc\components\enigmime-x86-msvc.dll
2010-04-29 05:59 . 2009-09-18 13:28 421888 ----a-w- c:\documents and settings\Psybernetic\Application Data\Thunderbird\Profiles\7blnaouh.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2010-04-29 05:04 . 2010-04-29 05:04 -------- d-----w- c:\documents and settings\Psybernetic\Local Settings\Application Data\Thunderbird
2010-04-29 05:04 . 2010-04-29 05:04 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\Thunderbird
2010-04-29 01:17 . 2010-04-29 01:17 -------- d-----w- c:\program files\iPod
2010-04-29 01:13 . 2010-04-29 01:13 -------- d-----w- c:\program files\Bonjour
2010-04-29 01:11 . 2010-04-29 01:11 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.11\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 09:18 . 2007-10-25 18:57 -------- d-----w- c:\program files\Symantec AntiVirus
2010-05-11 03:37 . 2010-03-27 19:20 -------- d-----w- c:\program files\PeerBlock
2010-05-09 20:36 . 2010-02-16 21:11 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\vlc
2010-05-09 16:22 . 2008-10-21 22:25 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-08 05:49 . 2007-10-25 19:09 -------- d-----w- c:\program files\Warcraft III
2010-05-08 02:49 . 2007-10-31 08:27 -------- d-----w- c:\program files\Guild Wars
2010-05-07 18:22 . 2007-10-20 04:54 -------- d-----w- c:\program files\Common Files\Java
2010-05-07 18:22 . 2007-10-20 04:54 -------- d-----w- c:\program files\Java
2010-05-07 18:15 . 2009-10-30 04:04 -------- d-----w- c:\program files\HP
2010-05-07 18:09 . 2007-11-10 12:24 -------- d-----w- c:\program files\DivX
2010-05-07 02:12 . 2009-05-06 01:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-06 21:45 . 2007-10-25 23:18 -------- d-----w- c:\program files\Windows Desktop Search
2010-05-06 20:44 . 2008-03-08 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-03 09:22 . 2008-03-23 18:57 534904 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-05-03 06:09 . 2007-10-25 18:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-02 18:26 . 2008-02-28 00:40 -------- d-----w- c:\program files\EphPod
2010-05-02 17:50 . 2010-01-20 04:37 -------- d-----w- c:\program files\StarCraft
2010-04-29 02:55 . 2007-10-26 15:20 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\.purple
2010-04-29 01:18 . 2009-11-01 08:17 -------- d-----w- c:\program files\iTunes
2010-04-29 01:17 . 2007-10-25 19:10 -------- d-----w- c:\program files\Common Files\Apple
2010-04-10 15:41 . 2007-10-25 23:31 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\IGN_DLM
2010-04-10 15:30 . 2010-04-10 15:30 -------- d-----w- c:\program files\Download Manager
2010-04-10 07:13 . 2008-03-06 03:52 -------- d-----w- c:\program files\SystemRequirementsLab
2010-04-10 07:12 . 2010-04-10 07:12 85504 ----a-w- c:\documents and settings\Psybernetic\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-04-10 07:12 . 2008-03-06 03:52 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\SystemRequirementsLab
2010-04-09 03:15 . 2007-10-25 23:20 -------- d-----w- c:\program files\Electronic Arts
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-07 07:58 . 2010-01-27 02:21 -------- d-----w- c:\program files\Mass Effect 2
2010-04-07 03:56 . 2007-11-29 03:46 -------- d-----w- c:\program files\IncGamers Client
2010-04-03 23:23 . 2010-04-03 23:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23 . 2010-04-03 23:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23 . 2010-04-03 23:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23 . 2010-04-03 23:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23 . 2010-04-03 23:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22 . 2010-04-03 23:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 04:05 . 2010-04-03 04:05 915530 ----a-w- C:\appbckp2.reg
2010-04-03 04:05 . 2010-04-03 04:05 346 ----a-w- C:\appbckp1.reg
2010-04-02 20:54 . 2008-10-21 22:27 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-04-01 00:59 . 2010-04-01 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-01 00:56 . 2009-06-02 03:38 -------- d-----w- c:\program files\QuickTime
2010-03-29 01:59 . 2010-03-29 00:40 -------- d-----w- c:\program files\Dragon Age
2010-03-29 01:40 . 2009-11-05 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\BioWare
2010-03-29 00:59 . 2009-02-23 03:18 -------- d-----w- c:\program files\Common Files\BioWare
2010-03-28 21:50 . 2007-10-25 19:27 -------- d-----w- c:\program files\Lavasoft
2010-03-28 21:50 . 2010-03-28 21:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-28 21:50 . 2007-10-25 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-28 04:52 . 2007-10-25 19:12 122581 -c--a-w- c:\windows\War3Unin.dat
2010-03-27 06:13 . 2010-03-27 06:13 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\NVIDIA
2010-03-27 05:50 . 2008-08-31 02:12 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-27 05:39 . 2007-10-25 19:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-27 01:13 . 2007-12-11 09:18 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\dvdcss
2010-03-26 21:34 . 2009-01-19 10:30 -------- d-----w- c:\program files\CCleaner
