Google links redirecting me to random sites (Resolved)

W

wickedliam

New member
Basically when I use google and search something and click a link, the majority of the time I get redirected to random sites.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:24, on 16/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\PROGRA~1\SPEEDB~1\vaproxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - C:\Program Files\Applications\iebt.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\Windows\rundll32.exe C:\Windows\system32\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunServices: [SSDPSRV] C:\Windows\system32\ssdpsrv.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Liam\AppData\Local\Temp\hggfg.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Liam\AppData\Local\Temp\urqoo.dll,c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.tryoutietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.tryoutietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A34BD35-EAF0-4A6B-87AA-CE4FB6B47EB8}: NameServer = 85.255.112.108
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.108,85.255.112.211
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.108,85.255.112.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.108,85.255.112.211
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13279 bytes
 
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Failure to reply within 5 days will result in the topic being closed.
  5. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly
laechel.gif


Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------



REMOVE P2P PROGRAMS

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitTorrent DNA

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.

Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.


----------------------------------------------------------------------------------------
Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Liam at 2009-07-19 16:26:14
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 1 GB (1%) free of 106 GB
Total RAM: 1982 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:26:48, on 19/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KHost.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Liam\Desktop\RSIT.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\Liam.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3B7AAEB1-9F3D-4491-9C06-C7165CA8D058} - C:\Program Files\Applications\iebt.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [ICSDCLT] C:\Windows\rundll32.exe C:\Windows\system32\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [SSDPSRV] C:\Windows\system32\ssdpsrv.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Liam\AppData\Local\Temp\hggfg.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Liam\AppData\Local\Temp\urqoo.dll,c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.tryoutietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.tryoutietool.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A34BD35-EAF0-4A6B-87AA-CE4FB6B47EB8}: NameServer = 85.255.112.108
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.108,85.255.112.211
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.108,85.255.112.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.108,85.255.112.211
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13025 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AdwareAlert Scheduled Scan.job
C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3B7AAEB1-9F3D-4491-9C06-C7165CA8D058}]
C:\Program Files\Applications\iebt.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll [2009-03-12 372592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL [2009-03-12 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-08 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-05 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-29 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-08 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll [2009-03-12 372592]
{B24BA06E-FB7B-4757-95C2-DC01125F750E} - RefresherBand Class - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL [2001-08-03 45056]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-03-29 176128]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-03-06 180224]
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-11 317128]
"4oD"=C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"ICSDCLT"=C:\Windows\rundll32.exe C:\Windows\system32\icsdclt.dll,ICSClient []
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-08 136600]
"PAC7302_Monitor"=C:\Windows\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-04 92704]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-08 44128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"start"=C:\Program Files\Applications\iebtm.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]
"MSServer"=C:\Users\Liam\AppData\Local\Temp\hggfg.dll,#1 []
"cmds"=C:\Users\Liam\AppData\Local\Temp\urqoo.dll,c []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-23 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-02-14 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2009-06-11 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Liam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{204f2460-f7ea-11dd-9b98-001b24cf0d54}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \SystemVolumeInformation\system.exe


======List of files/folders created in the last 3 months======

2009-07-19 16:01:51 ----D---- C:\rsit
2009-07-16 20:57:29 ----D---- C:\Program Files\iPod
2009-07-16 20:57:25 ----D---- C:\Program Files\iTunes
2009-07-16 20:54:36 ----SHD---- C:\Config.Msi
2009-07-16 14:49:04 ----D---- C:\Program Files\Trend Micro
2009-07-16 14:41:59 ----D---- C:\Windows\ERDNT
2009-07-15 22:59:41 ----D---- C:\Program Files\PFPortChecker
2009-07-14 23:49:30 ----D---- C:\Program Files\ERUNT
2009-07-02 23:32:59 ----D---- C:\Users\Liam\AppData\Roaming\fretsonfire
2009-07-02 23:32:27 ----D---- C:\Program Files\Frets on Fire
2009-06-22 18:38:22 ----A---- C:\Windows\ntbtlog.txt
2009-06-21 17:58:56 ----D---- C:\dvdsanta
2009-06-21 17:49:13 ----D---- C:\Users\Liam\AppData\Roaming\ImgBurn
2009-06-21 15:06:45 ----D---- C:\Program Files\ImgBurn
2009-06-13 20:49:23 ----A---- C:\Windows\system32\EncDec.dll
2009-06-13 20:49:21 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-09 21:45:46 ----A---- C:\Windows\system32\localspl.dll
2009-06-09 21:45:34 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-09 21:45:01 ----A---- C:\Windows\system32\mshtml.dll
2009-06-09 21:44:57 ----A---- C:\Windows\system32\ieframe.dll
2009-06-09 21:44:56 ----A---- C:\Windows\system32\urlmon.dll
2009-06-09 21:44:55 ----A---- C:\Windows\system32\wininet.dll
2009-06-09 21:44:55 ----A---- C:\Windows\system32\iertutil.dll
2009-06-09 21:44:55 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-09 21:44:54 ----A---- C:\Windows\system32\msfeeds.dll
2009-06-09 21:44:53 ----A---- C:\Windows\system32\occache.dll
2009-06-09 21:44:53 ----A---- C:\Windows\system32\ieUnatt.exe
2009-06-09 21:44:53 ----A---- C:\Windows\system32\ieaksie.dll
2009-06-09 21:44:51 ----A---- C:\Windows\system32\ieencode.dll
2009-06-09 21:44:50 ----A---- C:\Windows\system32\mstime.dll
2009-06-09 21:44:48 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-09 18:47:28 ----D---- C:\Program Files\Broadcom
2009-06-05 03:04:00 ----A---- C:\Windows\system32\infocardapi.dll
2009-06-05 03:03:58 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-05 03:03:53 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-06-05 03:03:53 ----A---- C:\Windows\system32\icardres.dll
2009-06-05 03:03:53 ----A---- C:\Windows\system32\icardagt.exe
2009-06-05 03:03:41 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-06-05 03:03:32 ----A---- C:\Windows\system32\PresentationHost.exe
2009-06-04 21:02:43 ----A---- C:\Windows\system32\nvusmb.exe
2009-06-04 21:00:55 ----D---- C:\NVIDIA
2009-06-04 20:32:26 ----A---- C:\Windows\system32\dfshim.dll
2009-06-04 20:32:17 ----A---- C:\Windows\system32\mscoree.dll
2009-06-04 20:32:16 ----A---- C:\Windows\system32\netfxperf.dll
2009-06-04 20:31:13 ----A---- C:\Windows\system32\mscorier.dll
2009-06-04 20:30:44 ----A---- C:\Windows\system32\mscories.dll
2009-06-02 21:57:29 ----D---- C:\Program Files\QuickTime
2009-05-29 16:40:19 ----D---- C:\Windows\system32\AGEIA
2009-05-29 16:40:18 ----D---- C:\Program Files\AGEIA Technologies
2009-05-29 16:38:35 ----D---- C:\Program Files\OpenAL
2009-05-29 16:38:34 ----A---- C:\Windows\system32\wrap_oal.dll
2009-05-29 16:38:34 ----A---- C:\Windows\system32\OpenAL32.dll
2009-05-29 13:36:16 ----A---- C:\Windows\system32\usbaaplrc.dll
2009-05-25 20:52:03 ----D---- C:\ProgramData\Sony Ericsson
2009-05-25 20:52:03 ----D---- C:\Program Files\Sony Ericsson
2009-05-18 19:21:35 ----D---- C:\Program Files\SSC Service Utility
2009-05-11 19:04:49 ----D---- C:\Program Files\YRefresher

======List of files/folders modified in the last 3 months======

2009-07-19 16:26:25 ----D---- C:\Windows\Temp
2009-07-19 16:26:15 ----D---- C:\ProgramData\Kontiki
2009-07-19 16:24:37 ----D---- C:\Program Files\SpeedBit Video Accelerator
2009-07-19 16:24:35 ----D---- C:\Windows\SMINST
2009-07-19 16:13:19 ----D---- C:\Windows\Prefetch
2009-07-19 15:57:17 ----RD---- C:\Program Files
2009-07-19 15:57:07 ----D---- C:\Program Files\BitTorrent
2009-07-18 20:47:45 ----D---- C:\Program Files\Mozilla Firefox
2009-07-18 13:13:25 ----D---- C:\Program Files\Steam
2009-07-18 13:01:59 ----D---- C:\Program Files\Common Files\Steam
2009-07-17 16:47:25 ----SHD---- C:\System Volume Information
2009-07-16 20:58:47 ----SHD---- C:\Windows\Installer
2009-07-16 20:57:28 ----D---- C:\Program Files\Common Files\Apple
2009-07-16 20:39:10 ----D---- C:\Windows\System32
2009-07-16 14:41:59 ----D---- C:\Windows
2009-07-15 20:04:01 ----D---- C:\Users\Liam\AppData\Roaming\Spotify
2009-07-11 22:58:50 ----D---- C:\Users\Liam\AppData\Roaming\BitTorrent
2009-07-09 22:27:52 ----D---- C:\Windows\inf
2009-07-09 22:27:52 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-07 15:19:20 ----D---- C:\Windows\system32\WDI
2009-07-07 11:21:23 ----D---- C:\Windows\system32\catroot2
2009-06-30 23:46:15 ----D---- C:\Users\Liam\AppData\Roaming\LimeWire
2009-06-25 12:37:44 ----D---- C:\Windows\system32\drivers
2009-06-24 14:04:17 ----D---- C:\Program Files\dvdSanta
2009-06-24 13:49:01 ----A---- C:\Windows\dvdSanta.INI
2009-06-24 12:30:45 ----D---- C:\TempDVD
2009-06-22 18:39:14 ----D---- C:\Windows\Minidump
2009-06-21 20:00:02 ----D---- C:\Windows\Tasks
2009-06-21 19:59:06 ----D---- C:\Windows\system32\Tasks
2009-06-18 09:15:46 ----RSD---- C:\Windows\Fonts
2009-06-14 15:00:00 ----D---- C:\Windows\Microsoft.NET
2009-06-14 14:59:23 ----RSD---- C:\Windows\assembly
2009-06-14 14:51:07 ----D---- C:\Windows\ehome
2009-06-14 13:18:59 ----SD---- C:\Windows\Downloaded Program Files
2009-06-14 10:51:26 ----D---- C:\Windows\winsxs
2009-06-14 10:50:26 ----D---- C:\ProgramData\Microsoft Help
2009-06-13 20:47:31 ----D---- C:\Windows\system32\catroot
2009-06-10 03:26:37 ----D---- C:\Program Files\Internet Explorer
2009-06-10 03:15:31 ----D---- C:\Program Files\Microsoft Works
2009-06-09 18:47:19 ----D---- C:\SwSetup
2009-06-09 18:28:24 ----D---- C:\Windows\Downloaded Installations
2009-06-08 18:21:47 ----D---- C:\Windows\rescache
2009-06-05 09:02:46 ----D---- C:\ProgramData\NVIDIA
2009-06-05 03:41:32 ----D---- C:\Windows\system32\XPSViewer
2009-06-05 03:41:32 ----D---- C:\Windows\system32\wbem
2009-06-05 03:41:32 ----D---- C:\Windows\system32\en-US
2009-06-05 03:35:36 ----D---- C:\Program Files\Common Files\microsoft shared
2009-06-05 03:17:29 ----A---- C:\Windows\win.ini
2009-06-05 03:17:28 ----D---- C:\Program Files\Common Files\System
2009-06-04 21:51:43 ----HD---- C:\ProgramData
2009-06-04 17:38:52 ----D---- C:\Program Files\Avanquest update
2009-06-01 17:51:12 ----A---- C:\Windows\system32\mrt.exe
2009-05-29 16:38:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-05-25 20:52:03 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-24 12:48:05 ----D---- C:\Users\Liam\AppData\Roaming\Mozilla
2009-05-14 03:01:46 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NIS\1005000.087\BHDrvx86.sys [2009-03-12 258608]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NIS\1005000.087\ccHPx86.sys [2009-03-24 482352]
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-04-04 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090715.003\IDSvix86.sys [2009-07-11 293424]
R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1005000.087\SRTSP.SYS [2009-03-12 307760]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); \??\C:\Windows\system32\drivers\NIS\1005000.087\SRTSPX.SYS [2009-03-12 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-03-12 25136]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1005000.087\SYMTDI.SYS [2009-03-12 217392]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 tmcomm;tmcomm; \??\C:\Windows\system32\drivers\tmcomm.sys [2007-08-01 102664]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ARCSOFTVIRTUALCAPTURE;Magic-i Virtual Driver; C:\Windows\system32\DRIVERS\ArcSoftVirtualCapture.sys [2006-12-07 17024]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 182272]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-04 101936]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.020\NAVENG.SYS [2009-07-13 87888]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090718.020\NAVEX15.SYS [2009-07-13 875728]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-01-16 1032104]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-15 12032]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-03-24 124464]
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1005000.087\SYMFW.SYS [2009-03-12 89776]
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1005000.087\SYMNDISV.SYS [2009-03-12 39984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S2 sbbotdi;sbbotdi; \??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys []
S3 apgfh7bv;apgfh7bv; C:\Windows\system32\drivers\apgfh7bv.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-05-16 1207288]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-05-16 1207288]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 GT680x;GrandTechICNameNT; C:\Windows\System32\Drivers\gt680x.sys [2001-11-08 18120]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-02-22 159232]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 MotDev;Motorola Inc. USB Device; C:\Windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 PAC7302;PLEOMAX PWC-2100 Pleo Chat Cam; C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-09-10 457984]
S3 QCMerced;Logitech QuickCam Express; C:\Windows\system32\DRIVERS\LVCM.sys [2002-09-20 472396]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\Windows\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\Windows\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\Windows\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\Windows\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\NIS\1002000.007\SYMDNS.SYS []
S3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-05-29 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 XDva207;XDva207; \??\C:\Windows\system32\XDva207.sys []
S3 XDva208;XDva208; \??\C:\Windows\system32\XDva208.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-04-23 3068352]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-15 61440]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 MgiSvr;MgiSvr; C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe [2006-11-13 76544]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [2009-03-12 115560]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-04-25 66872]
R2 VideoAcceleratorService;VideoAcceleratorService; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-10-18 292472]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-02-22 72704]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-09 316664]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
 
