Msa.exe, b.exe, poprock, very persistent cannot get rid of

[XvSiriusvX]

Volume in drive C is HP
Volume Serial Number is AA69-EBF7

Directory of C:\Windows\System32\drivers

11/02/2006 02:49 AM 14,952 intelide.sys

Directory of C:\Windows\System32\drivers

02/23/2008 04:01 AM 15,928 pciide.sys
2 File(s) 30,880 bytes

Directory of C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21

02/23/2008 04:01 AM 17,464 intelide.sys

Directory of C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21

02/23/2008 04:01 AM 15,928 pciide.sys
2 File(s) 33,392 bytes

Directory of C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699

11/02/2006 02:49 AM 14,952 intelide.sys

Directory of C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699

11/02/2006 02:49 AM 13,416 pciide.sys
2 File(s) 28,368 bytes
Volume in drive C is HP
Volume Serial Number is AA69-EBF7

Directory of C:\Windows\System32\drivers

11/02/2006 02:49 AM 14,952 intelide.sys

Directory of C:\Windows\System32\drivers

02/23/2008 04:01 AM 15,928 pciide.sys
2 File(s) 30,880 bytes

Directory of C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21

02/23/2008 04:01 AM 17,464 intelide.sys

Directory of C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21

02/23/2008 04:01 AM 15,928 pciide.sys
2 File(s) 33,392 bytes

Directory of C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699

11/02/2006 02:49 AM 14,952 intelide.sys

Directory of C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699

11/02/2006 02:49 AM 13,416 pciide.sys
2 File(s) 28,368 bytes

Directory of C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c

02/23/2008 04:01 AM 17,464 intelide.sys

Directory of C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c

02/23/2008 04:01 AM 15,928 pciide.sys
2 File(s) 33,392 bytes

Directory of C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b

02/23/2008 04:01 AM 17,976 intelide.sys

Directory of C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b

02/23/2008 04:01 AM 15,928 pciide.sys
2 File(s) 33,904 bytes

Total Files Listed:
10 File(s) 159,936 bytes
0 Dir(s) 27,368,140,800 bytes free

 

[Blade81]

Hi,


Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file check.bat, change the Save as type to all files and save it to your desktop.
Pev -filelook %windir%\intelide.sys or %windir%\PCIIDEX.SYS or %windir%\pciide.sys >filelook.txt
start filelook.txt
del %0

Double-click on check.bat file to execute it. Post back the results.

 

[XvSiriusvX]

---- C:\Windows\System32\drivers\intelide.sys ----
Company: Microsoft Corporation
File Description: Intel PCI IDE Driver
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: intelide.sys
File Size: 14952
Created Time: 2006-11-02 08:51:36
Modified Time: 2006-11-02 09:49:24
Accessed Time: 2009-09-27 08:46:15
MD5: 97469037714070E45194ED318D636401
SHA1: 7178A332DD395A91B9FA2E2A9CE4CD9BB4433D1C
SHA224: 00DB0C37693D3D2954B67087A55D39F41DA9FC26375CB349A9E2F0C0
SHA256: DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271
SHA384: A6C79755F181C2035766E0C40A5BA6D1EC1CF6B0BDF78B96796240B325CB5540F3AAE8A018E193824FE594124D5915D7
SHA512: A3A3986B380FC9673C791D9B6FB1A7D3447D86871C56B7682FD2D4700D6EE9A18CB9F5755C198A96B96AE598FA6990122CBAFA3D696C1323403310A59AF8A094
---- C:\Windows\System32\drivers\pciide.sys ----
Company: Microsoft Corporation
File Description: Generic PCI IDE Bus Driver
File Version: 6.0.6000.16632 (vista_gdr.080118-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: pciide.sys
File Size: 15928
Created Time: 2008-02-23 11:01:49
Modified Time: 2008-02-23 11:01:49
Accessed Time: 2009-09-27 08:46:18
MD5: CABA65E9C41CD2900D4C92D4F825C5F8
SHA1: B50B55B6430CFF925AF99DB162625D859BEB9FC8
SHA224: 27BD6EA36AE39FF2C1916EC86BE810B04ED19DA63BD498B0462DBB70
SHA256: 5D952DBCD3CF63621D1FE38E2E0392F5059A4757F8CD0BF2AD4FBB23E677631B
SHA384: 409ED32BD6E39749F344E1C8F70315273207B801283B6AD478D1FB99B62DD2C5874A29F136B4E2CAF023C80A7D1D7B88
SHA512: 709E79327A9AAB96FEC3E1804E26B0A275E931F7C318468FB4274846A6A5B431D0F3427F0D2604988ECCA425EB2B5B0D333C46EF5948B703FD1BD58AD7ED692A
---- C:\Windows\System32\drivers\pciidex.sys ----
Company: Microsoft Corporation
File Description: PCI IDE Bus Driver Extension
File Version: 6.0.6000.16632 (vista_gdr.080118-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: pciidex.sys
File Size: 45112
Created Time: 2008-02-23 11:01:49
Modified Time: 2008-02-23 11:01:49
Accessed Time: 2009-09-27 08:47:56
MD5: 406D01679063768E1A033B6AFE2551B3
SHA1: 711A79CE41D05E6B36CD4CB42A7DFD72F494E13D
SHA224: 6E1E08C781BAC04DF321DEEAB47768FF8C237AF2359792B2FC5CF850
SHA256: C642CDA4B50433D8EC7D195E06693665E16F087079203CCE363CC9FF1045CF03
SHA384: F4AEF926E6C382002E5661AC75F57C8641E6925187845CA098316AF72E66D41CA7D7AD338E2BC6A3E34ADDAB51373048
SHA512: 498A38A43C65DAAF943715E9B589E354E4364C9F01872DEC04CF517D4836C77457916094651B0822EEB7BFC3747C137811E4B7A2DDEB6B36F2504DBBDB2C9C78
---- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\intelide.sys ----
Company: Microsoft Corporation
File Description: Intel PCI IDE Driver
File Version: 6.0.6000.16632 (vista_gdr.080118-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: intelide.sys
File Size: 17464
Created Time: 2008-02-23 11:01:49
Modified Time: 2008-02-23 11:01:49
Accessed Time: 2009-09-18 23:44:31
MD5: 988981C840084F480BA9E3319CEBDE1B
SHA1: 3FD6DE0050051ADE658B604AE3E9054243ACE644
SHA224: 4537C9738A175C0BB44376E34503F0BE77F76A345956EE8ADBD5E721
SHA256: 7D029E0E3BAACF1BCAFDF31AA31F365132C20EE5FAC0102EC967440FD0D0318F
SHA384: A62B1A1D64C79242FA5E7CEB368B3A86953B661CA39D8A1C76F47AC093B9EF7B261B54D7DB57C7E0BFDD1AE05A630FBF
SHA512: 6306F48A32AAC6F0BDDE89E325E0C9E730A854E1D63386BCFC7CE9C86E46EB8F941AECE1016804AACB1A96237DF831FB32BF379EE78E0588CA4EAADF9DADB43C
---- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\pciide.sys ----
Company: Microsoft Corporation
File Description: Generic PCI IDE Bus Driver
File Version: 6.0.6000.16632 (vista_gdr.080118-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: pciide.sys
File Size: 15928
Created Time: 2008-02-23 11:01:49
Modified Time: 2008-02-23 11:01:49
Accessed Time: 2009-09-18 23:44:31
MD5: CABA65E9C41CD2900D4C92D4F825C5F8
SHA1: B50B55B6430CFF925AF99DB162625D859BEB9FC8
SHA224: 27BD6EA36AE39FF2C1916EC86BE810B04ED19DA63BD498B0462DBB70
SHA256: 5D952DBCD3CF63621D1FE38E2E0392F5059A4757F8CD0BF2AD4FBB23E677631B
SHA384: 409ED32BD6E39749F344E1C8F70315273207B801283B6AD478D1FB99B62DD2C5874A29F136B4E2CAF023C80A7D1D7B88
SHA512: 709E79327A9AAB96FEC3E1804E26B0A275E931F7C318468FB4274846A6A5B431D0F3427F0D2604988ECCA425EB2B5B0D333C46EF5948B703FD1BD58AD7ED692A
---- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\pciidex.sys ----
Company: Microsoft Corporation
File Description: PCI IDE Bus Driver Extension
File Version: 6.0.6000.16632 (vista_gdr.080118-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: pciidex.sys
File Size: 45112
Created Time: 2008-02-23 11:01:49
Modified Time: 2008-02-23 11:01:49
Accessed Time: 2009-09-18 23:44:31
MD5: 406D01679063768E1A033B6AFE2551B3
SHA1: 711A79CE41D05E6B36CD4CB42A7DFD72F494E13D
SHA224: 6E1E08C781BAC04DF321DEEAB47768FF8C237AF2359792B2FC5CF850
SHA256: C642CDA4B50433D8EC7D195E06693665E16F087079203CCE363CC9FF1045CF03
SHA384: F4AEF926E6C382002E5661AC75F57C8641E6925187845CA098316AF72E66D41CA7D7AD338E2BC6A3E34ADDAB51373048
SHA512: 498A38A43C65DAAF943715E9B589E354E4364C9F01872DEC04CF517D4836C77457916094651B0822EEB7BFC3747C137811E4B7A2DDEB6B36F2504DBBDB2C9C78
---- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\intelide.sys ----
Company: Microsoft Corporation
File Description: Intel PCI IDE Driver
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: intelide.sys
File Size: 14952
Created Time: 2006-11-02 10:25:06
Modified Time: 2006-11-02 09:49:24
Accessed Time: 2009-09-18 23:44:31
MD5: 97469037714070E45194ED318D636401
SHA1: 7178A332DD395A91B9FA2E2A9CE4CD9BB4433D1C
SHA224: 00DB0C37693D3D2954B67087A55D39F41DA9FC26375CB349A9E2F0C0
SHA256: DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271
SHA384: A6C79755F181C2035766E0C40A5BA6D1EC1CF6B0BDF78B96796240B325CB5540F3AAE8A018E193824FE594124D5915D7
SHA512: A3A3986B380FC9673C791D9B6FB1A7D3447D86871C56B7682FD2D4700D6EE9A18CB9F5755C198A96B96AE598FA6990122CBAFA3D696C1323403310A59AF8A094
---- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\pciide.sys ----
Company: Microsoft Corporation
File Description: Generic PCI IDE Bus Driver
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: pciide.sys
File Size: 13416
Created Time: 2006-11-02 10:25:06
Modified Time: 2006-11-02 09:49:20
Accessed Time: 2009-09-18 23:44:31
MD5: 3B1901E401473E03EB8C874271E50C26
SHA1: DB96ACB2FA42CA13CBA7C132223C05D1D570E5B5
SHA224: F2AE799E2115DF9FCA78DFAC2EB4780E3872D9DB6CB9234229660C0B
SHA256: 3C7931F419E29FDD0155D8D05D97289430A2852FCB3DBAD1B338FE2241458E72
SHA384: 23F19843BCF0B092A5E2F48A7787AE823AF72B8C4CE0856FC07538452321F28E4DA6512FEA1E51AE2C48BC99AE6C526D
SHA512: C652CBDA7CDBDDC4B61458EB712BB080F8E5B9DD5F5C07DC03FB2D1EABB779B53CD085E2641137B11BD5610332F9DECB23F1EF6E35F184E3E0BC308BEF2A709A
---- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\pciidex.sys ----
Company: Microsoft Corporation
File Description: PCI IDE Bus Driver Extension
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: pciidex.sys
File Size: 42600
Created Time: 2006-11-02 10:25:06
Modified Time: 2006-11-02 09:50:18
Accessed Time: 2009-09-18 23:44:31
MD5: 12149268080DDFE98FD1FB4A83C857D7
SHA1: 00076854094B4757ABE03693B4B636EEB00069E2
SHA224: 6563D43692DBB50E23DEB44F78285017C6FE47644AEDA5058D9DB887
SHA256: B63C1C6481BADCB9638C450BB7BBFDB47B1E31A9680A196FA92CB7F580B79CDA
SHA384: 5620C8FFFE29313003F031BB7FE17E1C23765E4D9A33EA4E140B80E219012B4B57EB38CDBEC9C708CE9878D319898CC3
SHA512: C7AA2EE95640697042E132D9B305FC690232B8BE25248B0B254607C37A4813DD1E6ABCB69D5945B72886565F45CBE51CFAB5ED469C630E3120862D9289BC1CE7
---- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\intelide.sys ----
Company: Microsoft Corporation
File Description: Intel PCI IDE Driver
File Version: 6.0.6000.16632 (vista_gdr.080118-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: intelide.sys
File Size: 17464
Created Time: 2008-02-23 11:01:49
Modified Time: 2008-02-23 11:01:49
Accessed Time: 2009-09-18 23:55:09
MD5: 988981C840084F480BA9E3319CEBDE1B
SHA1: 3FD6DE0050051ADE658B604AE3E9054243ACE644
SHA224: 4537C9738A175C0BB44376E34503F0BE77F76A345956EE8ADBD5E721
SHA256: 7D029E0E3BAACF1BCAFDF31AA31F365132C20EE5FAC0102EC967440FD0D0318F
SHA384: A62B1A1D64C79242FA5E7CEB368B3A86953B661CA39D8A1C76F47AC093B9EF7B261B54D7DB57C7E0BFDD1AE05A630FBF
SHA512: 6306F48A32AAC6F0BDDE89E325E0C9E730A854E1D63386BCFC7CE9C86E46EB8F941AECE1016804AACB1A96237DF831FB32BF379EE78E0588CA4EAADF9DADB43C
---- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\pciide.sys ----
Company: Microsoft Corporation
File Description: Generic PCI IDE Bus Driver
File Version: 6.0.6000.16632 (vista_gdr.080118-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: pciide.sys
File Size: 15928
Created Time: 2008-02-23 11:01:49
Modified Time: 2008-02-23 11:01:49
Accessed Time: 2009-09-18 23:55:09
MD5: CABA65E9C41CD2900D4C92D4F825C5F8
SHA1: B50B55B6430CFF925AF99DB162625D859BEB9FC8
SHA224: 27BD6EA36AE39FF2C1916EC86BE810B04ED19DA63BD498B0462DBB70
SHA256: 5D952DBCD3CF63621D1FE38E2E0392F5059A4757F8CD0BF2AD4FBB23E677631B
SHA384: 409ED32BD6E39749F344E1C8F70315273207B801283B6AD478D1FB99B62DD2C5874A29F136B4E2CAF023C80A7D1D7B88
SHA512: 709E79327A9AAB96FEC3E1804E26B0A275E931F7C318468FB4274846A6A5B431D0F3427F0D2604988ECCA425EB2B5B0D333C46EF5948B703FD1BD58AD7ED692A
---- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\pciidex.sys ----
Company: Microsoft Corporation
File Description: PCI IDE Bus Driver Extension
File Version: 6.0.6000.16632 (vista_gdr.080118-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: pciidex.sys
File Size: 45112
Created Time: 2008-02-23 11:01:49
Modified Time: 2008-02-23 11:01:49
Accessed Time: 2009-09-18 23:55:09
MD5: 406D01679063768E1A033B6AFE2551B3
SHA1: 711A79CE41D05E6B36CD4CB42A7DFD72F494E13D
SHA224: 6E1E08C781BAC04DF321DEEAB47768FF8C237AF2359792B2FC5CF850
SHA256: C642CDA4B50433D8EC7D195E06693665E16F087079203CCE363CC9FF1045CF03
SHA384: F4AEF926E6C382002E5661AC75F57C8641E6925187845CA098316AF72E66D41CA7D7AD338E2BC6A3E34ADDAB51373048
SHA512: 498A38A43C65DAAF943715E9B589E354E4364C9F01872DEC04CF517D4836C77457916094651B0822EEB7BFC3747C137811E4B7A2DDEB6B36F2504DBBDB2C9C78
---- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\intelide.sys ----
Company: Microsoft Corporation
File Description: Intel PCI IDE Driver
File Version: 6.0.6000.20757 (vista_ldr.080118-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: intelide.sys
File Size: 17976
Created Time: 2008-02-23 11:01:48
Modified Time: 2008-02-23 11:01:48
Accessed Time: 2009-09-18 23:55:10
MD5: 59B00EFB24EAD979BECF413703BB1FAC
SHA1: 7C469710417C39C91B1842DB2B5A0A118B7A34F3
SHA224: 673CD8B34DB1DF0E3967996500DE3DB97D6F7C1201D52CB177892FCD
SHA256: CC094DF02F2D894DCE31AB21CA3A90AB93AF9782535FBDE8B383CAD48BAB13DF
SHA384: 1FF221FCAEC141D4C7441E904458FA04F28D6CEAC03742F0E5AE15D205A55B433310616ADC89D2C35076F0450B81897B
SHA512: F0B319FE70DF0646FC339ED53C9151BDF984E23D9968B20E0C7696F3771895CA9A156034B8B11164EA7C2A649843AAD89C793A6641109E4AF285323375AAE38D
---- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\pciide.sys ----
Company: Microsoft Corporation
File Description: Generic PCI IDE Bus Driver
File Version: 6.0.6000.20757 (vista_ldr.080118-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: pciide.sys
File Size: 15928
Created Time: 2008-02-23 11:01:49
Modified Time: 2008-02-23 11:01:49
Accessed Time: 2009-09-18 23:55:10
MD5: B2FC76090EF1003463CCB07CABB35CFF
SHA1: 84130F256B7FF67BB3DC3AFA42FFF81B5996A8EB
SHA224: 1AEC6BF5394D07783A78FF71C1D1C2DD6DCCBAB989218FCBF1AE50C9
SHA256: 67C831A661DADC993832D0DA6BFA394B4AE891F6DF5F8EEB21AF07D4C17CDFAB
SHA384: 95709FBED2E55B78D1BF45B28913455B1AA41E6BC2F1D54FA99E4D4C635A8AE5294ED091B279341BE52540FD5690A0D3
SHA512: 5761E0FDFF21EE698F29EB60B050DF8EB403AECB5575A2DE03EABBA11CD2BD7C3F4E6FBFD43DBFCE6214C825E97A10B1BBCE5A9A572ADEFA1E7685E49CC570EC
---- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\pciidex.sys ----
Company: Microsoft Corporation
File Description: PCI IDE Bus Driver Extension
File Version: 6.0.6000.20757 (vista_ldr.080118-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: pciidex.sys
File Size: 45112
Created Time: 2008-02-23 11:01:49
Modified Time: 2008-02-23 11:01:49
Accessed Time: 2009-09-18 23:55:10
MD5: 24F15B0C541AE19B3B523D40C092084B
SHA1: AA4DAB20985E2907D0514919658321CDC4E6299B
SHA224: 033270AC032F699DCF085B23CD1C6DC53E93484FE9E3D0C319EECEF3
SHA256: FD5928FBFE2B80A5415C82C56327DC0531C7E876F03A923CF9CDB30AE6EDD68F
SHA384: BF0483F5CC17B724992F28120E163C7DCDC3B0881A21CEB91339874ACB5479719E7DE5021ED59E5F785C7EBAD481C776
SHA512: 4DBE7B3204639F3811E10CE8E32C591D92DEE39CA729EB03E3F6221FB3308A248BC81799372BE3111854F4E1AE8FE60D9D682C294140CBCB040F04A0E1326457