2010-03-24 02:29 . 2010-03-24 02:29 1201 ----a-w- c:\documents and settings\Psybernetic\Application Data\.purple\certificates\x509\tls_peers\login.facebook.com
2010-03-24 02:29 . 2007-10-26 15:19 -------- d-----w- c:\program files\Pidgin
2010-03-24 00:41 . 2010-03-24 00:41 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{DE032019-B933-4DF4-9174-48C52613DA13}
2010-03-24 00:41 . 2010-03-24 00:41 -------- d-----w- c:\program files\Stardock
2010-03-20 09:27 . 2010-03-20 09:27 -------- d-----w- c:\documents and settings\Psybernetic\Application Data\Command and Conquer 4
2010-03-20 01:52 . 2010-03-20 01:52 2145280 ----a-w- c:\windows\system32\python26.dll
2010-03-10 06:15 . 2004-08-11 21:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-26 01:23 . 2010-02-26 01:23 2157 ----a-w- c:\documents and settings\Psybernetic\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2010-02-25 06:24 . 2004-08-11 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-11 21:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-21 18:45 . 2007-10-20 04:42 305176 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-02-18 06:25 . 2010-02-18 06:25 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-16 20:12 . 2010-02-16 20:12 12862 ----a-r- c:\documents and settings\Psybernetic\Application Data\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2010-02-16 14:08 . 2004-08-11 21:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 02:59 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-11 21:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-11 21:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-05-09_16.45.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-11 09:16 . 2010-05-11 09:16 16384 c:\windows\Temp\Perflib_Perfdata_21c.dat
+ 2010-05-09 17:00 . 2010-05-11 09:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-25 18:47 . 2010-05-11 09:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-10-25 18:47 . 2010-05-07 05:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-02-18 08:10 . 2010-05-09 21:53 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-02-18 08:10 . 2010-05-07 02:40 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2010-05-09 17:00 . 2010-05-11 09:23 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2010-01-19 77824]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2010-02-24 1771320]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 1524824]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PMX Daemon"="ICO.EXE" [2007-03-08 49152]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2008-07-14 408088]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1044480]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-28 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-28 137752]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Acrobat 8.1\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-6 813584]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-21 03:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-24 21:54 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre1.6.0_06\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_06\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_06\\jre\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\TlkEdit.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=
"c:\\Documents and Settings\\Psybernetic\\Local Settings\\Apps\\2.0\\E9LZ54J8.5V7\\3WNDY9LK.OWZ\\curs..tion_eee711038731a406_0004.0000_1430d97334050788\\CurseClient.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [1/23/2007 3:58 AM 133968]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]
R2 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [8/17/2008 4:40 AM 217088]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [10/20/2007 12:57 AM 2525720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/5/2010 8:02 PM 102448]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [4/24/2008 5:22 AM 115312]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [3/27/2010 3:20 PM 14424]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/26/2007 11:52 AM 685816]
S2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [4/12/2010 4:19 PM 242176]
S2 hpdj00;hpdj00;c:\docume~1\PSYBER~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Photosmart 2600 series -product=aio --> c:\docume~1\PSYBER~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Photosmart 2600 series -product=aio [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1285864]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [1/23/2007 3:45 AM 42832]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 4:07 PM 25832]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2/16/2010 6:30 PM 48128]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416]
S3 shspusb;Samsung High Speed USB Driver disks;c:\windows\system32\DRIVERS\HSPUSB.sys --> c:\windows\system32\DRIVERS\HSPUSB.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{439113CE-2797-47E8-BA3D-03F300777207}]
2007-04-29 07:24 99960 ----a-w- c:\program files\Hummingbird\Connectivity\13.00\Accessories\HumSettings.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 00:24]