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-19 17:31:07
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT 87753CE8 ZwAlertResumeThread
SSDT 876CF068 ZwAlertThread
SSDT 877A2B70 ZwAllocateVirtualMemory
SSDT 875BE630 ZwAlpcConnectPort
SSDT 92570410 ZwAssignProcessToJobObject
SSDT 9257BAC0 ZwCreateMutant
SSDT 92583A00 ZwCreateSymbolicLinkObject
SSDT 8778FC80 ZwCreateThread
SSDT 9256F7E0 ZwDebugActiveProcess
SSDT 87DFF590 ZwDuplicateObject
SSDT 92572B90 ZwFreeVirtualMemory
SSDT 877A08B0 ZwImpersonateAnonymousToken
SSDT 877A0A58 ZwImpersonateThread
SSDT 875BE5B8 ZwLoadDriver
SSDT 925746D8 ZwMapViewOfSection
SSDT 92571E00 ZwOpenEvent
SSDT 923FD330 ZwOpenProcess
SSDT 8729B1C8 ZwOpenProcessToken
SSDT 925741F0 ZwOpenSection
SSDT 877548D0 ZwOpenThread
SSDT 92576538 ZwProtectVirtualMemory
SSDT 87808A30 ZwResumeThread
SSDT 876AA898 ZwSetContextThread
SSDT 92576A70 ZwSetInformationProcess
SSDT 92574BE0 ZwSetSystemInformation
SSDT 92572E00 ZwSuspendProcess
SSDT 87761110 ZwSuspendThread
SSDT 924805A0 ZwTerminateProcess
SSDT 92280DA0 ZwTerminateThread
SSDT 923FCC40 ZwUnmapViewOfSection
SSDT 92573F00 ZwWriteVirtualMemory
SSDT 92582F08 ZwCreateThreadEx

INT 0x51 ? 84818BF8
INT 0x52 ? 8637CC98
INT 0x82 ? 84817BF8
INT 0x92 ? 84818BF8
INT 0x93 ? 8637CC98

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 824FE914 8 Bytes CALL EAD75E55
.text ntkrnlpa.exe!KeSetTimerEx + 364 824FE928 4 Bytes [70, 2B, 7A, 87] {JO 0x2d; JP 0xffffffffffffff8b}
.text ntkrnlpa.exe!KeSetTimerEx + 370 824FE934 4 Bytes [30, E6, 5B, 87]
.text ntkrnlpa.exe!KeSetTimerEx + 3C4 824FE988 4 Bytes [10, 04, 57, 92] {ADC [EDI+EDX*2], AL; XCHG EDX, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 428 824FE9EC 4 Bytes [C0, BA, 57, 92]
.text ...
? System32\Drivers\spmi.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8837346F 3 Bytes JMP 8637C278
.text USBPORT.SYS!DllUnload + 4 88373473 1 Byte [FE]
.text apgfh7bv.SYS 8D905000 22 Bytes [26, A2, 41, 82, 10, A1, 41, ...]
.text apgfh7bv.SYS 8D905017 159 Bytes [00, 32, 87, B0, 82, 3D, 85, ...]
.text apgfh7bv.SYS 8D9050B7 22 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text apgfh7bv.SYS 8D9050CE 80 Bytes [00, 00, 26, 00, 00, 00, E0, ...]
.text apgfh7bv.SYS 8D90511F 194 Bytes [7E, 38, 40, 39, 82, 3B, C4, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4264] kernel32.dll!GetConsoleScreenBufferInfoEx + EB 773F30BE 7 Bytes JMP 05EE0034
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!DialogBoxIndirectParamW 7773BD25 5 Bytes JMP 6E7D5BD3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!DialogBoxParamW 77751FD5 5 Bytes JMP 6E7D5B5D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!DialogBoxParamA 777780B2 5 Bytes JMP 6E7D5B98 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!DialogBoxIndirectParamA 777783DD 5 Bytes JMP 6E7D5C0E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!MessageBoxIndirectA 7778D471 5 Bytes JMP 6E7D5B19 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!MessageBoxIndirectW 7778D56B 5 Bytes JMP 6E7D5AD5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!MessageBoxExA 7778D5D1 5 Bytes JMP 6E7D5A9B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] USER32.dll!MessageBoxExW 7778D5F5 5 Bytes JMP 6E7D5A61 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] ole32.dll!CoGetClassObject 77806120 5 Bytes JMP 05EE013F
.text C:\Program Files\Internet Explorer\iexplore.exe[4264] ole32.dll!CoCreateInstanceEx 7781E1CB 5 Bytes JMP 05EE00B8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82A026D2] \SystemRoot\System32\Drivers\spmi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82A02040] \SystemRoot\System32\Drivers\spmi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82A027FC] \SystemRoot\System32\Drivers\spmi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82A020BE] \SystemRoot\System32\Drivers\spmi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82A0213C] \SystemRoot\System32\Drivers\spmi.sys
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortNotification] F73BFF33
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortWritePortUchar] B85F0B75
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortWritePortUlong] FFFFFFFE
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 08C25D5E
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 5D8B5300
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortGetScatterGatherList] 74DF3B0C
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortReadPortUchar] 01FB8311
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortStallExecution] 5F5B0C74
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortGetParentBusType] FFFFFEB8
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortRequestCallback] C25D5EFF
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7E390008
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortGetUnCachedExtension] C7077524
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortCompleteRequest] 31642446
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortMoveMemory] 7E398D91
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] C7077528
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 31902846
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 468B8D91
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortReadPortUshort] 244E8B2C
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7468016A
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortInitialize] 500000FA
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortGetDeviceBase] C73BD1FF
IAT \SystemRoot\System32\Drivers\apgfh7bv.SYS[ataport.SYS!AtaPortDeviceStateChange] 5F5B0C75
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82A11D92] \SystemRoot\System32\Drivers\spmi.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[940] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [019E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[940] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [019E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[940] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [019E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[940] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [019E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1164] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00992F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1164] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00992D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1164] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00992CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1164] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00992CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[1980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00302F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[1980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00302D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[1980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00302CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehtray.exe[1980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00302CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe[2244] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe[2244] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00392D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe[2244] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe[2244] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2448] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [018B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2448] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [018B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2448] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [018B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2448] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [018B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2460] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2460] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2460] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[2460] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00292F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00292D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00292CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2852] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00292CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00382F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00382D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00382CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2884] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00382CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[2992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[2992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00392D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[2992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe[2992] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hp\QuickPlay\QPService.exe[3020] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hp\QuickPlay\QPService.exe[3020] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hp\QuickPlay\QPService.exe[3020] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hp\QuickPlay\QPService.exe[3020] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3296] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00212F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3296] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00212D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3296] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00212CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3296] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00212CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [001C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [001C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [001C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\Dwm.exe[3392] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [001C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3428] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3484] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00822F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3484] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00822D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3484] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00822CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\taskeng.exe[3484] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00822CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74BC7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74C098C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74BCD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74BBF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74BC7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74BBE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74BFB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74BCD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74BC012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74BC0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74BB71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74C4D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74BE75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74BBDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74BB668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74BB66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74BC1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01792F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01792D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01792CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3512] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01792CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3564] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [000C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3564] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [000C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3564] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [000C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\System32\rundll32.exe[3564] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [000C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\PixArt\PAC7302\Monitor.exe[3688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\PixArt\PAC7302\Monitor.exe[3688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00392D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\PixArt\PAC7302\Monitor.exe[3688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\PixArt\PAC7302\Monitor.exe[3688] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4264] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4264] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4264] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4264] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4400] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00152F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4400] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00152D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4400] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00152CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\ehome\ehmsas.exe[4400] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00152CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5068] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5068] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5068] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5068] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Liam\Desktop\gmer.exe[5596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [002B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Liam\Desktop\gmer.exe[5596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [002B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Liam\Desktop\gmer.exe[5596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [002B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Liam\Desktop\gmer.exe[5596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [002B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 851B41F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 8481A1F8
Device \Driver\usbohci \Device\USBPDO-0 8642B1F8
Device \Driver\usbehci \Device\USBPDO-1 864061F8

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\PCI_PNP6434 \Device\00000062 spmi.sys
Device \Driver\nvstor32 \Device\00000070 851B31F8
Device \Driver\volmgr \Device\HarddiskVolume1 8481A1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8481A1F8
Device \Driver\cdrom \Device\CdRom0 86451500
Device \Driver\cdrom \Device\CdRom1 86451500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 851B21F8
Device \Driver\atapi \Device\Ide\IdePort0 851B21F8
Device \Driver\atapi \Device\Ide\IdePort1 851B21F8
Device \Driver\netbt \Device\NetBt_Wins_Export 872BB500
Device \Driver\Smb \Device\NetbiosSmb 875821F8
Device \Driver\nvstor32 \Device\RaidPort0 851B31F8

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\iScsiPrt \Device\RaidPort1 86540418

AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbohci \Device\USBFDO-0 8642B1F8
Device \Driver\usbehci \Device\USBFDO-1 864061F8
Device \Driver\sptd \Device\3679178441 spmi.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{5A34BD35-EAF0-4A6B-87AA-CE4FB6B47EB8} 872BB500
Device \Driver\apgfh7bv \Device\Scsi\apgfh7bv1Port4Path0Target0Lun0 8644D4E0
Device \Driver\apgfh7bv \Device\Scsi\apgfh7bv1 8644D4E0
Device \FileSystem\cdfs \Cdfs 849431F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x23 0x1A 0xD4 0x33 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x21 0x5B 0xE1 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x18 0xA9 0x7D 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x23 0x1A 0xD4 0x33 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x21 0x5B 0xE1 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x18 0xA9 0x7D 0xCB ...

---- EOF - GMER 1.0.15 ----
 
Step 1

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
C:\Windows\system32\ssdpsrv.exe
Click Submit/Send File

When the scan has finished, you can copy the URL from the browser address window and paste it in your reply.

If Virustotal is too busy please try Jotti


----------------------------------------------------------------------------------------
Step 2

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If requested, please reboot
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------------------------------------
Step 3


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Click to expand...

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
  • Virus Total results
  • MalwareBytes Log
  • Combofix Log
  • Contents of C:\RSIT\Info.txt
  • How are things running now ?
 
The item you requested to be scanned was no longer on my machine after the malwarebytes scan.


Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 6.0.6001 Service Pack 1

20/07/2009 12:14:31
mbam-log-2009-07-20 (12-14-31).txt

Scan type: Full Scan (C:\|)
Objects scanned: 323218
Time elapsed: 2 hour(s), 37 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 6
Registry Data Items Infected: 6
Folders Infected: 3
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\SSDPSRV (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.108,85.255.112.211 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5a34bd35-eaf0-4a6b-87aa-ce4fb6b47eb8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.108 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.108,85.255.112.211 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5a34bd35-eaf0-4a6b-87aa-ce4fb6b47eb8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.108 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.108,85.255.112.211 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5a34bd35-eaf0-4a6b-87aa-ce4fb6b47eb8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.108 -> Quarantined and deleted successfully.