 

[Blade81]

Hi,

Do you have your Vista media available? If not, you have to download and burn Hiren's BootCD here. There's a readme.txt file included if you need help with burning the media.

 

[XvSiriusvX]

Alright, I downloaded and burned it. Now what should I do?

 

[Blade81]

Sorry that you had to wait.

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file check.bat, change the Save as type to all files and save it to your desktop.
Pev -filelook %windir%\atapi.sys >filelook.txt
start filelook.txt
del %0

Double-click on check.bat file to execute it. Post back the results.

 

[XvSiriusvX]

---- C:\Windows\System32\drivers\atapi.sys ----
Company: Microsoft Corporation
File Description: ATAPI IDE Miniport Driver
File Version: 6.0.6000.16632 (vista_gdr.080118-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: atapi.sys
File Size: 21560
Created Time: 2008-02-23 11:01:49
Modified Time: 2008-02-23 11:01:49
Accessed Time: 2009-09-30 00:08:46
MD5: B35CFCEF838382AB6490B321C87EDF17
SHA1: 7825AE543BA87A5AE0FDABB14BCCE8C1E046745A
SHA224: E3305AE559A5B8E61050ED6A2B52A0F81033857D7C49069643869282
SHA256: A13985B87B5918D123072C7128E12DC28B0FCFD68383AFA6E1DA72A25BD781E0
SHA384: BBAB93A0213977F816D310412CCE6EFBCB438031AF74AE6FD8F4845FBFD623C59BF200E4328A68EF00B4488AD5BBA21B
SHA512: B9C115FD7F2C83B5DD8EDDFDA014F21CE211351AF69D5DB4D2C1166CF7DEC106C38F6A5EAF4344BB2F332C782CA8B00F05AFC352F835568239F0923577B9E291
---- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys ----
Company: Microsoft Corporation
File Description: ATAPI IDE Miniport Driver
File Version: 6.0.6000.16632 (vista_gdr.080118-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: atapi.sys
File Size: 21560
Created Time: 2008-02-23 11:01:49
Modified Time: 2008-02-23 11:01:49
Accessed Time: 2009-09-18 23:44:31
MD5: B35CFCEF838382AB6490B321C87EDF17
SHA1: 7825AE543BA87A5AE0FDABB14BCCE8C1E046745A
SHA224: E3305AE559A5B8E61050ED6A2B52A0F81033857D7C49069643869282
SHA256: A13985B87B5918D123072C7128E12DC28B0FCFD68383AFA6E1DA72A25BD781E0
SHA384: BBAB93A0213977F816D310412CCE6EFBCB438031AF74AE6FD8F4845FBFD623C59BF200E4328A68EF00B4488AD5BBA21B
SHA512: B9C115FD7F2C83B5DD8EDDFDA014F21CE211351AF69D5DB4D2C1166CF7DEC106C38F6A5EAF4344BB2F332C782CA8B00F05AFC352F835568239F0923577B9E291
---- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys ----
Company: Microsoft Corporation
File Description: ATAPI IDE Miniport Driver
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: atapi.sys
File Size: 19048
Created Time: 2006-11-02 10:25:06
Modified Time: 2006-11-02 09:49:36
Accessed Time: 2009-09-18 23:44:31
MD5: 4F4FCB8B6EA06784FB6D475B7EC7300F
SHA1: 42881A659B134E69CFABAC110F8512694BB5453B
SHA224: CE83A823C3609F7783A9ECAF6CCEB96EDA000FDB1EC11BC326E4D8A9
SHA256: 6202D85C9A75E3F01F5F94F069C4CD8A2B9295A182301EAE5940EC3BC2C1D896
SHA384: 5FAFFE71509D34773C1544BCA05D621F0045A4E47E49CE8BFA3F9E5EA3E326B16BC0FEF6AA20380556D4C9A7F00C435C
SHA512: DC8FDA3F10E80C6B7AEAC7FE7CC3FD76DE3A984221FA74A57182130A16C41AFA67D47B4A02C45A7063C9FF731A6C91B9E58E731280879ADEC08950C507022854
---- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys ----
Company: Microsoft Corporation
File Description: ATAPI IDE Miniport Driver
File Version: 6.0.6000.16632 (vista_gdr.080118-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: atapi.sys
File Size: 21560
Created Time: 2008-02-23 11:01:49
Modified Time: 2008-02-23 11:01:49
Accessed Time: 2009-09-18 23:55:09
MD5: B35CFCEF838382AB6490B321C87EDF17
SHA1: 7825AE543BA87A5AE0FDABB14BCCE8C1E046745A
SHA224: E3305AE559A5B8E61050ED6A2B52A0F81033857D7C49069643869282
SHA256: A13985B87B5918D123072C7128E12DC28B0FCFD68383AFA6E1DA72A25BD781E0
SHA384: BBAB93A0213977F816D310412CCE6EFBCB438031AF74AE6FD8F4845FBFD623C59BF200E4328A68EF00B4488AD5BBA21B
SHA512: B9C115FD7F2C83B5DD8EDDFDA014F21CE211351AF69D5DB4D2C1166CF7DEC106C38F6A5EAF4344BB2F332C782CA8B00F05AFC352F835568239F0923577B9E291
---- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys ----
Company: Microsoft Corporation
File Description: ATAPI IDE Miniport Driver
File Version: 6.0.6000.20757 (vista_ldr.080118-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: atapi.sys
File Size: 21560
Created Time: 2008-02-23 11:01:49
Modified Time: 2008-02-23 11:01:49
Accessed Time: 2009-09-18 23:55:10
MD5: E03E8C99D15D0381E02743C36AFC7C6F
SHA1: E6A7BD863E4C2C2A21D3B81BD7CE19E9A128AE2C
SHA224: 69DEEA42346E4A5AFF13E60B8698CC27C67296AC01748670D588FCA7
SHA256: 8217348674FC4D0C6D567FFC95B14DFD507F47C5A4728C2BA93D72C412E8527B
SHA384: 9E1338DAAA776AF987B94EF723BADEBDB18E7F849E0AB4820C718C8FBCEE601186736D99FFABCC53A4C1A8A0BA51E283
SHA512: 79401E70D1F7BF0C5B38893695A49BE0B4309B74536D5661DEB0CE607AC5A07F79485B6DD90FCEFC605B42CD01801C7A0D04185D079DCA3A4854A54FA8862ECD

 

[Blade81]

Hi,

One more check before the action.

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file check.bat, change the Save as type to all files and save it to your desktop.
Pev -filelook %windir%\acpi.sys or %windir%\acpi.sy_ >filelook2.txt
start filelook2.txt
del %0

Double-click on check.bat file to execute it. Post back the results.

 

[XvSiriusvX]

---- C:\Windows\System32\drivers\acpi.sys ----
Company: Microsoft Corporation
File Description: ACPI Driver for NT
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: ACPI.sys.mui
File Size: 258232
Created Time: 2008-02-23 11:06:06
Modified Time: 2008-02-23 11:06:06
Accessed Time: 2009-09-30 08:45:25
MD5: 84FC6DF81212D16BE5C4F441682FECCC
SHA1: 517FC2B40305EEAF2FAB9705A180709FAB244AE7
SHA224: 83B1CD2CA00EFC426E2A99F61755748BC179A56FAC429FE0BD9F143D
SHA256: 73F3BE94A98225A9F276C1A6C8BCA05571FF3BB012E7FF877F6C4AB11F62CBA0
SHA384: 8318B318BB6E47DAC1F54F618A60B8D4C045B72AB3C89634A943BFA544119084050490A25299BFBE4F9AE4429531C2B1
SHA512: 5EAB4F804F9CF871EE4FAA59E4B6BC665831C5FFDF6E906F0CDD216324E84E45F8EA6B47D1C396A7EFAF7E098C7A7CC375D8FBC477B7DADD9652B29CBA68FC11
---- C:\Windows\System32\DriverStore\FileRepository\acpi.inf_97916753\acpi.sys ----
Company: Microsoft Corporation
File Description: ACPI Driver for NT
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: ACPI.sys
File Size: 255592
Created Time: 2006-11-02 10:25:06
Modified Time: 2006-11-02 09:51:30
Accessed Time: 2009-09-18 23:44:09
MD5: 192BDBD1540645C4A2AA69F24CCE197F
SHA1: 5CA9062B497E7D0BDB04DA0395DF443646719F6E
SHA224: F129C8E011FEADDE0FCA5D25802A7D927600DFAC1EEA2CE385B300D8
SHA256: 96C2493DAE961E50A0D446B19CE28D5848450791867E17ABAA786506F906A9C2
SHA384: 7F5FC060E35AD6C3973FF357B23046979B58BF0C64AB741C11738C2BB9A4B20E6E51834D81F1E425F4D40C26684700AE
SHA512: 29FC59955D03DAA632B213DEB2DA06EB335F9CD6CDA93AB833D5C4703EB6CD79B54840862D3CA6B4F150AC3A3CAEB14EBB202EDA7508232FE5D60D2AEA5B42D1
---- C:\Windows\System32\DriverStore\FileRepository\acpi.inf_c74dd533\acpi.sys ----
Company: Microsoft Corporation
File Description: ACPI Driver for NT
File Version: 6.0.6000.16553 (vista_gdr.070830-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: ACPI.sys
File Size: 258232
Created Time: 2008-02-23 11:06:06
Modified Time: 2008-02-23 11:06:06
Accessed Time: 2009-09-18 23:44:09
MD5: 84FC6DF81212D16BE5C4F441682FECCC
SHA1: 517FC2B40305EEAF2FAB9705A180709FAB244AE7
SHA224: 83B1CD2CA00EFC426E2A99F61755748BC179A56FAC429FE0BD9F143D
SHA256: 73F3BE94A98225A9F276C1A6C8BCA05571FF3BB012E7FF877F6C4AB11F62CBA0
SHA384: 8318B318BB6E47DAC1F54F618A60B8D4C045B72AB3C89634A943BFA544119084050490A25299BFBE4F9AE4429531C2B1
SHA512: 5EAB4F804F9CF871EE4FAA59E4B6BC665831C5FFDF6E906F0CDD216324E84E45F8EA6B47D1C396A7EFAF7E098C7A7CC375D8FBC477B7DADD9652B29CBA68FC11
---- C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.16553_none_206f74b9d10718ea\acpi.sys ----
Company: Microsoft Corporation
File Description: ACPI Driver for NT
File Version: 6.0.6000.16553 (vista_gdr.070830-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: ACPI.sys
File Size: 258232
Created Time: 2008-02-23 11:06:06
Modified Time: 2008-02-23 11:06:06
Accessed Time: 2009-09-18 23:51:30
MD5: 84FC6DF81212D16BE5C4F441682FECCC
SHA1: 517FC2B40305EEAF2FAB9705A180709FAB244AE7
SHA224: 83B1CD2CA00EFC426E2A99F61755748BC179A56FAC429FE0BD9F143D
SHA256: 73F3BE94A98225A9F276C1A6C8BCA05571FF3BB012E7FF877F6C4AB11F62CBA0
SHA384: 8318B318BB6E47DAC1F54F618A60B8D4C045B72AB3C89634A943BFA544119084050490A25299BFBE4F9AE4429531C2B1
SHA512: 5EAB4F804F9CF871EE4FAA59E4B6BC665831C5FFDF6E906F0CDD216324E84E45F8EA6B47D1C396A7EFAF7E098C7A7CC375D8FBC477B7DADD9652B29CBA68FC11
---- C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.20672_none_20e27162ea35d73f\acpi.sys ----
Company: Microsoft Corporation
File Description: ACPI Driver for NT
File Version: 6.0.6000.20672 (vista_ldr.070830-1500)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original file name: ACPI.sys
File Size: 258232
Created Time: 2008-02-23 11:06:06
Modified Time: 2008-02-23 11:06:06
Accessed Time: 2009-09-18 23:51:30
MD5: 2F9073FDE68F6CD623EC6340DB0763BE
SHA1: CB028200876E33C3D2D24747E34599E6015212ED
SHA224: 125968F3F494BAF55DC0FFAEB968E52094CDA36A3E47768619E444CB
SHA256: DADADCDCBDC98F48C56E32CD84610E7D481506F1B164727A1D1A4D406898FC36
SHA384: D219BBC06978E4FB553D7AA21930FDF11BF0F27F191D128701DB0F8BDAB7AEA544B1A197A67DCF3471E71676208D2A82
SHA512: B478FFD7985BD8037C9272226B929A8F5B2EA8F4374C79914DA6EA72BE2F35B7A18EB6237D83408D55E0BDF03E85D96BC649A0A6B393A1B6691B19FC9799AA7F

 

[Blade81]

Hi,

Open notepad and then copy and paste the lines in the codebox below into it. Go to File > save as and name the file fix.bat, change the Save as type to all files and save it to the root of your c: drive (c:\fix.bat).

@echo off
ren C:\Windows\System32\drivers\atapi.sys C:\Windows\System32\drivers\atapi.sys.bad >>c:\logit.txt
copy /y C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys C:\Windows\System32\drivers\atapi.sys >>c:\logit.txt
ren C:\Windows\System32\drivers\acpi.sys C:\Windows\System32\drivers\acpi.sys.bad >>c:\logit.txt
copy /y C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.0.6000.16553_none_206f74b9d10718ea\acpi.sys C:\Windows\System32\drivers\acpi.sys >>c:\logit.txt
del %0

Have Hiren's BootCD inserted in and reboot the system having CD/DVD drive as boot device #1 (set that in BIOS if needed). You should see Hiren's BootCD menu with different boot options. Select "Start Mini Windows Xp" option.

When desktop opens, double-click Command Prompt icon there to enter command prompt. In command prompt, write c:\fix.bat and press enter. When finished, reboot the system back to normal mode. Post back contents of c:\logit.txt file.

 

[XvSiriusvX]

Upon executing the command, it said 'Invalid syntax of command' a few times then 'Batch file cannot be found'.

Here is the logit contents -

1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
1 file(s) copied.

 

[Blade81]

Upon executing the command, it said 'Invalid syntax of command' a few times then 'Batch file cannot be found'.

Hi,

Had you created fix.bat prior entering the bootcd and running the batch?

Run Malwarebytes' Anti-Malware and post back its report.

 

[XvSiriusvX]

Yes, I created it, put it in C:\, then rebooted in the mini xp to execute it. Here are the MBAM results, after updating to the newest definitions.