2010-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Psybernetic\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Psybernetic\Application Data\Mozilla\Firefox\Profiles\x6xr40ns.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\mozilla.org\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla.org\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla.org\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla.org\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla.org\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-11 05:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1319632398-1721202201-1800976716-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=

[HKEY_USERS\S-1-5-21-1319632398-1721202201-1800976716-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:74,9b,77,e2,45,16,83,de,c4,1b,5e,7f,ce,3d,ce,6b,d1,cf,f7,b9,64,af,a5,
2f,5e,85,5f,2c,9f,6b,a6,b8,fc,d6,6a,57,86,ba,8c,82,13,fe,5c,cb,9f,b7,02,8d,\
"??"=hex:b1,a4,78,21,28,c1,dc,09,78,f7,04,71,e1,18,cd,d3

[HKEY_USERS\S-1-5-21-1319632398-1721202201-1800976716-1005\Software\SecuROM\License information*]
"datasecu"=hex:80,26,1e,35,95,80,db,a6,e0,dd,0b,a1,0f,0c,d4,9e,e8,10,78,70,d4,
69,d9,d9,fb,7a,c1,58,02,40,70,8e,41,3f,7e,47,b5,71,91,ac,1d,8f,77,a3,6f,81,\
"rkeysecu"=hex:ea,49,9a,8c,77,23,c6,1b,d2,3a,4a,6e,79,a1,43,3f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\AlienGUIse\fastload.dll
.
Completion time: 2010-05-11 05:31:16
ComboFix-quarantined-files.txt 2010-05-11 09:31
ComboFix2.txt 2010-05-09 16:47
ComboFix3.txt 2010-05-07 05:22
ComboFix4.txt 2010-05-06 20:14
ComboFix5.txt 2010-05-11 09:19
C:\DeQuarantine.txt

Pre-Run: 36,286,828,544 bytes free
Post-Run: 36,244,635,648 bytes free

- - End Of File - - 1DF37745208C039981C7A5C24F08428C
Click to expand...

KAS.txt
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, May 11, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, May 11, 2010 09:04:01
Records in database: 4093911
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
G:\
W:\
X:\
Y:\
Z:\

Scan statistics:
Objects scanned: 203569
Threats found: 2
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 05:04:33


File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A480000\4A49822E.VBN Infected: Backdoor.Win32.Hupigon.evdj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EEC0000\4FFCA18D.VBN Infected: not-a-virus:RiskTool.Win32.CloseApp.e 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EEC0001\4FFD3BD6.VBN Infected: not-a-virus:RiskTool.Win32.CloseApp.e 1
C:\WINDOWS\system32\CloseApp.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.e 1

Selected area has been scanned.
Click to expand...
 