Folders Infected:
C:\Users\Liam\AppData\Roaming\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\Users\Liam\AppData\Roaming\adwarealert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\Users\Liam\AppData\Roaming\adwarealert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Liam\AppData\Roaming\adwarealert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\Users\Liam\AppData\Roaming\adwarealert\Log\2008 Jul 29 - 11_57_28 AM_326.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
c:\Users\Liam\AppData\Roaming\adwarealert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\ssdpsrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Liam\Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Liam\Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Liam\Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Users\Liam\Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\Windows\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Windows\System32\MSIVXcount (Trojan.Agent) -> Quarantined and deleted successfully.
 
info.txt logfile of random's system information tool 1.06 2009-07-19 16:02:48

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
4oD-->MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Magic-i 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D94B11F6-EDA8-466D-9E0F-5D49DED06FA0}\Setup.exe" -l0x9
ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{244E21B9-164C-4EC1-AED8-9BD64161E66D}\Setup.exe" -l0x9
Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Boilsoft Video Joiner 5.32-->"C:\Program Files\Boilsoft Video Joiner\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.INF
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
DirectX Media Runtime 5.1-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\DXM51.INF,Uninstall.NT
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD2one V2.3.0-->C:\Program Files\DVD2one V2\uninst.exe
dvdSanta 4.50-->"C:\Program Files\dvdSanta\unins000.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner-->C:\Windows\system32\OnlineScannerUninstaller.exe
ESU for Microsoft Vista-->MsiExec.exe /I{68471BF2-F1F7-4C89-BBBA-400B94996596}
Frets On Fire-->"C:\Program Files\Frets on Fire\Uninstall.exe"
Gabbasoft Cube Demo-->MsiExec.exe /X{E6B4523B-A47C-4DBA-918C-D9E220B3F4EC}
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HouseCall 6.6-->"C:\Users\Liam\AppData\Roaming\HouseCall 6.6\uninstaller.exe"
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP DVD Play 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
HP Photosmart Essential 2.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Quick Launch Buttons 6.20 D3-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0041-->MsiExec.exe /I{AF0B98A9-F7E2-4FF5-88C7-7960EB91752B}
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
ieSpell-->"C:\Program Files\ieSpell\uninst.exe"
ijji - Gunz-->C:\Program Files\ijji\Gunz\Uninstall.exe
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Legacy USB Camera Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.51.2023\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"legacyqcam_10.51" /clone_wait /hide_progress
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Messenger Plus! Live-->"C:\Program Files\Windows Live\Messenger\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PUBLISHERR /dll OSETUP.DLL
Microsoft Office Publisher 2007-->MsiExec.exe /X{91120000-0019-0000-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Motorola Driver Installation 3.7.0-->MsiExec.exe /I{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 To Ringtone Gold 5.50-->"C:\Program Files\AnMing\unins000.exe"
MSCU for Microsoft Vista-->MsiExec.exe /I{F7F3B252-E772-48AA-93EB-7964BC326067}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{0BFC200F-C45D-4271-AF34-4CA969225DEB}\setup.exe -runfromtemp -l0x0009 -removeonly
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\16.5.0.135\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
Outspark Sharp Launcher-->MsiExec.exe /X{B5560986-7A6A-4CCA-A808-853D2CED3796}
Pacific Poker-->C:\PROGRA~1\PACIFI~1\UNWISE.EXE C:\PROGRA~1\PACIFI~1\INSTALL.LOG
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PFPortChecker 1.0.28-->C:\Program Files\PFPortChecker\uninst.exe
PLEOMAX PWC-2100 Pleo Chat Cam -->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{73C2BB36-ABE5-4E02-A043-E6C0F91A3E2C} /l1033
PSP Video 9 4.04-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
PunkBuster Services-->C:\Windows\system32\pbsvc[1].exe -u
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SmartClose 1.1-->"C:\Program Files\SmartClose\unins000.exe"
Sony Ericsson PC Suite 4.010.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x0009 -removeonly
SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe
SpeedBit Video Accelerator-->C:\PROGRA~1\SPEEDB~1\UNWISE.EXE C:\PROGRA~1\SPEEDB~1\INSTALL.LOG
Spotify-->"C:\Program Files\Spotify\uninstall.exe"
SSC Service Utility v4.30-->"C:\Program Files\SSC Service Utility\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TVUPlayer 2.3.4.1-->C:\Program Files\TVUPlayer\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0019-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Videora iPod classic Converter 4.06-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
WarRock-->C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yrefresher 1.00-->"C:\Program Files\YRefresher\unins000.exe"

======Security center information======

AS: Windows Defender
AS: AdwareAlert (disabled)

======System event log======

Computer Name: Liam-PC
Event Code: 10010
Message: The server {6295DF2D-35EE-11D1-8707-00C04FD93327} did not register with DCOM within the required timeout.
Record Number: 180291
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090718194549.000000-000
Event Type: Error
User:

Computer Name: Liam-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x1'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 180292
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090718194550.000000-000
Event Type: Warning
User:

Computer Name: Liam-PC
Event Code: 6008
Message: The previous system shutdown at 14:41:28 on 19/07/2009 was unexpected.
Record Number: 180330
Source Name: EventLog
Time Written: 20090719144408.000000-000
Event Type: Error
User:

Computer Name: Liam-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 180335
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090719144412.636311-000
Event Type: Error
User:

Computer Name: Liam-PC
Event Code: 4321
Message: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.2.3. The computer with the IP address 192.168.2.100 did not allow the name to be claimed by this computer.
Record Number: 180339
Source Name: netbt
Time Written: 20090719144436.253711-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Liam-PC
Event Code: 1000
Message: Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x3030302e, process id 0x3dc, application start time 0x01ca0282746aed14.
Record Number: 48012
Source Name: Application Error
Time Written: 20090711235113.000000-000
Event Type: Error
User:

Computer Name: Liam-PC
Event Code: 508
Message: Windows (2144) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 61636608 (0x0000000003ac8000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (12137 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 48034
Source Name: ESENT
Time Written: 20090715185700.000000-000
Event Type: Warning
User:

Computer Name: Liam-PC
Event Code: 4007
Message: The Windows logon process has failed to disconnect the user session.
Record Number: 48212
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090718162236.000000-000
Event Type: Warning
User:

Computer Name: Liam-PC
Event Code: 508
Message: Windows (2096) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 61612032 (0x0000000003ac2000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (12185 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 48213
Source Name: ESENT
Time Written: 20090718194550.000000-000
Event Type: Warning
User:

Computer Name: Liam-PC
Event Code: 508
Message: wuaueng.dll (1184) SUS20ClientDataStore: A request to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log" at offset 104960 (0x0000000000019a00) for 512 (0x00000200) bytes succeeded, but took an abnormally long time (62002 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 48217
Source Name: ESENT
Time Written: 20090719130514.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: Liam-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 39324
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090719150243.572235-000
Event Type: Audit Failure
User:

Computer Name: Liam-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 39325
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090719150243.650234-000
Event Type: Audit Failure
User:

Computer Name: Liam-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 39326
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090719150243.728233-000
Event Type: Audit Failure
User:

Computer Name: Liam-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 39327
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090719150243.806232-000
Event Type: Audit Failure
User:

Computer Name: Liam-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 39328
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090719150243.884231-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6801
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"USERPART"=E:
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
 
ComboFix 09-07-19.04 - Liam 20/07/2009 12:45.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1982.1195 [GMT 1:00]
Running from: c:\users\Liam\Desktop\ComboFix.exe
SP: AdwareAlert *disabled* (Updated) {0C87582F-EF6F-462B-8409-4995FF854620}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-372054243-2330875446-1311136529-500
c:\$recycle.bin\S-1-5-21-3992053318-3343961037-2673301764-500
c:\users\Liam\Documents\msnmsgr.exe
c:\users\Liam\eula.txt
c:\windows\Installer\12b010ea.msp
c:\windows\system32\ammppg.dll
c:\windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 )))))))))))))))))))))))))))))))
.