Malwarebytes' Anti-Malware 1.41
Database version: 2899
Windows 6.0.6000

10/3/2009 7:52:13 AM
mbam-log-2009-10-03 (07-52-13).txt

Scan type: Quick Scan
Objects scanned: 90353
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[XvSiriusvX]

Weird, a full scan resulted in this log -


Malwarebytes' Anti-Malware 1.41
Database version: 2899
Windows 6.0.6000

10/3/2009 5:11:07 PM
mbam-log-2009-10-03 (17-11-07).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 387424
Time elapsed: 2 hour(s), 13 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\32788R22FWJFW\Combo-Fix.sys (Worm.Agent) -> Quarantined and deleted successfully.
C:\ComboFix\Combo-Fix.sys (Worm.Agent) -> Quarantined and deleted successfully.

 

[Blade81]

Hi,

Delete your old ComboFix version. Then get a fresh one to your desktop from one of these two links:
Link 1
Link 2

Then see if you're able to run it.

 

[XvSiriusvX]

It seems that now that the tdlwsp.dll or whatever that rootkit dll was has been removed, Combofix works once again. Upon installing the new version, it worked flawlessly again as in the past. Here is the log -


ComboFix 09-10-01.05 - God 10/04/2009 4:58.21.2 - NTFSx86
Running from: c:\users\God\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\xusyzoxov.bat
c:\users\God\AppData\Roaming\Microsoft\Windows\Cookies\awur._dl
c:\users\God\AppData\Roaming\Microsoft\Windows\Cookies\jykucuta._dl
c:\users\God\AppData\Roaming\Microsoft\Windows\Cookies\qojiciri.pif
c:\users\God\AppData\Roaming\uxena.inf
c:\users\Public\Documents\ixom.bat
c:\windows\Installer\1842a.msi
c:\windows\jestertb.dll
c:\windows\system32\mehos.bat
c:\windows\system32\utehadan.vbs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-04 12:08 . 2009-10-04 12:13 -------- d-----w- c:\users\God\AppData\Local\temp
2009-10-04 12:08 . 2009-10-04 12:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-03 08:54 . 2009-10-01 17:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-27 01:03 . 2009-09-27 01:06 680 ----a-w- c:\users\God\AppData\Local\d3d9caps.dat
2009-09-26 04:20 . 2009-09-26 04:54 -------- d-----w- c:\program files\Warcraft III Non-Patched
2009-09-18 17:44 . 2009-09-19 21:44 -------- d-----w- c:\users\God\AppData\Local\Adobe
2009-09-17 23:10 . 2009-09-17 23:10 -------- d-----w- C:\found.001
2009-09-17 18:32 . 2009-09-17 18:32 -------- d-----w- c:\program files\Trend Micro
2009-09-17 18:11 . 2009-09-17 18:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-09-17 18:11 . 2009-09-18 13:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-17 18:11 . 2009-09-17 18:11 -------- d-----w- c:\users\God\AppData\Roaming\SUPERAntiSpyware.com
2009-09-17 05:28 . 2009-09-17 05:28 -------- d-----w- c:\program files\Alwil Software
2009-09-16 22:28 . 2009-09-16 22:28 -------- d-----w- C:\Autoruns
2009-09-16 21:21 . 2009-09-16 21:21 70656 ----a-w- c:\windows\system32\drivers\wtfrxqfqwajwrlev.sys
2009-09-16 21:02 . 2009-10-03 01:28 -------- d-----w- c:\users\God\Tracing
2009-09-16 21:01 . 2009-09-16 21:01 -------- d-----w- c:\program files\Microsoft
2009-09-16 21:01 . 2009-09-16 21:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-16 21:00 . 2009-09-16 21:01 -------- d-----w- c:\program files\Windows Live
2009-09-16 20:59 . 2009-09-16 20:59 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-26 04:23 . 2007-05-01 19:13 95967 ----a-w- c:\windows\War3Unin.dat
2009-09-26 04:23 . 2007-05-01 19:13 2829 ----a-w- c:\windows\War3Unin.pif
2009-09-26 04:23 . 2007-05-01 19:13 126976 ----a-w- c:\windows\War3Unin.exe
2009-09-26 04:16 . 2007-05-01 19:10 -------- d-----w- c:\program files\Warcraft III
2009-09-23 19:20 . 2007-05-01 17:59 -------- d-----w- c:\program files\BitTorrent
2009-09-23 19:20 . 2009-04-20 02:13 -------- d-----w- c:\program files\BitLord
2009-09-18 22:50 . 2008-11-12 02:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-17 20:42 . 2007-02-09 14:32 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-17 20:42 . 2007-02-09 14:33 -------- d-----w- c:\programdata\Symantec
2009-09-17 20:41 . 2007-02-09 14:33 -------- d-----w- c:\program files\Symantec
2009-09-17 18:10 . 2009-02-19 01:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-11 08:40 . 2008-05-10 09:38 -------- d-----w- c:\program files\DOSBox-0.72
2009-09-10 21:54 . 2008-11-12 02:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2008-11-12 02:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 06:54 . 2007-02-09 13:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-02 06:53 . 2009-09-02 06:53 -------- d-----w- c:\program files\Linksys
2009-09-02 06:22 . 2009-09-02 06:22 -------- d-----w- c:\program files\Dynex G USB Network Adapter
2009-08-30 01:02 . 2009-08-30 01:02 -------- d-----w- c:\program files\EASEUS
2009-08-21 23:15 . 2009-08-21 23:15 -------- d-----w- c:\users\God\AppData\Roaming\RayV
2009-08-21 23:14 . 2009-08-21 23:14 -------- d-----w- c:\program files\RayV
2009-08-21 02:32 . 2009-08-21 02:32 -------- d-----w- c:\program files\Photo Album
2009-08-18 02:10 . 2008-05-13 09:42 -------- d-----w- c:\program files\Microsoft SQL Server
2009-08-18 02:10 . 2007-02-09 14:15 -------- d-----w- c:\programdata\Microsoft Help
2009-08-18 02:06 . 2009-08-18 02:03 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-08-18 02:04 . 2009-08-18 02:03 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-08-18 02:00 . 2009-08-18 02:00 -------- d-----w- c:\program files\Microsoft SDKs
2009-08-18 01:57 . 2009-08-18 01:57 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-18 01:57 . 2009-08-18 01:57 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-18 01:57 . 2009-08-18 01:57 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-18 01:57 . 2009-08-18 01:57 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-18 01:57 . 2009-08-18 01:57 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-18 01:57 . 2009-08-18 01:57 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-18 01:57 . 2009-08-18 01:57 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-18 01:45 . 2009-08-18 01:45 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-18 01:45 . 2009-08-18 01:45 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-18 01:45 . 2009-08-18 01:45 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-18 01:45 . 2009-08-18 01:45 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-18 01:45 . 2009-08-18 01:45 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-17 04:43 . 2007-05-17 01:36 -------- d-----w- c:\program files\Starcraft
2009-08-16 18:45 . 2009-08-16 18:45 -------- d-----w- c:\program files\Western Digital Corporation
2009-08-15 08:33 . 2009-08-15 08:20 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-08-14 19:57 . 2009-08-14 19:57 18352 ----a-w- c:\program files\Common Files\ikalum.db
2009-08-14 19:57 . 2009-08-14 19:57 16592 ----a-w- c:\windows\kegogasyd.dat
2009-08-14 19:57 . 2009-08-14 19:57 15851 ----a-w- c:\windows\axoc.dat
2009-08-14 19:57 . 2009-08-14 19:57 15446 ----a-w- c:\programdata\ivikavy.dat
2009-08-14 19:57 . 2009-08-14 19:57 13892 ----a-w- c:\windows\yziha.dat
2009-08-14 19:57 . 2009-08-14 19:57 12219 ----a-w- c:\program files\Common Files\cucyv.sys
2009-08-14 19:57 . 2009-08-14 19:57 10872 ----a-w- c:\windows\zefilenyg.bin
2009-08-14 19:57 . 2009-08-14 19:57 10084 ----a-w- c:\program files\Common Files\uwyvi.pif
2009-08-11 21:42 . 2009-08-11 21:42 -------- d-----w- c:\program files\PC Inspector File Recovery
2009-08-11 17:07 . 2009-08-11 17:07 -------- d-----w- c:\program files\WinUndelete
2009-07-26 23:44 . 2009-07-26 23:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-03-14 21:19 . 2009-03-14 21:19 160 ----a-w- c:\program files\yqiq.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-10 90192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-10 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-10 81920]
"MSConfig"="c:\windows\System32\msconfig.exe" [2006-11-02 222208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=c:\windows\pss\GetRight - Tray Icon.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^God^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5.LNK]
path=c:\users\God\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5.LNK.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{26196EA3-C3A5-4E52-8639-378CCD48E919}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8ED9198E-88E9-4FC6-A175-5D370491351E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3E40D532-807E-4817-82AF-9663E6904A7B}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{DE06A27E-4C43-4096-BC87-2F3F35BE3663}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{517C1DF7-3350-4623-BDD0-A089F7280BB8}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{B6907B4A-B2F2-4B9A-8E9F-86A900A77496}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{BAACC9BF-2F2D-4B3F-BD97-7943549C16EF}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{C0732967-EBA3-4692-9101-6441CE90F3EC}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{92D16FFE-3827-4167-A697-96922BC60EFA}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{A974D757-AF29-4889-A452-DA741D2938B3}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0BE2B827-0842-432D-A6B5-19989399CDF8}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{24EE35E3-1883-439B-A1BF-E16011E8ACEB}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8538C621-E095-4FA6-8750-47507F1012E7}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7F377FE4-F98D-42AC-B5D8-EEE41A80F757}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{71EB98AF-4B7D-4682-B743-4E55C7565689}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{8D16B031-CCC0-4ACA-BDAB-9E67DE736150}c:\\program files\\aim\\aim.exe"= UDP:c:\program files\aim\aim.exe:AOL Instant Messenger
"UDP Query User{8F774461-2148-432A-AD4C-1C4960DBD8C7}c:\\program files\\aim\\aim.exe"= TCP:c:\program files\aim\aim.exe:AOL Instant Messenger
"TCP Query User{C67FD11B-98A8-4652-842F-3DACD89DF1CE}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{0DF37492-8985-41CD-9C73-67866005EBE5}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{9C8EB56E-238A-47FD-B6ED-4E6F55D55E88}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{62C0404B-B635-488E-9407-E97E8FCB53FB}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{2980634D-BBB1-4C0C-8327-C55CA39F4A01}"= c:\program files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars
"TCP Query User{8D09BB90-2412-41A9-A7CD-E4B774D11A03}c:\\users\\god\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\god\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{64FBB2A3-E4B4-4DEE-AF5C-D5A6E81C8A1F}c:\\users\\god\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\god\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"TCP Query User{B355E7D4-36F8-4A85-87F8-E60C5286D796}c:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.4\\cnc3game.dat"= UDP:c:\program files\electronic arts\command & conquer 3\retailexe\1.4\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{DFD3318C-4A61-413E-8584-5240FFE199FA}c:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.4\\cnc3game.dat"= TCP:c:\program files\electronic arts\command & conquer 3\retailexe\1.4\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"TCP Query User{9BED35EE-C58A-4F9D-B77C-28F1EE38E555}c:\\westwood\\dune2000\\dune2000.dat"= UDP:c:\westwood\dune2000\dune2000.datune2000