Hit the character limit.
dds.txt
DDS (Ver_10-03-17.01) - NTFSx86
Run by Psybernetic at 0:33:30.40 on Wed 05/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1147 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Sygate\SPF\smc.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\java.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.1\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Psybernetic\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [DS3 Tool] c:\program files\motioninjoy\ds3\DS3_Tool.exe -mini
uRun: [ccleaner] "c:\program files\ccleaner\ccleaner.exe" /AUTO
uRun: [CursorFX] "c:\program files\stardock\cursorfx\CursorFX.exe"
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\acrobat 8.1\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\microsoft office\office12\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\microsoft office\office12\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: WB - c:\program files\alienguise\fastload.dll
AppInit_DLLs: c:\windows\system32\wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {439113CE-2797-47E8-BA3D-03F300777207} - "c:\program files\hummingbird\connectivity\13.00\accessories\HumSettings.exe" INSTALL=ALL NoFreeWhenWOW64=1 LOGGINGLEVEL=5
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\psyber~1\applic~1\mozilla\firefox\profiles\x6xr40ns.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\psybernetic\application data\mozilla\firefox\profiles\x6xr40ns.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\psybernetic\application data\mozilla\firefox\profiles\x6xr40ns.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\documents and settings\psybernetic\application data\mozilla\firefox\profiles\x6xr40ns.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\psybernetic\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\psybernetic\application data\mozilla\firefox\profiles\x6xr40ns.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\psybernetic\application data\mozilla\firefox\profiles\x6xr40ns.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\psybernetic\application data\mozilla\firefox\profiles\x6xr40ns.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla.org\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla.org\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla.org\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla.org\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla.org\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla.org\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla.org\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla.org\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-1-23 133968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R2 DirMngr;DirMngr;c:\program files\gnu\gnupg\dirmngr.exe [2010-4-12 242176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1285864]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 PS3 Media Server;PS3 Media Server;c:\program files\ps3 media server\win32\service\wrapper.exe [2008-8-17 217088]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-10-20 2525720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-5 102448]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2008-4-24 115312]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100511.003\naveng.sys [2010-5-11 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100511.003\navex15.sys [2010-5-11 1347504]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-3-27 14424]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 hpdj00;hpdj00;c:\docume~1\psyber~1\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=hp photosmart 2600 series -product=aio --> c:\docume~1\psyber~1\locals~1\temp\hpdj00.exe -servicerunning=true -uninstall=HP Photosmart 2600 series -product=aio [?]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-1-23 42832]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-2-16 48128]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]