2009-07-20 10:45 . 2009-07-13 08:00 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090719.024\NAVENG.SYS
2009-07-20 10:45 . 2009-07-13 08:00 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090719.024\NAVEX15.SYS
2009-07-20 10:45 . 2009-04-04 09:04 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090719.024\EECTRL.SYS
2009-07-20 10:45 . 2009-04-04 09:04 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090719.024\ECMSVR32.DLL
2009-07-20 10:45 . 2009-04-04 09:04 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090719.024\CCERASER.DLL
2009-07-20 10:45 . 2009-04-04 09:04 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090719.024\NAVENG32.DLL
2009-07-20 10:45 . 2009-04-04 09:04 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090719.024\NAVEX32A.DLL
2009-07-20 10:45 . 2009-04-04 09:04 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090719.024\ERASER.SYS
2009-07-19 21:58 . 2009-07-19 21:58 -------- d-----w- c:\users\Liam\AppData\Roaming\Malwarebytes
2009-07-19 21:58 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 21:58 . 2009-07-19 21:58 -------- d-----w- c:\programdata\Malwarebytes
2009-07-19 21:58 . 2009-07-19 21:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 21:58 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-19 15:01 . 2009-07-19 15:02 -------- d-----w- C:\rsit
2009-07-17 18:22 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSXpx86.sys
2009-07-17 18:22 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSvix86.sys
2009-07-17 18:22 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\Scxpx86.dll
2009-07-17 18:22 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSxpx86.dll
2009-07-17 18:22 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSviA64.sys
2009-07-16 19:57 . 2009-07-16 19:57 -------- d-----w- c:\program files\iPod
2009-07-16 19:57 . 2009-07-16 19:57 -------- d-----w- c:\program files\iTunes
2009-07-16 19:52 . 2009-07-16 19:52 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-16 13:49 . 2009-07-16 13:49 -------- d-----w- c:\program files\Trend Micro
2009-07-15 21:59 . 2009-07-15 21:59 -------- d-----w- c:\program files\PFPortChecker
2009-07-15 10:38 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSXpx86.sys
2009-07-15 10:38 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSvix86.sys
2009-07-15 10:38 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\Scxpx86.dll
2009-07-15 10:38 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSxpx86.dll
2009-07-15 10:38 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSviA64.sys
2009-07-14 22:49 . 2009-07-14 22:49 -------- d-----w- c:\program files\ERUNT
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-02 22:32 . 2009-07-02 22:34 -------- d-----w- c:\users\Liam\AppData\Roaming\fretsonfire
2009-07-02 22:32 . 2009-07-02 22:32 -------- d-----w- c:\program files\Frets on Fire
2009-06-21 16:58 . 2009-06-24 13:04 -------- d-----w- C:\dvdsanta
2009-06-21 16:49 . 2009-06-21 16:57 -------- d-----w- c:\users\Liam\AppData\Roaming\ImgBurn
2009-06-21 14:06 . 2009-06-21 14:07 -------- d-----w- c:\program files\ImgBurn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 11:55 . 2008-01-28 18:39 -------- d-----w- c:\programdata\Kontiki
2009-07-20 11:19 . 2009-06-04 20:51 142112 ----a-w- c:\programdata\nvModes.dat
2009-07-20 11:18 . 2008-10-18 20:20 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-07-20 11:14 . 2008-11-03 14:40 -------- d-----w- c:\program files\Applications
2009-07-19 14:57 . 2008-07-04 18:31 -------- d-----w- c:\program files\BitTorrent
2009-07-18 12:35 . 2009-02-09 19:55 1 ----a-w- c:\users\Liam\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-18 12:13 . 2007-12-25 18:15 -------- d-----w- c:\program files\Steam
2009-07-18 12:01 . 2007-12-25 18:15 -------- d-----w- c:\program files\Common Files\Steam
2009-07-16 19:57 . 2008-05-06 18:26 -------- d-----w- c:\program files\Common Files\Apple
2009-07-15 19:04 . 2009-04-16 14:28 -------- d-----w- c:\users\Liam\AppData\Roaming\Spotify
2009-07-11 21:58 . 2008-01-01 23:20 -------- d-----w- c:\users\Liam\AppData\Roaming\BitTorrent
2009-06-30 22:46 . 2008-12-08 22:01 -------- d-----w- c:\users\Liam\AppData\Roaming\LimeWire
2009-06-24 13:04 . 2008-12-08 18:41 -------- d-----w- c:\program files\dvdSanta
2009-06-18 10:26 . 2007-12-25 07:53 131528 ----a-w- c:\users\Liam\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-14 09:50 . 2007-11-01 13:08 -------- d-----w- c:\programdata\Microsoft Help
2009-06-11 21:52 . 2009-06-11 21:52 1915520 ----a-w- c:\users\Liam\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-10 02:15 . 2007-11-01 13:06 -------- d-----w- c:\program files\Microsoft Works
2009-06-09 17:47 . 2009-06-09 17:47 -------- d-----w- c:\program files\Broadcom
2009-06-09 17:28 . 2008-03-11 16:40 10134 ----a-r- c:\users\Liam\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-06-05 08:02 . 2008-03-10 16:46 -------- d-----w- c:\programdata\NVIDIA
2009-06-04 18:21 . 2007-12-25 10:50 142112 ----a-w- c:\users\Liam\AppData\Roaming\nvModes.dat
2009-06-04 16:38 . 2008-01-14 21:04 -------- d-----w- c:\program files\Avanquest update
2009-06-02 20:58 . 2009-06-02 20:57 -------- d-----w- c:\program files\QuickTime
2009-05-29 15:40 . 2009-05-29 15:40 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-29 15:38 . 2008-04-14 16:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-29 15:38 . 2009-05-29 15:38 -------- d-----w- c:\program files\OpenAL
2009-05-29 15:38 . 2009-05-29 15:38 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-29 15:38 . 2009-05-29 15:38 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-29 12:36 . 2009-05-29 12:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 12:36 . 2009-05-29 12:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-25 19:52 . 2009-05-25 19:52 -------- d-----w- c:\programdata\Sony Ericsson
2009-05-25 19:52 . 2009-05-25 19:52 -------- d-----w- c:\program files\Sony Ericsson
2009-05-25 19:52 . 2007-11-01 12:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-30 12:37 . 2009-06-13 19:49 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-13 19:49 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-24 18:10 . 2009-04-17 10:56 34 ----a-w- c:\users\Liam\jagex_runescape_preferences.dat
2009-04-24 16:05 . 2009-06-09 20:44 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-09 20:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-09 20:44 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-09 20:45 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-09 20:45 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-14 19:47 . 2009-05-24 11:46 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Liam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2F9854F3-AC38-4486-AE5C-E87A73EA7415}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3678B8CA-D23D-4F12-8A9D-9F5B84014CDB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CCA5CED6-67CF-47B1-ADB1-FB73210513FC}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{A93F5935-1EF5-4F1C-BACF-6EE8E5A5CD76}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{CC91A3FA-74C1-4F59-926D-72E812045EF4}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{B971F4C6-5BEB-404D-A79D-AF78A842CD83}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{B8DA921D-E1CB-40A9-A549-FFCC3A0A768C}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{6CE74DFF-4DC1-4999-8155-87C6EB77ED03}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{01A55B4E-7193-471A-8CD5-FA83CB343826}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{0009A439-7B0C-4D67-9471-7BF1DFB6B3C6}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{460D55FE-BF87-41B1-AEEE-68695FADDE16}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0E6030B2-45FB-46D4-91FE-CDB9555E59C6}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6F6A0710-0A41-4A05-A285-C8B60A7CA368}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{92E805AA-A9D9-40E1-940C-C8B446E5BEC7}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{DF7F33BC-3F59-44AB-8EDF-80453A39BDBF}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{DBAE5092-94E6-47F1-9119-3A66B996EB85}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A1837AA8-D4F6-4122-9D76-56FAA7DF3591}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D89ECC13-9D1F-4BD6-ACB4-1F06CB85914F}"= UDP:c:\program files\WarRock\WRLauncher.exe:War Rock
"{0E424058-9EDB-4466-B534-5271F41B2B55}"= TCP:c:\program files\WarRock\WRLauncher.exe:War Rock
"{BC54951D-9808-495B-A6F5-7771BA75F84D}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo
"{D2A148E4-07EE-420C-96CC-C9678D0D90ED}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo
"TCP Query User{111C1AB7-E027-40A4-BF1C-66FAB6C1C9EE}c:\\program files\\warrock\\system\\warrock.exe"= UDP:c:\program files\warrock\system\warrock.exe:WarRock
"UDP Query User{669747FB-67ED-47E3-B233-7B23F7ED24EC}c:\\program files\\warrock\\system\\warrock.exe"= TCP:c:\program files\warrock\system\warrock.exe:WarRock
"{2C495F18-67A6-4C26-8D12-223DBD6AF326}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{225135D3-5018-4970-9B9F-17128305B0C3}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{DB7E5DCE-0816-4B04-8E6D-942A304972F9}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorService
"{E6167A23-54B3-4103-9E6B-6B95B09F73F1}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorService
"{BE92A758-4D3A-44F2-B538-2267EB7F424E}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{318C4DBD-1F0C-4002-B642-96E99D79A887}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{7CD14C86-47D5-45D6-B171-17F3CEEFD37D}"= UDP:c:\program files\WarRock\WRUpdater.exe:WRUpdater
"{DA700DF3-B65D-44C5-B281-3BF637692A96}"= TCP:c:\program files\WarRock\WRUpdater.exe:WRUpdater
"{C54F5CCB-CA4D-4F6E-9DD1-E8684D2ADC3F}"= UDP:5340:warrock1
"{A9EF007B-2403-40AF-B5C1-13AA261F92C0}"= UDP:5350:warrock2
"{538359DD-3E0A-4DF8-AA87-2751ED2EF9B0}"= TCP:5340:warrock1-
"{08541AD8-ED52-48C8-9176-1D35E26EA28B}"= TCP:5350:warrock2-
"{EC9BFDD3-88B6-426B-AA96-3719D0807223}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{3958148B-4CC2-4AEF-94F9-32205EAC2712}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{98AD21F9-523D-482E-BFD5-6ACA750F5E2E}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader>
"UDP Query User{6A1AED19-77BE-44B7-A8B4-92ECBE534771}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader>
"TCP Query User{3BCDA863-BDC0-411B-A567-3AC9E8934917}c:\\program files\\ijji\\gunz\\gunz.exe"= UDP:c:\program files\ijji\gunz\gunz.exe:Gunz
"UDP Query User{10E65A74-22BD-4795-87C2-F4B4BDEFEFCF}c:\\program files\\ijji\\gunz\\gunz.exe"= TCP:c:\program files\ijji\gunz\gunz.exe:Gunz
"TCP Query User{11238811-1357-4351-9841-32F47A46BF83}c:\\program files\\steam\\steamapps\\boom_headshot92\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\boom_headshot92\counter-strike source\hl2.exe:hl2
"UDP Query User{FA6553BC-615F-41FA-85F0-60D6CB3C6BB7}c:\\program files\\steam\\steamapps\\boom_headshot92\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\boom_headshot92\counter-strike source\hl2.exe:hl2
"TCP Query User{5690BF13-1631-4704-ACBA-990CF0B82211}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{2A0BEABB-0427-47F4-A1C5-2418E77F0DDA}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{FEAC0024-48C2-42D1-B5FB-FCBDAF8B2754}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A4F1DA50-3489-452F-8753-84D1C8714A55}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{88EADD12-4ED1-4E1E-96EB-CF6CD1D35DF5}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{3C2FA847-4030-478A-B57B-43FB596CFBEE}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{28F5AFBF-7CA7-46EA-9630-E0C6356FFB7F}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{EB303942-F161-44B7-AB4D-EBEC4A53423C}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{5F432A92-3206-4A13-966B-FE45D601B2CB}c:\\program files\\kontiki\\khost.exe"= UDP:c:\program files\kontiki\khost.exe:Delivery Manager
"UDP Query User{56427B38-0ECA-4FA5-9400-7073972B91B0}c:\\program files\\kontiki\\khost.exe"= TCP:c:\program files\kontiki\khost.exe:Delivery Manager
"TCP Query User{965766B2-CC02-446D-8FEB-2C211DAF15F9}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{FE5A61D7-95E9-4C72-ABD8-48A145968E50}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{903FA4B5-8717-49EE-A947-B7E5038EF053}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{1E695FAB-33AA-4853-A5FE-0F5992C68482}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{3F435204-0C0A-4C86-897A-BED348706E24}"= UDP:c:\program files\Outspark\Blackshot\System\BlackShot.exe:BlackShot
"{D3CAC5B2-3FF1-4C2F-A580-C1A2526D072B}"= TCP:c:\program files\Outspark\Blackshot\System\BlackShot.exe:BlackShot
"{7F467080-7AE3-4AEF-9C1F-A9D10A34F30E}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{0CA2BFD6-9062-4099-97DD-5D894F967C00}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{B8245A3D-3115-448C-9C70-CEBC006C47E2}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9221FB9B-AC0A-46EA-B389-E17A8C3F6DDA}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F364E0D4-1637-4E85-B707-23962E28FA16}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B99D147D-ACF1-4718-966F-40AC5E3C8CC8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{20A3FAA0-6571-4075-9B1B-3A55FD28D00F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{A9477FF6-1F88-47AA-A793-4FED4D4B7BB2}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{058BA2B7-1A84-476C-B0DE-52452ED89294}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{68B1F231-7BF7-4F31-B594-EC99AB1FB6A5}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{7570F2E7-7D97-4C28-BF08-514646117380}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{32DDAAD6-E56C-420B-9E63-15CFA991762A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{87C4FDD4-1BBF-47BF-95C7-E7837FE04D7D}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{16630E4D-8A45-4BB0-94F0-7A8BEE5533C4}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{66BD5FED-547A-4B78-9138-BA26E03799A7}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{98E14509-25A2-44ED-B808-906783D23615}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"TCP Query User{EA3B91C1-741B-4186-A4C8-98E7E76CB3FE}c:\\program files\\kontiki\\khost.exe"= UDP:c:\program files\kontiki\khost.exe:Delivery Manager
"UDP Query User{8034258D-17BF-43BB-8EAE-6C96F5475F84}c:\\program files\\kontiki\\khost.exe"= TCP:c:\program files\kontiki\khost.exe:Delivery Manager
"{722BA519-F706-439F-835D-AD6449E74D42}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{66B0D315-0C4D-4DA2-8920-1640ED788825}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B59346AC-ADA9-4975-867B-1687B09670C8}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{A3CBC77E-40D1-46FF-8816-C50BF545A8F2}"= TCP:c:\program files\Spotify\spotify.exe:Spotify
"{B9D2DA88-9278-4E30-A8C3-88C533597028}"= UDP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{317CCB46-2E7C-4E6D-BF4A-C79B5B315786}"= TCP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{7F53FD7B-1336-4AB1-8093-B2FF9D8502FE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D3312698-DAF5-49A0-8A53-67F8FCADEAD7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{07FF5332-54CB-4830-9F3C-761E63C79501}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{4F368DEC-85B7-4430-8347-C99FF5317029}"= TCP:c:\program files\Spotify\spotify.exe:Spotify
"{5DBA1D18-0C5D-4AC9-AC76-E8B88F2E4997}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{482208A3-AFEE-4858-AF50-D6E9D743DA18}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Nexon\\Combat Arms\\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000.087\SymEFA.sys [24/03/2009 22:03 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys [24/03/2009 22:03 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.087\cchpx86.sys [24/03/2009 22:02 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSvix86.sys [17/07/2009 19:22 293424]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [24/03/2009 22:02 115560]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/04/2009 15:42 101936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087\symndisv.sys [24/03/2009 22:03 39984]
S3 MotDev;Motorola Inc. USB Device;c:\windows\System32\drivers\motodrv.sys [10/10/2007 18:41 42112]
S3 PAC7302;PLEOMAX PWC-2100 Pleo Chat Cam;c:\windows\System32\drivers\PAC7302.SYS [10/09/2007 09:50 457984]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ICSDCLT - c:\windows\rundll32.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = localhost
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
FF - ProfilePath - c:\users\Liam\AppData\Roaming\Mozilla\Firefox\Profiles\p9wrxmke.default\
FF - prefs.js: browser.startup.homepage - www.soccermanager.com
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 12:54
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-20 13:00
ComboFix-quarantined-files.txt 2009-07-20 12:00

Pre-Run: 7,095,271,424 bytes free
Post-Run: 6,643,359,744 bytes free

338 --- E O F --- 2009-06-14 09:51




At the moment, the problem seems to have been fixed.
 
Information
The item you requested to be scanned was no longer on my machine after the malwarebytes scan.
Click to expand...
That's why I asked you to do it in Step 1 before the MalwareBytes scan in Step 2

"EnableLUA"= 0 (0x0)
Click to expand...
You appear to have disabled UAC, I strongly recommend that you re-enable it as soon as possible.

Please can you give me details of Spotify, it appears to be some form of P2P program.


----------------------------------------------------------------------------------------
Step 1

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
  • Kaspersky log
  • Info on Spotify
 
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 22, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, July 22, 2009 12:46:06
Records in database: 2513408
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 212137
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 05:08:50

No malware has been detected. The scan area is clean.

The selected area was scanned.



Spotify is a legal program that enables people to listened to streamed music which is put on the program by the company. Although it is P2P, it is a legal program and does not involve the downloading of anything else other than the program, no music files are downloaded.
 
wickedliam said:
Spotify is a legal program that enables people to listened to streamed music which is put on the program by the company. Although it is P2P, it is a legal program and does not involve the downloading of anything else other than the program, no music files are downloaded.
Click to expand...

Thanks for that info.


----------------------------------------------------------------------------------------
Step 1

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
Folder::
c:\Program Files\BitTorrent
c:\users\Liam\AppData\Roaming\BitTorrent
c:\users\Liam\AppData\Roaming\LimeWire
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CC91A3FA-74C1-4F59-926D-72E812045EF4}"=-
"{B971F4C6-5BEB-404D-A79D-AF78A842CD83}"=-
"{B8DA921D-E1CB-40A9-A549-FFCC3A0A768C}"=-
"{6CE74DFF-4DC1-4999-8155-87C6EB77ED03}"=-
"{EC9BFDD3-88B6-426B-AA96-3719D0807223}"=-
"{3958148B-4CC2-4AEF-94F9-32205EAC2712}"=-
"{7F467080-7AE3-4AEF-9C1F-A9D10A34F30E}"=-
"{0CA2BFD6-9062-4099-97DD-5D894F967C00}"=-
"{20A3FAA0-6571-4075-9B1B-3A55FD28D00F}"=-
"{A9477FF6-1F88-47AA-A793-4FED4D4B7BB2}"=-
"TCP Query User{87C4FDD4-1BBF-47BF-95C7-E7837FE04D7D}c:\\program files\\limewire\\limewire.exe"=-
"UDP Query User{16630E4D-8A45-4BB0-94F0-7A8BEE5533C4}c:\\program files\\limewire\\limewire.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
ADS::
  • Save this as CFScript.txt and place it on your desktop.


    CFScriptb.gif


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
  • Combofix Log
  • How are things running now ?



---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
Additional Notes



Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please download Java SE Runtime Environment (JRE) . ( don't install it yet )
  • Scroll down to where it says "Java SE Runtime Environment (JRE)".
  • Click the "Download" button to the right.
    • Platform = Windows
    • Language = Multi Language
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Now download JavaRa and unzip it to your desktop.

***Please close any instances of Internet Explorer (or other web browser) before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.

Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)

You can delete JavaRa (zip and exe)

Remove Programs

Older versions of some programs have vulnerabilities that malware can use to infect your system.

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) .
If any of the following programs are still listed there, click on the program to highlight it, and click on remove.
  • Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Reader 8.1.2

    Java(TM) 6 Update 11
    Java(TM) 6 Update 7
Now close the Control Panel.
 