"UDP Query User{4C415A29-DAF5-4ACE-9C70-9E466A64313E}c:\\westwood\\dune2000\\dune2000.dat"= TCP:c:\westwood\dune2000\dune2000.datune2000
"TCP Query User{79F6DAC0-A615-4B77-A58B-A81EBE7EAD52}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:Starcraft
"UDP Query User{FE2A8E6D-57E7-49D0-8764-533B5739FE92}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:Starcraft
"TCP Query User{5A5FF2C5-2AF8-4EA3-961D-C59D281B0A81}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{75DEDAE8-304F-439E-9B40-BB795FC0DA5F}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{ED462B4F-72A5-418F-A095-4CD413950288}"= UDP:6112:B.net
"{F182C4DC-0749-4E00-8BCB-B03B0375D48B}"= UDP:6113:B.net
"{ED638FC2-26F9-415F-A771-208E013E4BEB}"= UDP:6114:B.net
"{06776857-3006-4012-948C-9DF739117DF0}"= UDP:6115:B.net
"{080171F4-F98B-4B34-9774-7F6259FED636}"= UDP:6116:B.net
"{0EAA7923-29EA-4CBB-9134-790BC026009B}"= UDP:6117:B.net
"{977AA017-F67D-4690-BB09-01BBEC10A0AE}"= UDP:6118:B.net
"{2699B3E2-0E72-4841-B546-B621ED6CFD58}"= UDP:6119:B.net
"{8E59963D-D832-4626-BDCD-D4CDCF717DBF}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E2E03474-BDDE-420C-BDB4-36AA1E7E7A6D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{50EC4FC5-181A-46DD-879A-34BD2D3D63E7}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9C1C0D33-9796-40F6-AA10-4DD82412A33D}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{21F02CC3-8343-4144-89B2-48DDB47055E0}"= UDP:c:\program files\EA Games\The Battle for Middle-earth (tm)\game.dat:The Battle for Middle-earth (tm)
"{28B26B33-D918-4803-BECF-6E03C171BD4F}"= TCP:c:\program files\EA Games\The Battle for Middle-earth (tm)\game.dat:The Battle for Middle-earth (tm)
"TCP Query User{5227F75F-3ED6-4B01-9A81-46189D2E8B9F}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{31C2E7D3-E668-4462-9D40-FF08E1578C82}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"{B7B47648-2FFB-4B3F-A133-12BF51510F30}"= UDP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{BF1F0559-A45F-47C8-AC45-13A40415B40C}"= TCP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"TCP Query User{92E69FF4-225C-46AB-ACF0-3AD19046FD89}c:\\program files\\ea games\\the battle for middle-earth (tm)\\patchget.dat"= UDP:c:\program files\ea games\the battle for middle-earth (tm)\patchget.datatchgrabber
"UDP Query User{EA65CE03-2EC0-4144-A462-16CE734037C2}c:\\program files\\ea games\\the battle for middle-earth (tm)\\patchget.dat"= TCP:c:\program files\ea games\the battle for middle-earth (tm)\patchget.datatchgrabber
"TCP Query User{9D40094E-5988-4AA4-91AD-B392D5E96CD6}c:\\program files\\aim\\aim.exe"= UDP:c:\program files\aim\aim.exe:AOL Instant Messenger
"UDP Query User{7C0300AD-6FDC-41C2-A3F9-FC9A089CCD88}c:\\program files\\aim\\aim.exe"= TCP:c:\program files\aim\aim.exe:AOL Instant Messenger
"TCP Query User{B4C7D793-5666-49DA-8C97-26FCEC48A2D1}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{9D94ECDC-EA9B-4290-B246-45B5BC2E667F}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{893962B6-17E1-4778-ADEB-564E7A5984CA}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exeC++
"UDP Query User{C16419D7-AB6E-499F-A762-7BACCB74BEC2}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exeC++
"{9357DA39-01ED-4395-BD05-9F354711F7E9}"= UDP:7845C Port
"{A93001A3-3C11-472A-A248-6235F2739E91}"= TCP:7845C ++ Port 2
"TCP Query User{34F3FBFC-A008-4310-A27E-B15439F5B33D}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{48C4016F-CCCA-4579-9402-B6F5363AB0B8}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{F46AB807-9F8E-4363-BB51-C979599CC875}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exeC++
"UDP Query User{16971444-4BC2-49A2-A958-C0726C8D584A}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exeC++
"{713F0E2B-D1B8-4B42-8AA7-2338C8F300CE}"= UDP:15000C ++ other port
"{0FE9D131-7432-4175-B59C-1D030938F67F}"= TCP:15000C ++ other port 2
"{673D4604-243B-4C43-B44F-A1E9A2A2E59B}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{FF65BDD6-4BF6-4FC0-A1FD-93C32D408410}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{512EAE54-D761-48C3-8CD2-D71441C1599F}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{7EAE77F3-055A-410D-B847-94F5AA1C7C36}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{6CC96A6D-EFEC-47C9-B9C1-E4E07EFC49BD}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{434C1B63-FD30-43F1-A356-8E6AB88E4D75}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{0DF9CFF0-164B-4A48-BD93-2E6D0BEF0990}"= Disabled:UDP:c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{66FA5505-E381-41ED-AC85-1EFA5134516B}"= Disabled:TCP:c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"TCP Query User{B3DBDE79-CBDA-4207-B144-4B706091584C}c:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.5\\cnc3game.dat"= UDP:c:\program files\electronic arts\command & conquer 3\retailexe\1.5\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{C8E858EF-3A3E-47B7-B391-F76942F06436}c:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.5\\cnc3game.dat"= TCP:c:\program files\electronic arts\command & conquer 3\retailexe\1.5\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"TCP Query User{947C9B61-CDF0-48D5-850B-290D28469D8E}c:\\users\\god\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\god\appdata\local\temp\electronicarts_patcher_000.exe:Command and Conquer 3 Tiberium Wars™ Launcher
"UDP Query User{F2AF3FB1-846A-48FC-8C70-A27DB3605BA0}c:\\users\\god\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\god\appdata\local\temp\electronicarts_patcher_000.exe:Command and Conquer 3 Tiberium Wars™ Launcher
"{E8CF3913-9046-440B-84DF-42314CC18153}"= TCP:6112:BNET
"TCP Query User{8B8C899B-B1DD-4B3F-BABB-E9B3C1A9F14B}c:\\program files\\njstar communicator\\minismtp.exe"= UDP:c:\program files\njstar communicator\minismtp.exe:NJStar Mini SMTP Server
"UDP Query User{7B73ED02-C529-42EB-ACAB-54BB2E0AAE64}c:\\program files\\njstar communicator\\minismtp.exe"= TCP:c:\program files\njstar communicator\minismtp.exe:NJStar Mini SMTP Server
"{C85D37A4-F163-425F-BC6C-8D72A4AA6302}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{53326890-DDFD-4C3B-83E6-7F322C97EC6C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3A7FA16F-BB5F-4830-87C4-3C9873684389}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{18AD9FB3-1476-4428-8FA7-2484B4428977}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{FDE982CC-3FF6-4217-A607-6C0AC6711901}c:\\program files\\ea games\\red alert 3 beta\\retailexe\\1.2\\ra3game.dat"= UDP:c:\program files\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat:Command and Conquer Red Alert 3™
"UDP Query User{76D857FD-DEDE-4451-8C05-B21E5EE5A206}c:\\program files\\ea games\\red alert 3 beta\\retailexe\\1.2\\ra3game.dat"= TCP:c:\program files\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat:Command and Conquer Red Alert 3™
"{DFD69AE9-8EC7-496F-BA97-9B508AB01BE8}"= c:\program files\Electronic Arts\Command & Conquer 3 Kane's Wrath\RetailExe\1.0\cnc3ep1.dat:Command & Conquer(tm) 3: Kane's Wrath
"TCP Query User{E9B84F8C-F03A-4531-9511-9EAEAF5F3BEA}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0BB8F4DA-1AF5-46F7-B262-C147FB85CCFF}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{BF584BCB-3844-4D11-BD70-033FF72C0B83}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:Blizzard Downloader
"{D76375EF-7C03-43D6-8244-D258323B8535}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:Blizzard Downloader
"{B3B70193-33E8-4678-BD30-4DA162DFCC6E}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{E1ABFCCE-8E52-4E4E-B2C7-95F8F101E16E}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.3.game"= UDP:c:\program files\electronic arts\red alert 3\data\ra3_1.3.game:Command & Conquer™ Red Alert™ 3
"UDP Query User{E877B667-D13D-4914-AFAB-D84C4DB0A9E1}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.3.game"= TCP:c:\program files\electronic arts\red alert 3\data\ra3_1.3.game:Command & Conquer™ Red Alert™ 3
"TCP Query User{23F824E7-C03A-4F5E-BEBC-B5468C0F77EE}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{2DDB33C0-6E46-41BB-9092-957A7F7495DB}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{EC50BF5D-9B86-4CDB-A927-91021458DC8C}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{6D376A83-783A-4015-B844-B95544A7FA2B}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{E8B56CA2-3095-48AE-BBE6-58CE5878FE41}"= UDP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{DBB01B00-17C5-4ADA-873C-38BF70128375}"= TCP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{C3D0CA3A-B4E1-4507-ADFA-73A767520D13}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{7550AD99-DF57-4C40-8084-8AF683D06AFD}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{52DC1ECA-1454-4C8B-A2AB-2E3BE589196A}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{96C70FE3-2A7B-4637-A4B7-9CC883CBB872}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{68926876-C642-4F89-9B29-20EA7C23B817}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{CA37B39A-32DE-41A3-A646-EB69D6F69D61}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{C0572B0B-D866-47D7-8406-265DE452095C}"= UDP:c:\program files\Autodesk\3ds Max 2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit
"{A1C2F8DE-E250-4656-B932-0D556E0C5881}"= TCP:c:\program files\Autodesk\3ds Max 2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit
"TCP Query User{63DE352C-C19B-4541-94A2-29AF412F0CAE}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{2203490D-7DC9-44E5-AEA6-6B187EB11B69}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{647301F6-B2B7-4926-B3E2-4E52FB285E0D}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{11267CD2-4495-43B4-AE53-6BCA294A6EE6}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{377E4EE4-42F7-4A9D-97B6-0E3BBDB44DD9}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:Blizzard Downloader
"{08F6C6E2-281B-4FDC-9B80-A0570FC4A320}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:Blizzard Downloader
"{84AF128E-CC39-453F-B5D8-D0875F19BA3C}"= UDP:c:\program files\RayV\RayV\RayV.exe:RayV
"{8505BF10-5FA0-4EE1-AD75-3A7EB94F5C19}"= TCP:c:\program files\RayV\RayV\RayV.exe:RayV
"{2350FC20-8D2F-4C32-AA9C-90599F71D985}"= UDP:c:\program files\RayV\RayV\RayV.dll:RayV
"{BE75D9DF-653F-4BB0-BE00-BF841290C1CD}"= TCP:c:\program files\RayV\RayV\RayV.dll:RayV
"{A42FE5EE-A73B-4678-A948-717F22080F8D}"= UDP:c:\program files\RayV\RayV\RayV.exe:RayV
"{3EB6883C-BF3D-42E8-B9C4-CEDA44747A01}"= TCP:c:\program files\RayV\RayV\RayV.exe:RayV
"{7EA00B2A-7CB5-4188-A704-4D757958598C}"= UDP:c:\program files\RayV\RayV\RayV.dll:RayV
"{B83C1EFD-AFD2-4777-8003-3BE2D3BB60AB}"= TCP:c:\program files\RayV\RayV\RayV.dll:RayV
"{25C44D16-E180-4D82-B04E-90C76CDB572C}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:Blizzard Downloader
"{0F2BBE2C-4977-4A97-AF10-DEAF7F0612FE}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:Blizzard Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