S3 shspusb;Samsung High Speed USB Driver disks;c:\windows\system32\drivers\hspusb.sys --> c:\windows\system32\drivers\HSPUSB.sys [?]
S4 vsdatant;vsdatant; [x]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-05-11 09:23:09 22328 ----a-w- c:\docume~1\psyber~1\applic~1\PnkBstrK.sys
2010-05-11 09:16:41 21 ----a-w- c:\windows\S.dirmngr
2010-05-09 16:40:12 0 d-sha-r- C:\cmdcons
2010-05-09 16:16:05 0 d-----w- C:\Python26
2010-05-09 15:50:19 0 d-----w- c:\docume~1\psyber~1\applic~1\Blender Foundation
2010-05-09 15:50:15 0 d-----w- c:\program files\Blender Foundation
2010-05-07 18:22:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-07 18:12:31 135249 ----a-w- c:\windows\system32\hpzlnt10.dll
2010-05-07 18:11:55 90112 ----a-r- c:\windows\system32\hpovst08.dll
2010-05-07 18:09:13 657 ----a-w- c:\windows\hpntwksetup.ini
2010-05-07 18:03:31 17176 ------w- c:\windows\hpomdl04.dat
2010-05-07 18:03:31 104661 ----a-w- c:\windows\hpoins04.dat
2010-05-07 02:11:11 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-05-07 00:54:02 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-05-07 00:54:01 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-06 21:26:20 0 d-----w- c:\docume~1\psyber~1\applic~1\Windows Desktop Search
2010-05-06 20:39:08 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-05-06 19:50:44 98816 ----a-w- c:\windows\sed.exe
2010-05-06 19:50:44 77312 ----a-w- c:\windows\MBR.exe
2010-05-06 19:50:44 256512 ----a-w- c:\windows\PEV.exe
2010-05-06 19:50:44 161792 ----a-w- c:\windows\SWREG.exe
2010-05-04 22:51:38 0 d-----w- C:\Documents
2010-05-04 22:48:14 36999 ----a-w- c:\documents and settings\psybernetic\peerblock.dmp
2010-05-04 21:40:10 0 d-----w- c:\program files\NetBeans 6.8
2010-05-04 21:13:14 0 d-----w- C:\cygwin
2010-05-03 09:23:21 33846 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.bmp
2010-05-03 09:23:21 3153 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2010-05-03 06:41:24 0 d-----w- c:\program files\sges-v3
2010-04-30 05:51:14 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-30 05:40:05 0 d-----w- c:\program files\TrendMicro
2010-04-29 14:31:44 0 d-----w- c:\docume~1\psyber~1\applic~1\gnupg
2010-04-29 14:31:43 0 d-----w- c:\docume~1\alluse~1\applic~1\GNU
2010-04-29 14:31:30 0 d-----w- c:\program files\GNU
2010-04-29 01:17:35 0 d-----w- c:\program files\iPod
2010-04-29 01:13:29 0 d-----w- c:\program files\Bonjour
2010-04-26 22:04:42 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-04-20 18:08:24 222958020 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 14-08-24).dump
2010-04-20 18:02:51 19477596 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 14-02-51).dump
2010-04-20 17:57:18 236519688 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-57-18).dump
2010-04-20 17:56:29 12 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-56-29).dump
2010-04-20 17:55:42 10809948 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-55-42).dump
2010-04-20 17:53:37 129460692 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-53-37).dump
2010-04-20 17:52:11 23710872 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-52-11).dump
2010-04-20 17:49:58 167453472 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-49-58).dump
2010-04-20 17:30:46 36022872 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-30-46).dump
2010-04-20 17:27:54 35844348 ----a-w- C:\Star.Wars.Episode.3.Revenge.of.the.sith.PS2.NTSC.USA (2010-04-20 13-27-54).dump