Yeh I just realised that I'd made the most epic fail not noticing the second page :D was about to go to the waiting room thread and say that I'd just realised :D My mistake :)
 
ComboFix 09-07-19.04 - Liam 26/07/2009 18:59.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1982.1220 [GMT 1:00]
Running from: c:\users\Liam\Desktop\ComboFix.exe
Command switches used :: c:\users\Liam\Desktop\CFScript.txt
SP: AdwareAlert *disabled* (Updated) {0C87582F-EF6F-462B-8409-4995FF854620}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BitTorrent
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\users\Liam\AppData\Roaming\BitTorrent
c:\users\Liam\AppData\Roaming\BitTorrent\02-Crack The Skye.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\2009 - Common Dreads.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\9.0 Live.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Act A Fool.mp3.1.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Act A Fool.mp3.2.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Act A Fool.mp3.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Adrenalin_2_2009.TS.ELEKTRI4KA.avi.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\alfie boe - onward.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\American Pie 1.2.3.4.5.6[1999-2007]XviD.NeRoZ.1.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\American Pie 1.2.3.4.5.6[1999-2007]XviD.NeRoZ.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Arctic Monkeys - Favourite Worst Nightmare 2007 (full album).torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Atreyu-Lead_Sails_Paper_Anchor-2007-C4.1.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Atreyu-Lead_Sails_Paper_Anchor-2007-C4.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Avenged Sevenfold Discography [MP3-320] [h33t] [Louder Than Love].torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Avenged Sevenfold Live in the LBC.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\bittorrent.lng
c:\users\Liam\AppData\Roaming\BitTorrent\Boat Trip Unrated 2002 DvDrip[Eng]-greenbud1969.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Bring Me The Horizon - Suicide Season.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Bullet For My Valentine - Hearts Burst Into Fire (2008) [Mp3][www.zonatorrent.com].torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Call of duty 4 [PC-DVD] [English] [www.topetorrent.com].iso.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Cancer Bats - Hail Destroyer.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Coheed And Cambria.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\DevilDriver - Pray For Villains (2009).torrent
c:\users\Liam\AppData\Roaming\BitTorrent\DevilDriver.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\dht.dat
c:\users\Liam\AppData\Roaming\BitTorrent\dht.dat.old
c:\users\Liam\AppData\Roaming\BitTorrent\Dream Theater Discography.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Duffy - Rockferry [2008][CD+2 SkidVid_XviD+Cov]192Kbps.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\DvD Santa 5.8.4 Full + Crack.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Dvd Santa v 4.5 Blackcat.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\DVDSanta v4.50 Cracked.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\DvdSanta_4.5.rar.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Family Guy - Season 5.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Family Guy - Season 7.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Family Guy Season 4 - Complete.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Family Guy Season 6.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Family Guy Seasons 1-7.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Family.Guy.S07E01.PDTV.XviD-ETACH.avi.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Family.Guy.S07E02.READNFO.PDTV.XviD-SYS.avi.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Family.Guy.S07E03.PDTV.XviD-LOL.avi.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Family.Guy.S07E04.PDTV.XviD-2HD.avi.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Family.Guy.S07E05.PDTV.XviD-LOL.avi.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Family.Guy.S07E06.PDTV.XviD-LOL.avi.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Family.Guy.S07E07.PDTV.XviD-LOL.avi.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Family.Guy.S07E08.PDTV.XviD-LOL.avi.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Family.Guy.S07E09.PDTV.XviD-LOL.avi.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Family.Guy.S07E10.PDTV.XviD-LOL.avi.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Family.Guy.S07E11.PDTV.XviD-LOL.avi.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Fear Factory.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Five Finger Death Punch.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Gojira Discography.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Guitar Hero World Tour Soundtrack 192kbs+.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Helter Skelter Vs Raindance Present Rave Nation The Anthems [3CD] [2007] [320kbps] (elmarko99).torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Helter Skelter Vs Raindance Rave Nation 3cd's (widgetzone.co.uk).torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Heroes - Season 1 - DVD-rip.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Heroes Season 1 Complete-Xvid-MFG.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\inbetweeners.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Indestructible.1.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Indestructible.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Invaders_Must_Die.mp3.1.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Invaders_Must_Die.mp3.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Jack Johnson.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Jack_Johnson-Sleep_Through_The_Static-(Deluxe_Edition)-2CD-2008-EON.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Kings Of Leon - Only By The Night[2008][MP3@320kbps]-antecho.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Knowing.DVDRip.XviD-DiAMOND.1.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Knowing.DVDRip.XviD-DiAMOND.2.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Knowing.DVDRip.XviD-DiAMOND.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\KoRn.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Lamb Of God-Wrath.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Lamb_of_God-New_American_Gospel-(Reissue)-2006-BUTT.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Lil Jon Ft. Three 6 Mafia- Act A Fool.mp3.1.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Lil Jon Ft. Three 6 Mafia- Act A Fool.mp3.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Linkin Park - Minutes To Midnight [2007][CD+SkidVid+Cov].torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Machine Head - The Blackening.1.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Machine Head - The Blackening.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Machine Head - Through the Ashes of Empires [2003] - Zz.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Machine Head.1.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Machine Head.2.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Machine Head.3.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Machine Head.4.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Machine Head.5.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Machine Head.6.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Machine Head.7.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Machine Head.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Mastodon.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Metallica - Discography 1983-2008 (19 Albums, 23 CDs).torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Meteora.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Mission Impossible 2.avi.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Mission Impossible III(2006)DVDrip(AC3-5.1)- keltz.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Mission Impossible(1996)DVDrip(AC3-5.1)- keltz.1.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Mission Impossible(1996)DVDrip(AC3-5.1)- keltz.2.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Mission Impossible(1996)DVDrip(AC3-5.1)- keltz.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Mission.Impossible.2.DVDRip.XviD-W.A.L.1.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Mission.Impossible.2.DVDRip.XviD-W.A.L.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Nightwish- Dark Passion Play.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Office 2007.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\OFFICE07_ENTERPRISE.iso.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Onward.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Pendulum-In_Silico-2008-DV8.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Portable Microsoft Office 2007 Enterprise.exe.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Quarantine.2008.DvDRip-FxM.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Queen discography (MP3@320Kbps).1.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Queen discography (MP3@320Kbps).torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Queen.Sheer Heart Attack.1974.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\resume.dat
c:\users\Liam\AppData\Roaming\BitTorrent\resume.dat.old
c:\users\Liam\AppData\Roaming\BitTorrent\roadrunner united-the concert.avi.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\rss.dat
c:\users\Liam\AppData\Roaming\BitTorrent\rss.dat.old
c:\users\Liam\AppData\Roaming\BitTorrent\Saw.5[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\settings.dat
c:\users\Liam\AppData\Roaming\BitTorrent\settings.dat.old
c:\users\Liam\AppData\Roaming\BitTorrent\Shooter[2007]DvDrip[Eng]-aXXo.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Slipknot-Vol_3-(The_Subliminal_Verses)-2004-RNS.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\SLIPKNOT - DISCOGRAPHY [CHANNEL NEO].1.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\SLIPKNOT - DISCOGRAPHY [CHANNEL NEO].torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Slipknot - Vol 3 (The Subliminal Verses) - 2004.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Slipknot.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Sniper [1993]DVDRip[Xvid AC3[2ch]-RoCK&BlueLadyRG..avi.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Sniper.DVDRip.Xvid.1993-tots.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Static-X - discography (6 studio albums).torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Stone Sour - 2002 - Stone Sour.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Stone_Sour-Come_What(Ever)_May-(Special_Edition)-2007-uF.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Sylosis - Conclusion of an Age (2008).torrent
c:\users\Liam\AppData\Roaming\BitTorrent\The All Star Sessions.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\The Hoosiers - The Trick To Life.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\The Script - We Cry.mp3.1.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\The Script - We Cry.mp3.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\The Sniper[2009]DVDrip[Zho]+Eng hardsub -alwaysontop.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\The.Script.The Script.2008.320kbps.mp3.nikita.rar.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Transformers[2007]DvDrip[Eng]-aXXo.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Transporter.3[2008]DvDrip-aXXo.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Trivium - Shogun [Special Edition (2008)].torrent
c:\users\Liam\AppData\Roaming\BitTorrent\U2 - Discography [VBR-Extreme] {iMog}.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\VA - Ministry Of Sound Anthems (1991-2008) [Mp3][www.zonatorrent.com].rar.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\VA.-.Ministry.Of.Sound.Saturday.Night.Club.Classics.3CDs.(2009).Dance.LanzamientosMp3.es.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Valkyrie[2008]DvDrip[Eng]-FXG.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Vol 3 (The Subliminal Verses).torrent
c:\users\Liam\AppData\Roaming\BitTorrent\Vol. 3- The Subliminal Verses.torrent
c:\users\Liam\AppData\Roaming\BitTorrent\xXx State of the Union [2005]DVDRip[Xvid AC3[5.1]-RoCK&BlueLadyRG.avi.torrent
c:\users\Liam\AppData\Roaming\LimeWire
c:\users\Liam\AppData\Roaming\LimeWire\bugs.data
c:\users\Liam\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\Liam\AppData\Roaming\LimeWire\createtimes.cache
c:\users\Liam\AppData\Roaming\LimeWire\downloads.dat
c:\users\Liam\AppData\Roaming\LimeWire\fileurns.bak
c:\users\Liam\AppData\Roaming\LimeWire\fileurns.cache
c:\users\Liam\AppData\Roaming\LimeWire\filters.props
c:\users\Liam\AppData\Roaming\LimeWire\gnutella.net
c:\users\Liam\AppData\Roaming\LimeWire\installation.props
c:\users\Liam\AppData\Roaming\LimeWire\library.dat
c:\users\Liam\AppData\Roaming\LimeWire\limewire.props
c:\users\Liam\AppData\Roaming\LimeWire\mojito.props
c:\users\Liam\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\Liam\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\Liam\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\Liam\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\Liam\AppData\Roaming\LimeWire\questions.props
c:\users\Liam\AppData\Roaming\LimeWire\responses.cache
c:\users\Liam\AppData\Roaming\LimeWire\simpp.xml
c:\users\Liam\AppData\Roaming\LimeWire\spam.dat
c:\users\Liam\AppData\Roaming\LimeWire\tables.props
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme.lwtp
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\01_star.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\02_star.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\03_star.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\04_star.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\05_star.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\chat.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\forward_dn.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\forward_up.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\kill.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\kill_on.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\pause_dn.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\pause_up.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\play_dn.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\play_up.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\question.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\rewind_dn.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\rewind_up.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\stop_dn.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\stop_up.gif
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\theme.txt
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\version.txt
c:\users\Liam\AppData\Roaming\LimeWire\themes\windows_theme\warning.gif
c:\users\Liam\AppData\Roaming\LimeWire\ttrees.cache
c:\users\Liam\AppData\Roaming\LimeWire\ttroot.cache
c:\users\Liam\AppData\Roaming\LimeWire\version.xml
c:\users\Liam\AppData\Roaming\LimeWire\versions.props
c:\users\Liam\AppData\Roaming\LimeWire\xml\data\audio.sxml2