R3 dhdusb.NTx86;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\DRIVERS\bcmusbdhdlh.sys [2007-09-20 241656]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 202872]
R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-12-15 570880]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-04 7408]
R3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\Drivers\xbreader.sys [2001-01-03 19677]
R4 gupdate1c990d4364974e0;Google Update Service (gupdate1c990d4364974e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 133104]
R4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-03-30 38448]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-04 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-04 74480]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2007-01-15 354432]

.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
TCP: {02E6CBA4-8781-47F5-A589-BF56C1769B39} = 205.171.3.65,205.171.2.65
TCP: {4829F261-888A-41AF-B8E6-A3CE273A9ECE} = 205.171.3.65,205.171.2.65
TCP: {661F7C4B-287E-424C-A54C-D9FD73AE460E} = 205.171.3.65,205.171.2.65
FF - ProfilePath - c:\users\God\AppData\Roaming\Mozilla\Firefox\Profiles\sc4c04ev.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\RayV\RayV\plugins\nprayvplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 05:12
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4058141398-2658812619-3498018259-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5f,29,67,a9,75,a2,b3,77,65,ad,bf,61,e6,a0,bd,15,62,bc,a2,80,e9,ee,13,
e5,7d,8c,f3,cb,a6,42,a2,b9,36,3e,59,cf,4e,22,b5,70,4e,8e,e7,36,4a,06,21,1d,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-4058141398-2658812619-3498018259-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:2a,13,5d,6e,ce,57,de,f2,ab,e8,5e,65,61,84,e9,be,f4,ce,de,04,4d,
b5,e4,74,c3,96,33,cd,0b,7d,3e,da,9b,3f,ab,aa,7e,55,a6,b8,27,ab,4f,97,c6,88,\
"rkeysecu"=hex:dd,bc,ad,1e,30,35,24,4f,1a,47,c7,1e,c5,3b,48,c4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-10-04 5:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-04 12:17

Pre-Run: 27,246,194,688 bytes free
Post-Run: 27,142,557,696 bytes free

375 --- E O F --- 2008-02-23 11:06




I am still wondering about this c:\windows\system32\drivers\wtfrxqfqwajwrlev.sys that was created the day my machine went haywire...what is it, and should it still be removed?

 

[Blade81]

Hi,

We'll nuke that file.


Open notepad and copy/paste the text in the quotebox below into it:

http://forums.spybot.info/showthread.php?p=339975#post339975
Collect::
c:\windows\system32\drivers\wtfrxqfqwajwrlev.sys
c:\program files\Common Files\ikalum.db
c:\windows\kegogasyd.dat
c:\windows\axoc.dat
c:\programdata\ivikavy.dat
c:\windows\yziha.dat
c:\program files\Common Files\cucyv.sys
c:\windows\zefilenyg.bin
c:\program files\Common Files\uwyvi.pif
c:\windows\system32\sirenacm.dll
c:\program files\yqiq.txt
Folder::
c:\program files\BitTorrent
c:\program files\BitLord
c:\program files\uTorrent
c:\program files\dc++
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{C67FD11B-98A8-4652-842F-3DACD89DF1CE}c:\\program files\\bittorrent\\bittorrent.exe"=-
"UDP Query User{0DF37492-8985-41CD-9C73-67866005EBE5}c:\\program files\\bittorrent\\bittorrent.exe"=-
"TCP Query User{5227F75F-3ED6-4B01-9A81-46189D2E8B9F}c:\\program files\\bittorrent\\bittorrent.exe"=-
"UDP Query User{31C2E7D3-E668-4462-9D40-FF08E1578C82}c:\\program files\\bittorrent\\bittorrent.exe"=-
"TCP Query User{893962B6-17E1-4778-ADEB-564E7A5984CA}c:\\program files\\dc++\\dcplusplus.exe"=-
"UDP Query User{C16419D7-AB6E-499F-A762-7BACCB74BEC2}c:\\program files\\dc++\\dcplusplus.exe"=-
"{9357DA39-01ED-4395-BD05-9F354711F7E9}"=-
"{A93001A3-3C11-472A-A248-6235F2739E91}"=-
"TCP Query User{F46AB807-9F8E-4363-BB51-C979599CC875}c:\\program files\\dc++\\dcplusplus.exe"=-
"UDP Query User{16971444-4BC2-49A2-A958-C0726C8D584A}c:\\program files\\dc++\\dcplusplus.exe"=-
"{713F0E2B-D1B8-4B42-8AA7-2338C8F300CE}"=-
"{0FE9D131-7432-4175-B59C-1D030938F67F}"=-
"{3A7FA16F-BB5F-4830-87C4-3C9873684389}"=-
"{18AD9FB3-1476-4428-8FA7-2484B4428977}"=-
"TCP Query User{63DE352C-C19B-4541-94A2-29AF412F0CAE}c:\\program files\\bitlord\\bitlord.exe"=-
"UDP Query User{2203490D-7DC9-44E5-AEA6-6B187EB11B69}c:\\program files\\bitlord\\bitlord.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe. You'll be asked to submit some samples during the process.
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.1 + updates 9.1.2 and 9.1.3 for it) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
• Click the
  Download
  button to the right.
• Select Windows on platform combobox and check the box that says:
  Accept License Agreement. Click continue.
  
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

 

[XvSiriusvX]

k ran Combofix, then followed the other instructions as given. Here are the resulting logs -

ComboFix 09-10-01.05 - God 10/04/2009 17:01.22.2 - NTFSx86
Running from: c:\users\God\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

file zipped: c:\program files\Common Files\cucyv.sys
file zipped: c:\program files\Common Files\ikalum.db
file zipped: c:\program files\Common Files\uwyvi.pif
file zipped: c:\program files\yqiq.txt
file zipped: c:\programdata\ivikavy.dat
file zipped: c:\windows\axoc.dat
file zipped: c:\windows\kegogasyd.dat
file zipped: c:\windows\system32\drivers\wtfrxqfqwajwrlev.sys
file zipped: c:\windows\system32\sirenacm.dll
file zipped: c:\windows\yziha.dat
file zipped: c:\windows\zefilenyg.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BitLord
c:\program files\BitLord\BitLord.xml
c:\program files\BitLord\Downloads.xml
c:\program files\BitLord\lang\lang_ar_ae.xml
c:\program files\BitLord\lang\lang_bg_bg.xml
c:\program files\BitLord\lang\lang_ca_es.xml
c:\program files\BitLord\lang\lang_cz_cz.xml
c:\program files\BitLord\lang\lang_da_dk.xml
c:\program files\BitLord\lang\lang_de_de.xml
c:\program files\BitLord\lang\lang_el_gr.xml
c:\program files\BitLord\lang\lang_en_us.xml
c:\program files\BitLord\lang\lang_es_ar.xml
c:\program files\BitLord\lang\lang_es_es.xml
c:\program files\BitLord\lang\lang_et_ee.xml
c:\program files\BitLord\lang\lang_fi_fi.xml
c:\program files\BitLord\lang\lang_fr_fr.xml
c:\program files\BitLord\lang\lang_gl_es.xml
c:\program files\BitLord\lang\lang_he_il.xml
c:\program files\BitLord\lang\lang_hu_hu.xml
c:\program files\BitLord\lang\lang_it_it.xml
c:\program files\BitLord\lang\lang_jp_jp.xml
c:\program files\BitLord\lang\lang_ko_kr.xml
c:\program files\BitLord\lang\lang_nb_no.xml
c:\program files\BitLord\lang\lang_nl_nl.xml
c:\program files\BitLord\lang\lang_pl_pl.xml
c:\program files\BitLord\lang\lang_pt_br.xml
c:\program files\BitLord\lang\lang_pt_pt.xml
c:\program files\BitLord\lang\lang_ro_ro.xml
c:\program files\BitLord\lang\lang_ru_ru.xml
c:\program files\BitLord\lang\lang_sk_sk.xml
c:\program files\BitLord\lang\lang_sl_si.xml
c:\program files\BitLord\lang\lang_sr_sr.xml
c:\program files\BitLord\lang\lang_sv_se.xml
c:\program files\BitLord\lang\lang_th_th.xml
c:\program files\BitLord\lang\lang_tr_tr.xml
c:\program files\BitLord\lang\lang_va_es.xml
c:\program files\BitLord\lang\lang_zh_tw.xml
c:\program files\BitLord\rules\ipfilter.dat
c:\program files\BitTorrent
c:\program files\BitTorrent\addrmap.dat
c:\program files\BitTorrent\plugin.inf
c:\program files\DC++\changelog.txt
c:\program files\DC++\dbghelp.dll
c:\program files\DC++\DCPlusPlus.chm
c:\program files\DC++\DCPlusPlus.exe
c:\program files\DC++\dcppboot.xml
c:\program files\DC++\Example.xml
c:\program files\DC++\License.txt
c:\program files\DC++\LICENSE-GeoIP.txt
c:\program files\DC++\LICENSE-OpenSSL.txt
c:\program files\DC++\magnet.exe
c:\program files\DC++\mingwm10.dll
c:\program files\DC++\unicows.dll
c:\program files\DC++\uninstall.exe
c:\program files\Common Files\cucyv.sys
c:\program files\Common Files\ikalum.db
c:\program files\Common Files\uwyvi.pif
c:\program files\yqiq.txt
c:\programdata\ivikavy.dat
c:\windows\axoc.dat
c:\windows\kegogasyd.dat
c:\windows\system32\drivers\wtfrxqfqwajwrlev.sys
c:\windows\system32\sirenacm.dll
c:\windows\yziha.dat
c:\windows\zefilenyg.bin

.
((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.