==================== Find3M ====================

2010-05-03 09:22:53 534904 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 23:23:18 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-03 23:23:16 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-03 23:23:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-03 23:23:16 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 23:23:16 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-03 23:22:54 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 04:05:30 915530 ----a-w- C:\appbckp2.reg
2010-04-03 04:05:30 346 ----a-w- C:\appbckp1.reg
2010-04-02 20:54:38 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-28 23:58:53 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2010-03-28 04:52:35 122581 -c--a-w- c:\windows\War3Unin.dat
2010-03-20 01:52:08 2145280 ----a-w- c:\windows\system32\python26.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 13:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-16 04:50:23 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2008-07-06 02:38:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070520080706\index.dat

============= FINISH: 0:36:11.42 ===============
Click to expand...
 
Attach.txt
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/7/2005 11:24:05 AM
System Uptime: 5/12/2010 12:29:14 AM (0 hours ago)

Motherboard: Dell Inc. | | 0GM819
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | CPU | 2660/1333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 33.372 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
G: is CDROM ()
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 3/28/2010 10:10:54 PM - System Checkpoint
RP2: 3/30/2010 3:24:29 AM - System Checkpoint
RP3: 3/31/2010 4:07:45 AM - System Checkpoint
RP4: 4/1/2010 4:36:46 AM - System Checkpoint
RP5: 4/2/2010 5:21:14 AM - System Checkpoint
RP6: 4/3/2010 6:16:00 AM - System Checkpoint
RP7: 4/4/2010 6:16:59 AM - System Checkpoint
RP8: 4/5/2010 7:15:54 AM - System Checkpoint
RP9: 4/6/2010 8:15:54 AM - System Checkpoint
RP10: 4/6/2010 11:54:52 PM - Removed Command & Conquer™ 4 Tiberian Twilight
RP11: 4/6/2010 11:57:15 PM - Removed DK Optimize
RP12: 4/8/2010 4:05:05 AM - System Checkpoint
RP13: 4/9/2010 4:24:11 AM - System Checkpoint
RP14: 4/10/2010 5:06:18 AM - System Checkpoint
RP15: 4/10/2010 11:36:07 AM - Installed DirectX
RP16: 4/10/2010 12:29:47 PM - Removed Intel(R) Processor ID Utility
RP17: 4/11/2010 1:06:22 PM - System Checkpoint
RP18: 4/12/2010 1:07:25 PM - System Checkpoint
RP19: 4/13/2010 2:06:18 PM - System Checkpoint
RP20: 4/14/2010 3:07:26 PM - System Checkpoint
RP21: 4/15/2010 4:06:21 PM - System Checkpoint
RP22: 4/16/2010 4:07:25 PM - System Checkpoint
RP23: 4/17/2010 6:46:47 PM - System Checkpoint
RP24: 4/18/2010 10:08:07 PM - System Checkpoint
RP25: 4/19/2010 11:36:39 PM - System Checkpoint
RP26: 4/21/2010 12:22:40 AM - System Checkpoint
RP27: 4/22/2010 12:46:56 AM - System Checkpoint
RP28: 4/23/2010 1:24:02 AM - System Checkpoint
RP29: 4/24/2010 7:57:03 AM - System Checkpoint
RP30: 4/25/2010 8:45:51 AM - System Checkpoint
RP31: 4/26/2010 9:37:51 AM - System Checkpoint
RP32: 4/27/2010 10:38:59 AM - System Checkpoint
RP33: 4/28/2010 11:46:54 AM - System Checkpoint
RP34: 4/29/2010 12:23:33 PM - System Checkpoint
RP35: 4/30/2010 1:40:05 AM - Installed HiJackThis
RP36: 5/1/2010 2:48:04 AM - System Checkpoint
RP37: 5/2/2010 3:03:40 AM - System Checkpoint
RP38: 5/3/2010 9:09:08 AM - System Checkpoint
RP39: 5/4/2010 1:35:19 PM - System Checkpoint
RP40: 5/5/2010 2:02:54 PM - System Checkpoint
RP41: 5/6/2010 4:41:06 PM - Software Distribution Service 3.0
RP42: 5/6/2010 5:17:09 PM - Software Distribution Service 3.0
RP43: 5/6/2010 5:44:59 PM - Software Distribution Service 3.0
RP44: 5/7/2010 2:12:40 PM - Printer Driver HP Photosmart 2600 series Installed
RP45: 5/7/2010 2:17:35 PM - Printer Driver HP Photosmart 2600 series fax Installed
RP46: 5/7/2010 2:21:54 PM - Installed Java(TM) 6 Update 20
RP47: 5/7/2010 2:23:00 PM - Printer Driver HP remote printers Installed
RP48: 5/8/2010 2:59:12 PM - System Checkpoint
RP49: 5/9/2010 12:16:04 PM - Installed Python 2.6.5
RP50: 5/10/2010 12:59:25 PM - System Checkpoint