.
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-26 09:23 . 2009-07-13 08:00 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090725.020\NAVENG.SYS
2009-07-26 09:23 . 2009-07-13 08:00 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090725.020\NAVEX15.SYS
2009-07-26 09:23 . 2009-04-04 09:04 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090725.020\NAVENG32.DLL
2009-07-26 09:23 . 2009-04-04 09:04 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090725.020\NAVEX32A.DLL
2009-07-26 09:23 . 2009-04-04 09:04 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090725.020\EECTRL.SYS
2009-07-26 09:23 . 2009-04-04 09:04 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090725.020\ECMSVR32.DLL
2009-07-26 09:23 . 2009-04-04 09:04 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090725.020\CCERASER.DLL
2009-07-26 09:23 . 2009-04-04 09:04 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090725.020\ERASER.SYS
2009-07-24 22:22 . 2009-07-26 17:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-24 22:22 . 2009-07-24 22:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-21 14:05 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-21 14:05 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-21 14:05 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-21 14:05 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-19 21:58 . 2009-07-19 21:58 -------- d-----w- c:\users\Liam\AppData\Roaming\Malwarebytes
2009-07-19 21:58 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 21:58 . 2009-07-19 21:58 -------- d-----w- c:\programdata\Malwarebytes
2009-07-19 21:58 . 2009-07-19 21:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 21:58 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-19 15:01 . 2009-07-19 15:02 -------- d-----w- C:\rsit
2009-07-17 18:22 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSXpx86.sys
2009-07-17 18:22 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSvix86.sys
2009-07-17 18:22 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\Scxpx86.dll
2009-07-17 18:22 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSxpx86.dll
2009-07-17 18:22 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSviA64.sys
2009-07-16 19:57 . 2009-07-16 19:57 -------- d-----w- c:\program files\iPod
2009-07-16 19:57 . 2009-07-16 19:57 -------- d-----w- c:\program files\iTunes
2009-07-16 19:52 . 2009-07-16 19:52 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-16 13:49 . 2009-07-16 13:49 -------- d-----w- c:\program files\Trend Micro
2009-07-15 21:59 . 2009-07-15 21:59 -------- d-----w- c:\program files\PFPortChecker
2009-07-15 10:38 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSXpx86.sys
2009-07-15 10:38 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSvix86.sys
2009-07-15 10:38 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\Scxpx86.dll
2009-07-15 10:38 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSxpx86.dll
2009-07-15 10:38 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSviA64.sys
2009-07-14 22:49 . 2009-07-14 22:49 -------- d-----w- c:\program files\ERUNT
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-02 22:32 . 2009-07-02 22:34 -------- d-----w- c:\users\Liam\AppData\Roaming\fretsonfire
2009-07-02 22:32 . 2009-07-02 22:32 -------- d-----w- c:\program files\Frets on Fire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 18:11 . 2008-01-28 18:39 -------- d-----w- c:\programdata\Kontiki
2009-07-26 17:47 . 2009-06-04 20:51 142112 ----a-w- c:\programdata\nvModes.dat
2009-07-26 17:47 . 2008-10-18 20:20 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-07-26 01:56 . 2009-07-26 01:56 1317 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\tmpa39.tmp\cur.scr
2009-07-24 17:22 . 2008-03-09 20:19 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-22 02:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-22 02:07 . 2007-11-01 13:08 -------- d-----w- c:\programdata\Microsoft Help
2009-07-20 11:14 . 2008-11-03 14:40 -------- d-----w- c:\program files\Applications
2009-07-18 12:35 . 2009-02-09 19:55 1 ----a-w- c:\users\Liam\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-18 12:13 . 2007-12-25 18:15 -------- d-----w- c:\program files\Steam
2009-07-18 12:01 . 2007-12-25 18:15 -------- d-----w- c:\program files\Common Files\Steam
2009-07-16 19:57 . 2008-05-06 18:26 -------- d-----w- c:\program files\Common Files\Apple
2009-07-15 19:04 . 2009-04-16 14:28 -------- d-----w- c:\users\Liam\AppData\Roaming\Spotify
2009-06-24 13:04 . 2008-12-08 18:41 -------- d-----w- c:\program files\dvdSanta
2009-06-21 16:57 . 2009-06-21 16:49 -------- d-----w- c:\users\Liam\AppData\Roaming\ImgBurn
2009-06-21 14:07 . 2009-06-21 14:06 -------- d-----w- c:\program files\ImgBurn
2009-06-18 10:26 . 2007-12-25 07:53 131528 ----a-w- c:\users\Liam\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-11 21:52 . 2009-06-11 21:52 1915520 ----a-w- c:\users\Liam\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-10 02:15 . 2007-11-01 13:06 -------- d-----w- c:\program files\Microsoft Works
2009-06-09 17:47 . 2009-06-09 17:47 -------- d-----w- c:\program files\Broadcom
2009-06-09 17:28 . 2008-03-11 16:40 10134 ----a-r- c:\users\Liam\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-06-05 08:02 . 2008-03-10 16:46 -------- d-----w- c:\programdata\NVIDIA
2009-06-04 18:21 . 2007-12-25 10:50 142112 ----a-w- c:\users\Liam\AppData\Roaming\nvModes.dat
2009-06-04 16:38 . 2008-01-14 21:04 -------- d-----w- c:\program files\Avanquest update
2009-06-02 20:58 . 2009-06-02 20:57 -------- d-----w- c:\program files\QuickTime
2009-05-29 15:40 . 2009-05-29 15:40 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-29 15:38 . 2008-04-14 16:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-29 15:38 . 2009-05-29 15:38 -------- d-----w- c:\program files\OpenAL
2009-05-29 15:38 . 2009-05-29 15:38 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-29 15:38 . 2009-05-29 15:38 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-29 12:36 . 2009-05-29 12:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 12:36 . 2009-05-29 12:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-04-30 12:37 . 2009-06-13 19:49 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-13 19:49 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 19:47 . 2009-05-24 11:46 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-20_11.54.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-21 14:05 . 2009-06-15 14:58 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\lpk.dll
+ 2009-07-21 14:05 . 2009-06-15 14:58 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\fontsub.dll
+ 2009-07-21 14:05 . 2009-06-15 14:58 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\dciman32.dll
+ 2009-07-21 14:05 . 2009-06-15 12:45 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\atmlib.dll
+ 2009-07-21 14:05 . 2009-06-15 14:52 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\lpk.dll
+ 2009-07-21 14:05 . 2009-06-15 14:52 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\fontsub.dll
+ 2009-07-21 14:05 . 2009-06-15 14:51 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\dciman32.dll
+ 2009-07-21 14:05 . 2009-04-11 06:28 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\atmlib.dll
+ 2009-07-21 14:05 . 2009-06-15 15:22 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\lpk.dll
+ 2009-07-21 14:05 . 2009-06-15 15:20 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\fontsub.dll
+ 2009-07-21 14:05 . 2009-06-15 15:19 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\dciman32.dll
+ 2009-07-21 14:05 . 2009-06-15 15:19 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\atmlib.dll
+ 2008-06-05 16:53 . 2008-01-19 07:34 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\lpk.dll
+ 2009-07-21 14:05 . 2009-06-15 15:20 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\fontsub.dll
+ 2009-07-21 14:05 . 2009-06-15 15:20 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\dciman32.dll
+ 2006-11-02 08:38 . 2006-11-02 09:46 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\atmlib.dll
+ 2009-07-21 14:05 . 2009-06-15 15:04 24064 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\lpk.dll
+ 2009-07-21 14:05 . 2009-06-15 15:03 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\fontsub.dll
+ 2009-07-21 14:05 . 2009-06-15 15:02 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\dciman32.dll
+ 2009-07-21 14:05 . 2009-06-15 15:02 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\atmlib.dll
+ 2009-07-21 14:05 . 2009-06-15 15:23 24064 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\lpk.dll
+ 2009-07-21 14:05 . 2009-06-15 15:22 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\fontsub.dll
+ 2009-07-21 14:05 . 2009-06-15 15:21 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\dciman32.dll
+ 2009-07-21 14:05 . 2009-06-15 15:20 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\atmlib.dll
+ 2007-11-01 12:07 . 2009-07-26 17:49 66486 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-26 17:49 96788 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-25 07:45 . 2009-07-26 17:49 17144 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-372054243-2330875446-1311136529-1000_UserData.bin
- 2007-12-25 07:39 . 2009-07-20 11:21 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-25 07:39 . 2009-07-26 17:47 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-25 07:39 . 2009-07-26 17:47 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-25 07:39 . 2009-07-20 11:21 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-25 07:39 . 2009-07-26 17:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-12-25 07:39 . 2009-07-20 11:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-14 02:05 . 2009-06-14 09:49 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-05-14 02:05 . 2009-07-22 02:06 35088 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-05-14 02:05 . 2009-07-22 02:06 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-05-14 02:05 . 2009-06-14 09:49 18704 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-05-14 02:05 . 2009-07-22 02:06 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-05-14 02:05 . 2009-06-14 09:49 20240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-03 12:13 . 2009-06-10 02:17 35088 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-11-03 12:13 . 2009-07-22 02:07 35088 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-03 12:13 . 2009-06-10 02:17 18704 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-11-03 12:13 . 2009-07-22 02:07 18704 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-03 12:13 . 2009-06-10 02:17 20240 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-11-03 12:13 . 2009-07-22 02:07 20240 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-03-03 20:02 . 2009-06-14 09:50 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-03-03 20:02 . 2009-07-22 02:06 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-03-03 20:02 . 2009-06-14 09:50 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-03-03 20:02 . 2009-07-22 02:06 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-03-03 20:02 . 2009-06-14 09:50 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-03-03 20:02 . 2009-07-22 02:06 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-10-26 20:09 . 2006-10-26 20:09 48448 c:\windows\Installer\$PatchCache$\Managed\00002119030000000000000000F01FEC\12.0.4518\PUBTRAP.DLL
+ 2009-07-26 17:46 . 2009-07-26 17:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-20 11:18 . 2009-07-20 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-26 17:46 . 2009-07-26 17:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-20 11:18 . 2009-07-20 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-21 14:05 . 2009-06-15 12:45 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\atmfd.dll
+ 2009-07-21 14:05 . 2009-06-15 12:42 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\atmfd.dll
+ 2009-07-21 14:05 . 2009-06-15 12:56 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\atmfd.dll
+ 2009-07-21 14:05 . 2009-06-15 12:52 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\atmfd.dll
+ 2009-07-21 14:05 . 2009-06-15 12:53 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\atmfd.dll
+ 2009-07-21 14:05 . 2009-06-15 13:03 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\atmfd.dll
+ 2009-07-21 14:05 . 2009-06-15 15:00 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.22152_none_b7fc28a4355e72c9\t2embed.dll
+ 2009-07-21 14:05 . 2009-06-15 14:53 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.18051_none_b7718b8f1c41b9a8\t2embed.dll
+ 2009-07-21 14:05 . 2009-06-15 15:26 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.22450_none_b613b6283839eaf7\t2embed.dll
+ 2009-07-21 14:05 . 2009-06-15 15:24 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.18272_none_b57678331f2ab896\t2embed.dll
+ 2009-07-21 14:05 . 2009-06-15 15:09 156160 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.21067_none_b4297fd83b155d73\t2embed.dll
+ 2009-07-21 14:05 . 2009-06-15 15:29 156160 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.16870_none_b38e38f92205f4f7\t2embed.dll
+ 2008-06-05 21:42 . 2009-07-26 17:39 542440 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 12:47 . 2009-07-22 02:14 452472 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2009-06-21 19:27 452472 c:\windows\System32\FNTCACHE.DAT