2009-10-05 00:07 . 2009-10-05 00:07 -------- d-----w- c:\users\God\AppData\Local\temp
2009-10-05 00:07 . 2009-10-05 00:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-05 00:07 . 2009-10-05 00:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-03 08:54 . 2009-10-01 17:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-27 01:03 . 2009-09-27 01:06 680 ----a-w- c:\users\God\AppData\Local\d3d9caps.dat
2009-09-26 04:20 . 2009-09-26 04:54 -------- d-----w- c:\program files\Warcraft III Non-Patched
2009-09-18 17:44 . 2009-09-19 21:44 -------- d-----w- c:\users\God\AppData\Local\Adobe
2009-09-17 23:10 . 2009-09-17 23:10 -------- d-----w- C:\found.001
2009-09-17 18:32 . 2009-09-17 18:32 -------- d-----w- c:\program files\Trend Micro
2009-09-17 18:11 . 2009-09-17 18:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-09-17 18:11 . 2009-09-18 13:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-17 18:11 . 2009-09-17 18:11 -------- d-----w- c:\users\God\AppData\Roaming\SUPERAntiSpyware.com
2009-09-17 05:28 . 2009-09-17 05:28 -------- d-----w- c:\program files\Alwil Software
2009-09-16 22:28 . 2009-09-16 22:28 -------- d-----w- C:\Autoruns
2009-09-16 21:02 . 2009-10-03 01:28 -------- d-----w- c:\users\God\Tracing
2009-09-16 21:01 . 2009-09-16 21:01 -------- d-----w- c:\program files\Microsoft
2009-09-16 21:01 . 2009-09-16 21:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-16 21:00 . 2009-09-16 21:01 -------- d-----w- c:\program files\Windows Live
2009-09-16 20:59 . 2009-09-16 20:59 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-26 04:23 . 2007-05-01 19:13 95967 ----a-w- c:\windows\War3Unin.dat
2009-09-26 04:23 . 2007-05-01 19:13 2829 ----a-w- c:\windows\War3Unin.pif
2009-09-26 04:23 . 2007-05-01 19:13 126976 ----a-w- c:\windows\War3Unin.exe
2009-09-26 04:16 . 2007-05-01 19:10 -------- d-----w- c:\program files\Warcraft III
2009-09-18 22:50 . 2008-11-12 02:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-17 20:42 . 2007-02-09 14:32 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-17 20:42 . 2007-02-09 14:33 -------- d-----w- c:\programdata\Symantec
2009-09-17 20:41 . 2007-02-09 14:33 -------- d-----w- c:\program files\Symantec
2009-09-17 18:10 . 2009-02-19 01:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-11 08:40 . 2008-05-10 09:38 -------- d-----w- c:\program files\DOSBox-0.72
2009-09-10 21:54 . 2008-11-12 02:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2008-11-12 02:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 06:54 . 2007-02-09 13:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-02 06:53 . 2009-09-02 06:53 -------- d-----w- c:\program files\Linksys
2009-09-02 06:22 . 2009-09-02 06:22 -------- d-----w- c:\program files\Dynex G USB Network Adapter
2009-08-30 01:02 . 2009-08-30 01:02 -------- d-----w- c:\program files\EASEUS
2009-08-21 23:15 . 2009-08-21 23:15 -------- d-----w- c:\users\God\AppData\Roaming\RayV
2009-08-21 23:14 . 2009-08-21 23:14 -------- d-----w- c:\program files\RayV
2009-08-21 02:32 . 2009-08-21 02:32 -------- d-----w- c:\program files\Photo Album
2009-08-18 02:10 . 2008-05-13 09:42 -------- d-----w- c:\program files\Microsoft SQL Server
2009-08-18 02:10 . 2007-02-09 14:15 -------- d-----w- c:\programdata\Microsoft Help
2009-08-18 02:06 . 2009-08-18 02:03 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-08-18 02:04 . 2009-08-18 02:03 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-08-18 02:00 . 2009-08-18 02:00 -------- d-----w- c:\program files\Microsoft SDKs
2009-08-18 01:57 . 2009-08-18 01:57 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-08-18 01:57 . 2009-08-18 01:57 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-08-18 01:57 . 2009-08-18 01:57 11264 ----a-w- c:\windows\system32\icardres.dll
2009-08-18 01:57 . 2009-08-18 01:57 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-18 01:57 . 2009-08-18 01:57 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-08-18 01:57 . 2009-08-18 01:57 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-08-18 01:57 . 2009-08-18 01:57 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-08-18 01:45 . 2009-08-18 01:45 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-08-18 01:45 . 2009-08-18 01:45 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-08-18 01:45 . 2009-08-18 01:45 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-08-18 01:45 . 2009-08-18 01:45 83968 ----a-w- c:\windows\system32\mscories.dll
2009-08-18 01:45 . 2009-08-18 01:45 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-08-17 04:43 . 2007-05-17 01:36 -------- d-----w- c:\program files\Starcraft
2009-08-16 18:45 . 2009-08-16 18:45 -------- d-----w- c:\program files\Western Digital Corporation
2009-08-15 08:33 . 2009-08-15 08:20 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-08-11 21:42 . 2009-08-11 21:42 -------- d-----w- c:\program files\PC Inspector File Recovery
2009-08-11 17:07 . 2009-08-11 17:07 -------- d-----w- c:\program files\WinUndelete
.

((((((((((((((((((((((((((((( SnapShot@2009-10-04_12.13.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-02-09 14:44 . 2009-10-04 12:29 31782 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-04 12:29 69458 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-04-28 07:10 . 2009-10-04 12:29 10604 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4058141398-2658812619-3498018259-1000_UserData.bin
+ 2007-04-28 07:17 . 2009-10-04 21:53 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-04-28 07:17 . 2009-10-04 00:29 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-04-28 07:17 . 2009-10-04 00:29 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-04-28 07:17 . 2009-10-04 21:53 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-28 07:17 . 2009-10-04 00:29 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-04-28 07:17 . 2009-10-04 21:53 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-04-29 01:24 . 2009-09-07 08:51 2682 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2007-04-29 01:24 . 2009-10-04 13:39 2682 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-10-04 16:45 . 2009-10-04 16:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-04 16:45 . 2009-10-04 16:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-10-04 16:52 444202 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-10-04 16:52 1602894 c:\windows\System32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-10 90192]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-10 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-10 81920]
"MSConfig"="c:\windows\System32\msconfig.exe" [2006-11-02 222208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=c:\windows\pss\GetRight - Tray Icon.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^God^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Heroes of Might & Magic 5.LNK]
path=c:\users\God\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5.LNK.Startup
backupExtension=.Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{26196EA3-C3A5-4E52-8639-378CCD48E919}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8ED9198E-88E9-4FC6-A175-5D370491351E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3E40D532-807E-4817-82AF-9663E6904A7B}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{DE06A27E-4C43-4096-BC87-2F3F35BE3663}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{517C1DF7-3350-4623-BDD0-A089F7280BB8}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{B6907B4A-B2F2-4B9A-8E9F-86A900A77496}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{BAACC9BF-2F2D-4B3F-BD97-7943549C16EF}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{C0732967-EBA3-4692-9101-6441CE90F3EC}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{92D16FFE-3827-4167-A697-96922BC60EFA}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{A974D757-AF29-4889-A452-DA741D2938B3}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0BE2B827-0842-432D-A6B5-19989399CDF8}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{24EE35E3-1883-439B-A1BF-E16011E8ACEB}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8538C621-E095-4FA6-8750-47507F1012E7}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7F377FE4-F98D-42AC-B5D8-EEE41A80F757}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{71EB98AF-4B7D-4682-B743-4E55C7565689}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{8D16B031-CCC0-4ACA-BDAB-9E67DE736150}c:\\program files\\aim\\aim.exe"= UDP:c:\program files\aim\aim.exe:AOL Instant Messenger
"UDP Query User{8F774461-2148-432A-AD4C-1C4960DBD8C7}c:\\program files\\aim\\aim.exe"= TCP:c:\program files\aim\aim.exe:AOL Instant Messenger
"TCP Query User{9C8EB56E-238A-47FD-B6ED-4E6F55D55E88}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{62C0404B-B635-488E-9407-E97E8FCB53FB}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{2980634D-BBB1-4C0C-8327-C55CA39F4A01}"= c:\program files\Electronic Arts\Command & Conquer 3\RetailExe\1.0\cnc3game.dat:Command & Conquer 3 Tiberium Wars
"TCP Query User{8D09BB90-2412-41A9-A7CD-E4B774D11A03}c:\\users\\god\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\god\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{64FBB2A3-E4B4-4DEE-AF5C-D5A6E81C8A1F}c:\\users\\god\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\god\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"TCP Query User{B355E7D4-36F8-4A85-87F8-E60C5286D796}c:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.4\\cnc3game.dat"= UDP:c:\program files\electronic arts\command & conquer 3\retailexe\1.4\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{DFD3318C-4A61-413E-8584-5240FFE199FA}c:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.4\\cnc3game.dat"= TCP:c:\program files\electronic arts\command & conquer 3\retailexe\1.4\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"TCP Query User{9BED35EE-C58A-4F9D-B77C-28F1EE38E555}c:\\westwood\\dune2000\\dune2000.dat"= UDP:c:\westwood\dune2000\dune2000.datune2000