==== Installed Programs ======================

2600
2600_Help
2600Trb
7-Zip 4.65
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Color Common Settings
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.2
Adobe Setup
Advanced Batch Converter
Age of Empires III - The WarChiefs
AiO_Scan
AiOSoftware
AlienGUIse Theme Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aspell English Dictionary-0.50-2
Aspell German Dictionary-0.50-2
ATI - Software Uninstall Utility
AusLogics Disk Defrag
AutoUpdate
AviSynth 2.5
Blender (remove only)
Bonjour
BufferChm
CCleaner
CDBurnerXP
CDDRV_Installer
CDisplay 1.8
Choice Guard
Cole2k Media - Codec Pack (Advanced) 6.1.0
Combined Community Codec Pack 2009-09-09
Command & Conquer™ Red Alert™ 3
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Curse Client
CursorFX
dBpoweramp FLAC Codec
dBpoweramp m4a Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Music Converter
dBpoweramp Windows Media Audio 10 Codec
DDS Converter 2.1
Dell ETS Factory Installation
Destinations
Dimension 4 v5.0
Director
DirectX for Managed Code Update (Summer 2004)
DivX Codec
DivX Converter
DivX Player
DivX Setup
DocProc
DocumentViewer
Download Manager 2.3.10
Dragon Age Awakening Redesigned
Dragon Age Awakening Velanna Redesigned©
Dragon Age: Origins
DVD Shrink 3.2
EA Download Manager
Earthsim
Electricsheep Screensaver 2.7b18
EphPod
erLT
ERUNT 1.1j
Fax
FileZilla 2.2.32
FMOD Programmers API Win32
FoxyTunes for Firefox
Game Maker 8.0
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
GIMP 2.6.8
GlassFish V2 UR1
GNU Aspell 0.50-3
Gpg4win (2.0.2)
GTK+ Runtime 2.14.7 rev a (remove only)
Guild Wars
High Definition Audio Driver Package - KB835221
HiJackThis
HostExplorer 2008
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Diagnostic Assistant
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
HPSystemDiagnostics
InstantShare
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) PRO Alerting Agent
Intel(R) PRO Network Connections 12.1.12.4
Intel® Active Management Technology
Intel® Management Engine Interface
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java DB 10.4.2.1
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 14
Java(TM) SE Development Kit 6 Update 6
Junk Mail filter update
KeyScrambler
KhalInstallWrapper
Last.fm 1.5.4.24567
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 3.1 (Symantec Corporation)
Logitech SetPoint
Magic ISO Maker v5.5 (build 0272)
MagicDisc 2.7.105
Mass Effect 2
Medieval CUE Splitter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft WSE 3.0 Runtime
MIT Kerberos for Windows 3.2.0
MobileMe Control Panel
Monkey's Audio
MotioninJoy ds3 driver version 0.4.0002
Mouse Suite for Desktop Computers
Move Media Player
Mozilla Firefox (3.6.3)
Mozilla Thunderbird (3.0.4)
Mozilla Thunderbird 2.0.0.x
MSDN Library for Microsoft Visual Studio 2008 Express Editions
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NetBeans IDE 6.8
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Photoshop Plug-ins
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Overland
PCSX2 - Playstation 2 Emulator
Pcsx2 0.9.6
PeerBlock 1.0.0 (r181)
PhotoGallery
Pidgin
PowerDVD
PowerISO
PrintScreen
ProductContext
Python 2.5
Python 2.6.5
QFolder
QuickProjects
QuickTime
Readme
Real Alternative 1.8.0
Scan
SearchAssist
SecureCRT 5.5.1
SecureW2 TTLS Client 3.2.0 for Windows 2K/XP
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
SkinsHP1
Skype™ 4.1
Sonic Activation Module
SoundMAX
Spybot - Search & Destroy
SQL Server System CLR Types
StarCraft
Steam
Sun GlassFish Enterprise Server v2.1
Sun GlassFish Enterprise Server v3
Sun GlassFish Enterprise Server v3 Prelude
Sygate Personal Firewall
Symantec AntiVirus
System Requirements Lab
TBS WMP Plug-in
TES Construction Set
TortoiseSVN 1.5.0.13316 (32 bit)
TrayApp
Uniblue SpeedUpMyPC 2009
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb981433)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Vampire - Bloodlines
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
Warcraft III: All Products
WebFldrs XP
WebReg
Windows Automatic Update Service (WAUS)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinPcap 4.1.1
wxPython 2.8.7.1 (ansi) for Python 2.5
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

5/7/2010 2:11:38 PM, error: PlugPlayManager [11] - The device Root\LEGACY_HPJMPR50\0000 disappeared from the system without first being prepared for removal.
5/7/2010 11:07:09 PM, error: System Error [1003] - Error code 10000050, parameter1 e8e5df08, parameter2 00000000, parameter3 bd1bdea6, parameter4 00000001.
5/7/2010 11:03:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
5/7/2010 11:02:31 PM, error: Service Control Manager [7000] - The hpdj00 service failed to start due to the following error: The system cannot find the file specified.
5/7/2010 1:19:48 AM, error: Service Control Manager [7031] - The PS3 Media Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/7/2010 1:15:28 AM, error: Service Control Manager [7034] - The DirMngr service terminated unexpectedly. It has done this 1 time(s).
5/6/2010 5:05:28 PM, error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
5/6/2010 5:05:28 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer JOY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E77D028A-76B7-4915-9B4E. The master browser is stopping or an election is being forced.

==== End Of File ===========================
Click to expand...
 
Hi,

Uninstall old Adobe Reader versions and get the latest one (both 9.3 + update 9.3.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall these old Javas:
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 14
Java(TM) SE Development Kit 6 Update 6

How's the system running now?
 
You must log in or register to reply here.
Back
Top