- 2009-05-14 02:05 . 2009-06-14 09:49 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-05-14 02:05 . 2009-07-22 02:06 888080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-05-14 02:05 . 2009-07-22 02:06 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-05-14 02:05 . 2009-06-14 09:49 272648 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-05-14 02:05 . 2009-06-14 09:49 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-05-14 02:05 . 2009-07-22 02:06 922384 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-05-14 02:05 . 2009-06-14 09:49 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-05-14 02:05 . 2009-07-22 02:06 845584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-05-14 02:05 . 2009-06-14 09:49 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-05-14 02:05 . 2009-07-22 02:06 217864 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-05-14 02:05 . 2009-06-14 09:49 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-05-14 02:05 . 2009-07-22 02:06 184080 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-05-14 02:05 . 2009-07-22 02:06 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-05-14 02:05 . 2009-06-14 09:49 159504 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-11-03 12:13 . 2009-07-22 02:07 272648 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-03 12:13 . 2009-06-10 02:17 272648 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-03 12:13 . 2009-06-10 02:17 217864 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\misc.exe
+ 2008-11-03 12:13 . 2009-07-22 02:07 217864 c:\windows\Installer\{91120000-0019-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-03 20:02 . 2009-07-22 02:06 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-03-03 20:02 . 2009-06-14 09:50 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-03-03 20:02 . 2009-06-14 09:50 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-03-03 20:02 . 2009-07-22 02:06 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-03-03 20:02 . 2009-06-14 09:50 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-03-03 20:02 . 2009-07-22 02:06 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-03-03 20:02 . 2009-06-14 09:50 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-03-03 20:02 . 2009-07-22 02:06 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-03-03 20:02 . 2009-07-22 02:06 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-03-03 20:02 . 2009-06-14 09:50 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-03-03 20:02 . 2009-07-22 02:06 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-03-03 20:02 . 2009-06-14 09:50 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-03-03 20:02 . 2009-07-22 02:06 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-03-03 20:02 . 2009-06-14 09:50 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-07-21 14:05 . 2009-06-17 08:02 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22160_none_f4b74f0181eee730\OESpamFilter.dat
+ 2009-07-21 14:05 . 2009-06-17 07:35 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18056_none_f43e83de68c3c37f\OESpamFilter.dat
+ 2009-07-21 14:05 . 2009-06-17 07:30 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22459_none_f2e4af9f84b85a2a\OESpamFilter.dat
+ 2009-07-21 14:05 . 2009-06-17 07:35 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18278_none_f24470cc6babdbc4\OESpamFilter.dat
+ 2009-07-21 14:05 . 2009-06-17 07:35 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21074_none_f0e3a5eb87a6b883\OESpamFilter.dat
+ 2009-07-21 14:05 . 2009-06-17 07:36 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16876_none_f05c31926e871825\OESpamFilter.dat
- 2006-11-02 10:22 . 2009-06-14 13:51 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-07-22 02:26 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-05-26 17:54 . 2009-05-26 17:54 4192768 c:\windows\Installer\85257f2.msp
+ 2009-07-02 15:23 . 2009-07-02 15:23 5027328 c:\windows\Installer\85257c1.msp
- 2009-05-14 02:05 . 2009-06-14 09:49 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-05-14 02:05 . 2009-07-22 02:06 1172240 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-05-14 02:05 . 2009-07-22 02:06 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2009-05-14 02:05 . 2009-06-14 09:49 1165584 c:\windows\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-03-03 20:02 . 2009-07-22 02:06 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-03-03 20:02 . 2009-06-14 09:50 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-03-03 20:02 . 2009-07-22 02:06 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-03-03 20:02 . 2009-06-14 09:50 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-11-02 10:24 . 2009-07-07 15:10 24539592 c:\windows\System32\mrt.exe
+ 2009-07-23 02:01 . 2009-07-23 02:01 15706112 c:\windows\Installer\51af650.msp
+ 2009-05-01 17:15 . 2009-07-22 02:05 124668293 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Liam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2F9854F3-AC38-4486-AE5C-E87A73EA7415}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3678B8CA-D23D-4F12-8A9D-9F5B84014CDB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CCA5CED6-67CF-47B1-ADB1-FB73210513FC}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{A93F5935-1EF5-4F1C-BACF-6EE8E5A5CD76}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{01A55B4E-7193-471A-8CD5-FA83CB343826}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{0009A439-7B0C-4D67-9471-7BF1DFB6B3C6}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{460D55FE-BF87-41B1-AEEE-68695FADDE16}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0E6030B2-45FB-46D4-91FE-CDB9555E59C6}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6F6A0710-0A41-4A05-A285-C8B60A7CA368}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{92E805AA-A9D9-40E1-940C-C8B446E5BEC7}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{DF7F33BC-3F59-44AB-8EDF-80453A39BDBF}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{DBAE5092-94E6-47F1-9119-3A66B996EB85}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A1837AA8-D4F6-4122-9D76-56FAA7DF3591}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D89ECC13-9D1F-4BD6-ACB4-1F06CB85914F}"= UDP:c:\program files\WarRock\WRLauncher.exe:War Rock
"{0E424058-9EDB-4466-B534-5271F41B2B55}"= TCP:c:\program files\WarRock\WRLauncher.exe:War Rock
"{BC54951D-9808-495B-A6F5-7771BA75F84D}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo
"{D2A148E4-07EE-420C-96CC-C9678D0D90ED}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo
"TCP Query User{111C1AB7-E027-40A4-BF1C-66FAB6C1C9EE}c:\\program files\\warrock\\system\\warrock.exe"= UDP:c:\program files\warrock\system\warrock.exe:WarRock
"UDP Query User{669747FB-67ED-47E3-B233-7B23F7ED24EC}c:\\program files\\warrock\\system\\warrock.exe"= TCP:c:\program files\warrock\system\warrock.exe:WarRock
"{2C495F18-67A6-4C26-8D12-223DBD6AF326}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{225135D3-5018-4970-9B9F-17128305B0C3}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{DB7E5DCE-0816-4B04-8E6D-942A304972F9}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorService
"{E6167A23-54B3-4103-9E6B-6B95B09F73F1}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorService
"{BE92A758-4D3A-44F2-B538-2267EB7F424E}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{318C4DBD-1F0C-4002-B642-96E99D79A887}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{7CD14C86-47D5-45D6-B171-17F3CEEFD37D}"= UDP:c:\program files\WarRock\WRUpdater.exe:WRUpdater
"{DA700DF3-B65D-44C5-B281-3BF637692A96}"= TCP:c:\program files\WarRock\WRUpdater.exe:WRUpdater
"{C54F5CCB-CA4D-4F6E-9DD1-E8684D2ADC3F}"= UDP:5340:warrock1
"{A9EF007B-2403-40AF-B5C1-13AA261F92C0}"= UDP:5350:warrock2
"{538359DD-3E0A-4DF8-AA87-2751ED2EF9B0}"= TCP:5340:warrock1-
"{08541AD8-ED52-48C8-9176-1D35E26EA28B}"= TCP:5350:warrock2-
"TCP Query User{98AD21F9-523D-482E-BFD5-6ACA750F5E2E}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader>
"UDP Query User{6A1AED19-77BE-44B7-A8B4-92ECBE534771}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader>
"TCP Query User{3BCDA863-BDC0-411B-A567-3AC9E8934917}c:\\program files\\ijji\\gunz\\gunz.exe"= UDP:c:\program files\ijji\gunz\gunz.exe:Gunz
"UDP Query User{10E65A74-22BD-4795-87C2-F4B4BDEFEFCF}c:\\program files\\ijji\\gunz\\gunz.exe"= TCP:c:\program files\ijji\gunz\gunz.exe:Gunz
"TCP Query User{11238811-1357-4351-9841-32F47A46BF83}c:\\program files\\steam\\steamapps\\boom_headshot92\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\boom_headshot92\counter-strike source\hl2.exe:hl2
"UDP Query User{FA6553BC-615F-41FA-85F0-60D6CB3C6BB7}c:\\program files\\steam\\steamapps\\boom_headshot92\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\boom_headshot92\counter-strike source\hl2.exe:hl2
"TCP Query User{5690BF13-1631-4704-ACBA-990CF0B82211}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{2A0BEABB-0427-47F4-A1C5-2418E77F0DDA}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{FEAC0024-48C2-42D1-B5FB-FCBDAF8B2754}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A4F1DA50-3489-452F-8753-84D1C8714A55}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{88EADD12-4ED1-4E1E-96EB-CF6CD1D35DF5}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{3C2FA847-4030-478A-B57B-43FB596CFBEE}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{28F5AFBF-7CA7-46EA-9630-E0C6356FFB7F}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{EB303942-F161-44B7-AB4D-EBEC4A53423C}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{5F432A92-3206-4A13-966B-FE45D601B2CB}c:\\program files\\kontiki\\khost.exe"= UDP:c:\program files\kontiki\khost.exe:Delivery Manager
"UDP Query User{56427B38-0ECA-4FA5-9400-7073972B91B0}c:\\program files\\kontiki\\khost.exe"= TCP:c:\program files\kontiki\khost.exe:Delivery Manager
"TCP Query User{965766B2-CC02-446D-8FEB-2C211DAF15F9}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{FE5A61D7-95E9-4C72-ABD8-48A145968E50}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{903FA4B5-8717-49EE-A947-B7E5038EF053}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{1E695FAB-33AA-4853-A5FE-0F5992C68482}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{3F435204-0C0A-4C86-897A-BED348706E24}"= UDP:c:\program files\Outspark\Blackshot\System\BlackShot.exe:BlackShot
"{D3CAC5B2-3FF1-4C2F-A580-C1A2526D072B}"= TCP:c:\program files\Outspark\Blackshot\System\BlackShot.exe:BlackShot
"{B8245A3D-3115-448C-9C70-CEBC006C47E2}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9221FB9B-AC0A-46EA-B389-E17A8C3F6DDA}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F364E0D4-1637-4E85-B707-23962E28FA16}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B99D147D-ACF1-4718-966F-40AC5E3C8CC8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{058BA2B7-1A84-476C-B0DE-52452ED89294}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{68B1F231-7BF7-4F31-B594-EC99AB1FB6A5}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{7570F2E7-7D97-4C28-BF08-514646117380}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{32DDAAD6-E56C-420B-9E63-15CFA991762A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{66BD5FED-547A-4B78-9138-BA26E03799A7}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{98E14509-25A2-44ED-B808-906783D23615}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"TCP Query User{EA3B91C1-741B-4186-A4C8-98E7E76CB3FE}c:\\program files\\kontiki\\khost.exe"= UDP:c:\program files\kontiki\khost.exe:Delivery Manager
"UDP Query User{8034258D-17BF-43BB-8EAE-6C96F5475F84}c:\\program files\\kontiki\\khost.exe"= TCP:c:\program files\kontiki\khost.exe:Delivery Manager
"{722BA519-F706-439F-835D-AD6449E74D42}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{66B0D315-0C4D-4DA2-8920-1640ED788825}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B59346AC-ADA9-4975-867B-1687B09670C8}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{A3CBC77E-40D1-46FF-8816-C50BF545A8F2}"= TCP:c:\program files\Spotify\spotify.exe:Spotify
"{B9D2DA88-9278-4E30-A8C3-88C533597028}"= UDP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{317CCB46-2E7C-4E6D-BF4A-C79B5B315786}"= TCP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{7F53FD7B-1336-4AB1-8093-B2FF9D8502FE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D3312698-DAF5-49A0-8A53-67F8FCADEAD7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{07FF5332-54CB-4830-9F3C-761E63C79501}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{4F368DEC-85B7-4430-8347-C99FF5317029}"= TCP:c:\program files\Spotify\spotify.exe:Spotify
"{5DBA1D18-0C5D-4AC9-AC76-E8B88F2E4997}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{482208A3-AFEE-4858-AF50-D6E9D743DA18}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Nexon\\Combat Arms\\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000.087\SymEFA.sys [24/03/2009 22:03 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys [24/03/2009 22:03 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.087\cchpx86.sys [24/03/2009 22:02 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSvix86.sys [17/07/2009 19:22 293424]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [24/03/2009 22:02 115560]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [24/07/2009 23:23 1153368]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/04/2009 15:42 101936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087\symndisv.sys [24/03/2009 22:03 39984]
S3 MotDev;Motorola Inc. USB Device;c:\windows\System32\drivers\motodrv.sys [10/10/2007 18:41 42112]
S3 PAC7302;PLEOMAX PWC-2100 Pleo Chat Cam;c:\windows\System32\drivers\PAC7302.SYS [10/09/2007 09:50 457984]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = localhost
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
FF - ProfilePath - c:\users\Liam\AppData\Roaming\Mozilla\Firefox\Profiles\p9wrxmke.default\
FF - prefs.js: browser.startup.homepage - www.soccermanager.com
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 19:10
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-07-26 19:22
ComboFix-quarantined-files.txt 2009-07-26 18:22
ComboFix2.txt 2009-07-20 12:00