"UDP Query User{4C415A29-DAF5-4ACE-9C70-9E466A64313E}c:\\westwood\\dune2000\\dune2000.dat"= TCP:c:\westwood\dune2000\dune2000.datune2000
"TCP Query User{79F6DAC0-A615-4B77-A58B-A81EBE7EAD52}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:Starcraft
"UDP Query User{FE2A8E6D-57E7-49D0-8764-533B5739FE92}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:Starcraft
"TCP Query User{5A5FF2C5-2AF8-4EA3-961D-C59D281B0A81}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{75DEDAE8-304F-439E-9B40-BB795FC0DA5F}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{ED462B4F-72A5-418F-A095-4CD413950288}"= UDP:6112:B.net
"{F182C4DC-0749-4E00-8BCB-B03B0375D48B}"= UDP:6113:B.net
"{ED638FC2-26F9-415F-A771-208E013E4BEB}"= UDP:6114:B.net
"{06776857-3006-4012-948C-9DF739117DF0}"= UDP:6115:B.net
"{080171F4-F98B-4B34-9774-7F6259FED636}"= UDP:6116:B.net
"{0EAA7923-29EA-4CBB-9134-790BC026009B}"= UDP:6117:B.net
"{977AA017-F67D-4690-BB09-01BBEC10A0AE}"= UDP:6118:B.net
"{2699B3E2-0E72-4841-B546-B621ED6CFD58}"= UDP:6119:B.net
"{8E59963D-D832-4626-BDCD-D4CDCF717DBF}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E2E03474-BDDE-420C-BDB4-36AA1E7E7A6D}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{50EC4FC5-181A-46DD-879A-34BD2D3D63E7}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9C1C0D33-9796-40F6-AA10-4DD82412A33D}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{21F02CC3-8343-4144-89B2-48DDB47055E0}"= UDP:c:\program files\EA Games\The Battle for Middle-earth (tm)\game.dat:The Battle for Middle-earth (tm)
"{28B26B33-D918-4803-BECF-6E03C171BD4F}"= TCP:c:\program files\EA Games\The Battle for Middle-earth (tm)\game.dat:The Battle for Middle-earth (tm)
"{B7B47648-2FFB-4B3F-A133-12BF51510F30}"= UDP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{BF1F0559-A45F-47C8-AC45-13A40415B40C}"= TCP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"TCP Query User{92E69FF4-225C-46AB-ACF0-3AD19046FD89}c:\\program files\\ea games\\the battle for middle-earth (tm)\\patchget.dat"= UDP:c:\program files\ea games\the battle for middle-earth (tm)\patchget.datatchgrabber
"UDP Query User{EA65CE03-2EC0-4144-A462-16CE734037C2}c:\\program files\\ea games\\the battle for middle-earth (tm)\\patchget.dat"= TCP:c:\program files\ea games\the battle for middle-earth (tm)\patchget.datatchgrabber
"TCP Query User{9D40094E-5988-4AA4-91AD-B392D5E96CD6}c:\\program files\\aim\\aim.exe"= UDP:c:\program files\aim\aim.exe:AOL Instant Messenger
"UDP Query User{7C0300AD-6FDC-41C2-A3F9-FC9A089CCD88}c:\\program files\\aim\\aim.exe"= TCP:c:\program files\aim\aim.exe:AOL Instant Messenger
"TCP Query User{B4C7D793-5666-49DA-8C97-26FCEC48A2D1}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{9D94ECDC-EA9B-4290-B246-45B5BC2E667F}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{34F3FBFC-A008-4310-A27E-B15439F5B33D}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{48C4016F-CCCA-4579-9402-B6F5363AB0B8}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{673D4604-243B-4C43-B44F-A1E9A2A2E59B}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{FF65BDD6-4BF6-4FC0-A1FD-93C32D408410}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{512EAE54-D761-48C3-8CD2-D71441C1599F}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{7EAE77F3-055A-410D-B847-94F5AA1C7C36}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{6CC96A6D-EFEC-47C9-B9C1-E4E07EFC49BD}"= UDP:c:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{434C1B63-FD30-43F1-A356-8E6AB88E4D75}"= TCP:c:\program files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{0DF9CFF0-164B-4A48-BD93-2E6D0BEF0990}"= Disabled:UDP:c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{66FA5505-E381-41ED-AC85-1EFA5134516B}"= Disabled:TCP:c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"TCP Query User{B3DBDE79-CBDA-4207-B144-4B706091584C}c:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.5\\cnc3game.dat"= UDP:c:\program files\electronic arts\command & conquer 3\retailexe\1.5\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{C8E858EF-3A3E-47B7-B391-F76942F06436}c:\\program files\\electronic arts\\command & conquer 3\\retailexe\\1.5\\cnc3game.dat"= TCP:c:\program files\electronic arts\command & conquer 3\retailexe\1.5\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"TCP Query User{947C9B61-CDF0-48D5-850B-290D28469D8E}c:\\users\\god\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\god\appdata\local\temp\electronicarts_patcher_000.exe:Command and Conquer 3 Tiberium Wars™ Launcher
"UDP Query User{F2AF3FB1-846A-48FC-8C70-A27DB3605BA0}c:\\users\\god\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\god\appdata\local\temp\electronicarts_patcher_000.exe:Command and Conquer 3 Tiberium Wars™ Launcher
"{E8CF3913-9046-440B-84DF-42314CC18153}"= TCP:6112:BNET
"TCP Query User{8B8C899B-B1DD-4B3F-BABB-E9B3C1A9F14B}c:\\program files\\njstar communicator\\minismtp.exe"= UDP:c:\program files\njstar communicator\minismtp.exe:NJStar Mini SMTP Server
"UDP Query User{7B73ED02-C529-42EB-ACAB-54BB2E0AAE64}c:\\program files\\njstar communicator\\minismtp.exe"= TCP:c:\program files\njstar communicator\minismtp.exe:NJStar Mini SMTP Server
"{C85D37A4-F163-425F-BC6C-8D72A4AA6302}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{53326890-DDFD-4C3B-83E6-7F322C97EC6C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3A7FA16F-BB5F-4830-87C4-3C9873684389}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{18AD9FB3-1476-4428-8FA7-2484B4428977}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{FDE982CC-3FF6-4217-A607-6C0AC6711901}c:\\program files\\ea games\\red alert 3 beta\\retailexe\\1.2\\ra3game.dat"= UDP:c:\program files\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat:Command and Conquer Red Alert 3™
"UDP Query User{76D857FD-DEDE-4451-8C05-B21E5EE5A206}c:\\program files\\ea games\\red alert 3 beta\\retailexe\\1.2\\ra3game.dat"= TCP:c:\program files\ea games\red alert 3 beta\retailexe\1.2\ra3game.dat:Command and Conquer Red Alert 3™
"{DFD69AE9-8EC7-496F-BA97-9B508AB01BE8}"= c:\program files\Electronic Arts\Command & Conquer 3 Kane's Wrath\RetailExe\1.0\cnc3ep1.dat:Command & Conquer(tm) 3: Kane's Wrath
"TCP Query User{E9B84F8C-F03A-4531-9511-9EAEAF5F3BEA}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0BB8F4DA-1AF5-46F7-B262-C147FB85CCFF}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{BF584BCB-3844-4D11-BD70-033FF72C0B83}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:Blizzard Downloader
"{D76375EF-7C03-43D6-8244-D258323B8535}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:Blizzard Downloader
"{B3B70193-33E8-4678-BD30-4DA162DFCC6E}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{E1ABFCCE-8E52-4E4E-B2C7-95F8F101E16E}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.3.game"= UDP:c:\program files\electronic arts\red alert 3\data\ra3_1.3.game:Command & Conquer™ Red Alert™ 3
"UDP Query User{E877B667-D13D-4914-AFAB-D84C4DB0A9E1}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.3.game"= TCP:c:\program files\electronic arts\red alert 3\data\ra3_1.3.game:Command & Conquer™ Red Alert™ 3
"TCP Query User{23F824E7-C03A-4F5E-BEBC-B5468C0F77EE}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{2DDB33C0-6E46-41BB-9092-957A7F7495DB}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{EC50BF5D-9B86-4CDB-A927-91021458DC8C}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{6D376A83-783A-4015-B844-B95544A7FA2B}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{E8B56CA2-3095-48AE-BBE6-58CE5878FE41}"= UDP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{DBB01B00-17C5-4ADA-873C-38BF70128375}"= TCP:c:\users\Public\Games\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{C3D0CA3A-B4E1-4507-ADFA-73A767520D13}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{7550AD99-DF57-4C40-8084-8AF683D06AFD}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{52DC1ECA-1454-4C8B-A2AB-2E3BE589196A}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{96C70FE3-2A7B-4637-A4B7-9CC883CBB872}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{68926876-C642-4F89-9B29-20EA7C23B817}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{CA37B39A-32DE-41A3-A646-EB69D6F69D61}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{C0572B0B-D866-47D7-8406-265DE452095C}"= UDP:c:\program files\Autodesk\3ds Max 2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit
"{A1C2F8DE-E250-4656-B932-0D556E0C5881}"= TCP:c:\program files\Autodesk\3ds Max 2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit
"TCP Query User{647301F6-B2B7-4926-B3E2-4E52FB285E0D}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{11267CD2-4495-43B4-AE53-6BCA294A6EE6}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{377E4EE4-42F7-4A9D-97B6-0E3BBDB44DD9}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:Blizzard Downloader
"{08F6C6E2-281B-4FDC-9B80-A0570FC4A320}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:Blizzard Downloader
"{84AF128E-CC39-453F-B5D8-D0875F19BA3C}"= UDP:c:\program files\RayV\RayV\RayV.exe:RayV
"{8505BF10-5FA0-4EE1-AD75-3A7EB94F5C19}"= TCP:c:\program files\RayV\RayV\RayV.exe:RayV
"{2350FC20-8D2F-4C32-AA9C-90599F71D985}"= UDP:c:\program files\RayV\RayV\RayV.dll:RayV
"{BE75D9DF-653F-4BB0-BE00-BF841290C1CD}"= TCP:c:\program files\RayV\RayV\RayV.dll:RayV
"{A42FE5EE-A73B-4678-A948-717F22080F8D}"= UDP:c:\program files\RayV\RayV\RayV.exe:RayV
"{3EB6883C-BF3D-42E8-B9C4-CEDA44747A01}"= TCP:c:\program files\RayV\RayV\RayV.exe:RayV
"{7EA00B2A-7CB5-4188-A704-4D757958598C}"= UDP:c:\program files\RayV\RayV\RayV.dll:RayV
"{B83C1EFD-AFD2-4777-8003-3BE2D3BB60AB}"= TCP:c:\program files\RayV\RayV\RayV.dll:RayV
"{25C44D16-E180-4D82-B04E-90C76CDB572C}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:Blizzard Downloader
"{0F2BBE2C-4977-4A97-AF10-DEAF7F0612FE}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:Blizzard Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