Pre-Run: 750,268,416 bytes free
Post-Run: 4,061,335,552 bytes free

606 --- E O F --- 2009-07-23 02:01




My computer is running much better and I no longer get redirected from google :)
 
One last thing to do ....


Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    ADS::
  • Save this as CFScript.txt and place it on your desktop.


    CFScriptb.gif


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
 
Last edited:
ComboFix 09-07-19.04 - Liam 26/07/2009 21:51.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1982.1054 [GMT 1:00]
Running from: c:\users\Liam\Desktop\ComboFix.exe
Command switches used :: c:\users\Liam\Desktop\Cfscript.txt
SP: AdwareAlert *disabled* (Updated) {0C87582F-EF6F-462B-8409-4995FF854620}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\212a6ceb.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-26 18:44 . 2009-02-12 09:35 38208 ----a-w- c:\users\Liam\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-07-26 18:43 . 2009-07-26 18:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-26 18:43 . 2009-07-26 18:43 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-07-26 18:43 . 2009-07-26 20:47 -------- d-----w- c:\programdata\NOS
2009-07-26 18:43 . 2009-07-26 20:47 -------- d-----w- c:\program files\NOS
2009-07-26 18:11 . 2009-04-04 09:04 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090726.005\NAVEX32A.DLL
2009-07-26 18:11 . 2009-07-13 08:00 87888 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090726.005\NAVENG.SYS
2009-07-26 18:11 . 2009-07-13 08:00 875728 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090726.005\NAVEX15.SYS
2009-07-26 18:11 . 2009-04-04 09:04 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090726.005\NAVENG32.DLL
2009-07-26 18:11 . 2009-04-04 09:04 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090726.005\EECTRL.SYS
2009-07-26 18:11 . 2009-04-04 09:04 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090726.005\ECMSVR32.DLL
2009-07-26 18:11 . 2009-04-04 09:04 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090726.005\CCERASER.DLL
2009-07-26 18:11 . 2009-04-04 09:04 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090726.005\ERASER.SYS
2009-07-24 22:22 . 2009-07-26 17:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-24 22:22 . 2009-07-24 22:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-21 14:05 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-21 14:05 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-21 14:05 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-21 14:05 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-19 21:58 . 2009-07-19 21:58 -------- d-----w- c:\users\Liam\AppData\Roaming\Malwarebytes
2009-07-19 21:58 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 21:58 . 2009-07-19 21:58 -------- d-----w- c:\programdata\Malwarebytes
2009-07-19 21:58 . 2009-07-19 21:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-19 21:58 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-19 15:01 . 2009-07-19 15:02 -------- d-----w- C:\rsit
2009-07-17 18:22 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSXpx86.sys
2009-07-17 18:22 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSvix86.sys
2009-07-17 18:22 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\Scxpx86.dll
2009-07-17 18:22 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSxpx86.dll
2009-07-17 18:22 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSviA64.sys
2009-07-16 19:57 . 2009-07-16 19:57 -------- d-----w- c:\program files\iPod
2009-07-16 19:57 . 2009-07-16 19:57 -------- d-----w- c:\program files\iTunes
2009-07-16 19:52 . 2009-07-16 19:52 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-16 13:49 . 2009-07-16 13:49 -------- d-----w- c:\program files\Trend Micro
2009-07-15 21:59 . 2009-07-15 21:59 -------- d-----w- c:\program files\PFPortChecker
2009-07-15 10:38 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSXpx86.sys
2009-07-15 10:38 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSvix86.sys
2009-07-15 10:38 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\Scxpx86.dll
2009-07-15 10:38 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSxpx86.dll
2009-07-15 10:38 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090712.001\IDSviA64.sys
2009-07-14 22:49 . 2009-07-14 22:49 -------- d-----w- c:\program files\ERUNT
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-02 22:32 . 2009-07-02 22:34 -------- d-----w- c:\users\Liam\AppData\Roaming\fretsonfire
2009-07-02 22:32 . 2009-07-02 22:32 -------- d-----w- c:\program files\Frets on Fire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 21:00 . 2008-01-28 18:39 -------- d-----w- c:\programdata\Kontiki
2009-07-26 20:09 . 2008-12-08 17:53 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-26 19:50 . 2008-12-08 21:55 -------- d-----w- c:\program files\Java
2009-07-26 19:03 . 2007-11-01 13:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-26 17:47 . 2009-06-04 20:51 142112 ----a-w- c:\programdata\nvModes.dat
2009-07-26 17:47 . 2008-10-18 20:20 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-07-24 17:22 . 2008-03-09 20:19 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-22 02:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-22 02:07 . 2007-11-01 13:08 -------- d-----w- c:\programdata\Microsoft Help
2009-07-20 11:14 . 2008-11-03 14:40 -------- d-----w- c:\program files\Applications
2009-07-18 12:35 . 2009-02-09 19:55 1 ----a-w- c:\users\Liam\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-18 12:13 . 2007-12-25 18:15 -------- d-----w- c:\program files\Steam
2009-07-18 12:01 . 2007-12-25 18:15 -------- d-----w- c:\program files\Common Files\Steam
2009-07-16 19:57 . 2008-05-06 18:26 -------- d-----w- c:\program files\Common Files\Apple
2009-07-15 19:04 . 2009-04-16 14:28 -------- d-----w- c:\users\Liam\AppData\Roaming\Spotify
2009-06-24 13:04 . 2008-12-08 18:41 -------- d-----w- c:\program files\dvdSanta
2009-06-21 16:57 . 2009-06-21 16:49 -------- d-----w- c:\users\Liam\AppData\Roaming\ImgBurn
2009-06-21 14:07 . 2009-06-21 14:06 -------- d-----w- c:\program files\ImgBurn
2009-06-18 10:26 . 2007-12-25 07:53 131528 ----a-w- c:\users\Liam\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-11 21:52 . 2009-06-11 21:52 1915520 ----a-w- c:\users\Liam\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-06-10 02:15 . 2007-11-01 13:06 -------- d-----w- c:\program files\Microsoft Works
2009-06-09 17:47 . 2009-06-09 17:47 -------- d-----w- c:\program files\Broadcom
2009-06-09 17:28 . 2008-03-11 16:40 10134 ----a-r- c:\users\Liam\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-06-05 08:02 . 2008-03-10 16:46 -------- d-----w- c:\programdata\NVIDIA
2009-06-04 18:21 . 2007-12-25 10:50 142112 ----a-w- c:\users\Liam\AppData\Roaming\nvModes.dat
2009-06-04 16:38 . 2008-01-14 21:04 -------- d-----w- c:\program files\Avanquest update
2009-06-02 20:58 . 2009-06-02 20:57 -------- d-----w- c:\program files\QuickTime
2009-05-29 15:40 . 2009-05-29 15:40 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-29 15:38 . 2008-04-14 16:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-29 15:38 . 2009-05-29 15:38 -------- d-----w- c:\program files\OpenAL
2009-05-29 15:38 . 2009-05-29 15:38 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-29 15:38 . 2009-05-29 15:38 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-29 12:36 . 2009-05-29 12:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 12:36 . 2009-05-29 12:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-04-30 12:37 . 2009-06-13 19:49 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-13 19:49 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 19:47 . 2009-05-24 11:46 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-07-26_18.10.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-25 07:39 . 2009-07-26 17:47 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-25 07:39 . 2009-07-26 20:30 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-25 07:39 . 2009-07-26 17:47 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-25 07:39 . 2009-07-26 20:30 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-25 07:39 . 2009-07-26 20:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-12-25 07:39 . 2009-07-26 17:47 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-26 18:44 . 2009-07-26 18:44 20480 c:\windows\Installer\34e377.msi
+ 2009-07-26 18:43 . 2009-07-26 18:43 26624 c:\windows\Installer\34e371.msi
+ 2009-07-26 20:09 . 2009-07-26 20:09 148888 c:\windows\System32\javaws.exe
- 2009-02-09 19:12 . 2008-12-08 21:55 148888 c:\windows\System32\javaws.exe
- 2009-02-09 19:12 . 2008-12-08 21:55 144792 c:\windows\System32\javaw.exe
+ 2009-07-26 20:09 . 2009-07-26 20:09 144792 c:\windows\System32\javaw.exe
- 2009-02-09 19:12 . 2008-12-08 21:55 144792 c:\windows\System32\java.exe
+ 2009-07-26 20:09 . 2009-07-26 20:09 144792 c:\windows\System32\java.exe
+ 2006-11-02 10:22 . 2009-07-26 19:03 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-07-22 02:26 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-26 20:09 . 2009-07-26 20:09 1563648 c:\windows\Installer\81de5a.msi
+ 2009-07-26 19:04 . 2009-07-26 19:04 3938816 c:\windows\Installer\42098d.msi
+ 2009-07-26 20:48 . 2009-07-26 20:48 6328320 c:\windows\ERDNT\Hiv-backup\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-26 148888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Liam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2F9854F3-AC38-4486-AE5C-E87A73EA7415}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3678B8CA-D23D-4F12-8A9D-9F5B84014CDB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CCA5CED6-67CF-47B1-ADB1-FB73210513FC}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{A93F5935-1EF5-4F1C-BACF-6EE8E5A5CD76}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{01A55B4E-7193-471A-8CD5-FA83CB343826}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{0009A439-7B0C-4D67-9471-7BF1DFB6B3C6}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{460D55FE-BF87-41B1-AEEE-68695FADDE16}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0E6030B2-45FB-46D4-91FE-CDB9555E59C6}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6F6A0710-0A41-4A05-A285-C8B60A7CA368}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{92E805AA-A9D9-40E1-940C-C8B446E5BEC7}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{DF7F33BC-3F59-44AB-8EDF-80453A39BDBF}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{DBAE5092-94E6-47F1-9119-3A66B996EB85}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A1837AA8-D4F6-4122-9D76-56FAA7DF3591}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D89ECC13-9D1F-4BD6-ACB4-1F06CB85914F}"= UDP:c:\program files\WarRock\WRLauncher.exe:War Rock
"{0E424058-9EDB-4466-B534-5271F41B2B55}"= TCP:c:\program files\WarRock\WRLauncher.exe:War Rock
"{BC54951D-9808-495B-A6F5-7771BA75F84D}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo
"{D2A148E4-07EE-420C-96CC-C9678D0D90ED}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo
"TCP Query User{111C1AB7-E027-40A4-BF1C-66FAB6C1C9EE}c:\\program files\\warrock\\system\\warrock.exe"= UDP:c:\program files\warrock\system\warrock.exe:WarRock
"UDP Query User{669747FB-67ED-47E3-B233-7B23F7ED24EC}c:\\program files\\warrock\\system\\warrock.exe"= TCP:c:\program files\warrock\system\warrock.exe:WarRock
"{2C495F18-67A6-4C26-8D12-223DBD6AF326}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{225135D3-5018-4970-9B9F-17128305B0C3}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{DB7E5DCE-0816-4B04-8E6D-942A304972F9}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorService
"{E6167A23-54B3-4103-9E6B-6B95B09F73F1}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:VideoAcceleratorService
"{BE92A758-4D3A-44F2-B538-2267EB7F424E}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{318C4DBD-1F0C-4002-B642-96E99D79A887}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{7CD14C86-47D5-45D6-B171-17F3CEEFD37D}"= UDP:c:\program files\WarRock\WRUpdater.exe:WRUpdater
"{DA700DF3-B65D-44C5-B281-3BF637692A96}"= TCP:c:\program files\WarRock\WRUpdater.exe:WRUpdater
"{C54F5CCB-CA4D-4F6E-9DD1-E8684D2ADC3F}"= UDP:5340:warrock1
"{A9EF007B-2403-40AF-B5C1-13AA261F92C0}"= UDP:5350:warrock2
"{538359DD-3E0A-4DF8-AA87-2751ED2EF9B0}"= TCP:5340:warrock1-
"{08541AD8-ED52-48C8-9176-1D35E26EA28B}"= TCP:5350:warrock2-
"TCP Query User{98AD21F9-523D-482E-BFD5-6ACA750F5E2E}c:\\ijji\\english\\u_gunz.exe"= UDP:c:\ijji\english\u_gunz.exe:<ijji Downloader>
"UDP Query User{6A1AED19-77BE-44B7-A8B4-92ECBE534771}c:\\ijji\\english\\u_gunz.exe"= TCP:c:\ijji\english\u_gunz.exe:<ijji Downloader>
"TCP Query User{3BCDA863-BDC0-411B-A567-3AC9E8934917}c:\\program files\\ijji\\gunz\\gunz.exe"= UDP:c:\program files\ijji\gunz\gunz.exe:Gunz
"UDP Query User{10E65A74-22BD-4795-87C2-F4B4BDEFEFCF}c:\\program files\\ijji\\gunz\\gunz.exe"= TCP:c:\program files\ijji\gunz\gunz.exe:Gunz
"TCP Query User{11238811-1357-4351-9841-32F47A46BF83}c:\\program files\\steam\\steamapps\\boom_headshot92\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\boom_headshot92\counter-strike source\hl2.exe:hl2
"UDP Query User{FA6553BC-615F-41FA-85F0-60D6CB3C6BB7}c:\\program files\\steam\\steamapps\\boom_headshot92\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\boom_headshot92\counter-strike source\hl2.exe:hl2
"TCP Query User{5690BF13-1631-4704-ACBA-990CF0B82211}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{2A0BEABB-0427-47F4-A1C5-2418E77F0DDA}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{FEAC0024-48C2-42D1-B5FB-FCBDAF8B2754}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A4F1DA50-3489-452F-8753-84D1C8714A55}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{88EADD12-4ED1-4E1E-96EB-CF6CD1D35DF5}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{3C2FA847-4030-478A-B57B-43FB596CFBEE}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{28F5AFBF-7CA7-46EA-9630-E0C6356FFB7F}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{EB303942-F161-44B7-AB4D-EBEC4A53423C}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{5F432A92-3206-4A13-966B-FE45D601B2CB}c:\\program files\\kontiki\\khost.exe"= UDP:c:\program files\kontiki\khost.exe:Delivery Manager
"UDP Query User{56427B38-0ECA-4FA5-9400-7073972B91B0}c:\\program files\\kontiki\\khost.exe"= TCP:c:\program files\kontiki\khost.exe:Delivery Manager
"TCP Query User{965766B2-CC02-446D-8FEB-2C211DAF15F9}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{FE5A61D7-95E9-4C72-ABD8-48A145968E50}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"{903FA4B5-8717-49EE-A947-B7E5038EF053}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{1E695FAB-33AA-4853-A5FE-0F5992C68482}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{3F435204-0C0A-4C86-897A-BED348706E24}"= UDP:c:\program files\Outspark\Blackshot\System\BlackShot.exe:BlackShot
"{D3CAC5B2-3FF1-4C2F-A580-C1A2526D072B}"= TCP:c:\program files\Outspark\Blackshot\System\BlackShot.exe:BlackShot
"{B8245A3D-3115-448C-9C70-CEBC006C47E2}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9221FB9B-AC0A-46EA-B389-E17A8C3F6DDA}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F364E0D4-1637-4E85-B707-23962E28FA16}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B99D147D-ACF1-4718-966F-40AC5E3C8CC8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{058BA2B7-1A84-476C-B0DE-52452ED89294}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{68B1F231-7BF7-4F31-B594-EC99AB1FB6A5}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{7570F2E7-7D97-4C28-BF08-514646117380}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{32DDAAD6-E56C-420B-9E63-15CFA991762A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{66BD5FED-547A-4B78-9138-BA26E03799A7}"= UDP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"{98E14509-25A2-44ED-B808-906783D23615}"= TCP:c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe:VideoAccelerator
"TCP Query User{EA3B91C1-741B-4186-A4C8-98E7E76CB3FE}c:\\program files\\kontiki\\khost.exe"= UDP:c:\program files\kontiki\khost.exe:Delivery Manager
"UDP Query User{8034258D-17BF-43BB-8EAE-6C96F5475F84}c:\\program files\\kontiki\\khost.exe"= TCP:c:\program files\kontiki\khost.exe:Delivery Manager
"{722BA519-F706-439F-835D-AD6449E74D42}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{66B0D315-0C4D-4DA2-8920-1640ED788825}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B59346AC-ADA9-4975-867B-1687B09670C8}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{A3CBC77E-40D1-46FF-8816-C50BF545A8F2}"= TCP:c:\program files\Spotify\spotify.exe:Spotify
"{B9D2DA88-9278-4E30-A8C3-88C533597028}"= UDP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{317CCB46-2E7C-4E6D-BF4A-C79B5B315786}"= TCP:c:\program files\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:Unreal Tournament 3
"{7F53FD7B-1336-4AB1-8093-B2FF9D8502FE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D3312698-DAF5-49A0-8A53-67F8FCADEAD7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{07FF5332-54CB-4830-9F3C-761E63C79501}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{4F368DEC-85B7-4430-8347-C99FF5317029}"= TCP:c:\program files\Spotify\spotify.exe:Spotify
"{5DBA1D18-0C5D-4AC9-AC76-E8B88F2E4997}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{482208A3-AFEE-4858-AF50-D6E9D743DA18}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Nexon\\Combat Arms\\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1005000.087\SymEFA.sys [24/03/2009 22:03 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1005000.087\BHDrvx86.sys [24/03/2009 22:03 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1005000.087\cchpx86.sys [24/03/2009 22:02 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090715.003\IDSvix86.sys [17/07/2009 19:22 293424]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [24/03/2009 22:02 115560]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [24/07/2009 23:23 1153368]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/04/2009 15:42 101936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1005000.087\symndisv.sys [24/03/2009 22:03 39984]
S3 MotDev;Motorola Inc. USB Device;c:\windows\System32\drivers\motodrv.sys [10/10/2007 18:41 42112]
S3 PAC7302;PLEOMAX PWC-2100 Pleo Chat Cam;c:\windows\System32\drivers\PAC7302.SYS [10/09/2007 09:50 457984]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = localhost
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\users\Liam\AppData\Roaming\Mozilla\Firefox\Profiles\p9wrxmke.default\
FF - prefs.js: browser.startup.homepage - www.soccermanager.com
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-26 22:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-07-26 22:07
ComboFix-quarantined-files.txt 2009-07-26 21:07
ComboFix2.txt 2009-07-26 18:22
ComboFix3.txt 2009-07-20 12:00

Pre-Run: 2,557,632,512 bytes free
Post-Run: 2,352,066,560 bytes free

308 --- E O F --- 2009-07-23 02:01
 
Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up



Uninstall Combofix
  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START, type RUN into the search box, then click Enter
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    • CF_Cleanup.png


OTCleanup
Please download OTCleanup from HERE
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt




You can also delete any logs we have produced, and empty your Recycle bin.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

  • AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

  • These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers

  • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

  • Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
 
You must log in or register to reply here.
Back
Top