R3 dhdusb.NTx86;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\DRIVERS\bcmusbdhdlh.sys [2007-09-20 241656]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 202872]
R3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-12-15 570880]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-09-04 7408]
R3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\Drivers\xbreader.sys [2001-01-03 19677]
R4 gupdate1c990d4364974e0;Google Update Service (gupdate1c990d4364974e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-17 133104]
R4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
S0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2007-03-30 38448]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-09-04 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-04 74480]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2007-01-15 354432]

.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
TCP: {02E6CBA4-8781-47F5-A589-BF56C1769B39} = 205.171.3.65,205.171.2.65
TCP: {4829F261-888A-41AF-B8E6-A3CE273A9ECE} = 205.171.3.65,205.171.2.65
TCP: {661F7C4B-287E-424C-A54C-D9FD73AE460E} = 205.171.3.65,205.171.2.65
FF - ProfilePath - c:\users\God\AppData\Roaming\Mozilla\Firefox\Profiles\sc4c04ev.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\RayV\RayV\plugins\nprayvplugin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 17:07
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4058141398-2658812619-3498018259-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:5f,29,67,a9,75,a2,b3,77,65,ad,bf,61,e6,a0,bd,15,62,bc,a2,80,e9,ee,13,
e5,7d,8c,f3,cb,a6,42,a2,b9,36,3e,59,cf,4e,22,b5,70,4e,8e,e7,36,4a,06,21,1d,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-4058141398-2658812619-3498018259-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:2a,13,5d,6e,ce,57,de,f2,ab,e8,5e,65,61,84,e9,be,f4,ce,de,04,4d,
b5,e4,74,c3,96,33,cd,0b,7d,3e,da,9b,3f,ab,aa,7e,55,a6,b8,27,ab,4f,97,c6,88,\
"rkeysecu"=hex:dd,bc,ad,1e,30,35,24,4f,1a,47,c7,1e,c5,3b,48,c4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-05 17:12
ComboFix-quarantined-files.txt 2009-10-05 00:11
ComboFix2.txt 2009-10-04 12:17

Pre-Run: 26,766,209,024 bytes free
Post-Run: 27,883,425,792 bytes free

409 --- E O F --- 2008-02-23 11:06



Here is the Kaspersky scan log -



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, October 5, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, October 05, 2009 09:53:53
Records in database: 2915545
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
R:\

Scan statistics:
Objects scanned: 277820
Threats found: 3
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 05:30:27


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Windows\System32\drivers\wtfrxqfqwajwrlev.sys.vir Infected: Packed.Win32.Tdss.c 1
C:\Qoobox\Quarantine\[4]-Submit_2009-10-04_17.00.27.zip Infected: Packed.Win32.Tdss.c 1
C:\Users\God\Desktop\Appl Inst\Alcohol120_1.9.6.5403.rar Infected: Trojan-Downloader.Win32.Agent.brf 1
C:\Users\God\Documents\download\xvsiriusvx\FruityLoops3\Plugins\Fruity\Generators\Fruity DX10\Fruity DX10.dll Infected: Trojan-PSW.Win32.Delf.dnd 1
C:\Users\God\Documents\download\xvsiriusvx\Fruityloops3.5\Fruity DX 10 for FruityLoops.exe Infected: Trojan-PSW.Win32.Delf.dnd 1
C:\Users\God\Documents\download\xvsiriusvx\Fruityloops3.5\Plugins\Fruity\Generators\Fruity DX10\Fruity DX10.dll Infected: Trojan-PSW.Win32.Delf.dnd 1

Selected area has been scanned.



And here is the DDS scan -

DDS (Ver_09-07-30.01) - NTFSx86
Run by God at 2:16:01.34 on Tue 10/06/2009
Internet Explorer: 7.0.6000.16609 BrowserJavaVersion: 1.6.0_16

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = hxxp://www.google.com
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Download with GetRight - c:\program files\getright\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files\getright\GRbrowse.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {02E6CBA4-8781-47F5-A589-BF56C1769B39} = 205.171.3.65,205.171.2.65
TCP: {4829F261-888A-41AF-B8E6-A3CE273A9ECE} = 205.171.3.65,205.171.2.65
TCP: {661F7C4B-287E-424C-A54C-D9FD73AE460E} = 205.171.3.65,205.171.2.65
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\god\appdata\roaming\mozilla\firefox\profiles\sc4c04ev.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\rayv\rayv\plugins\nprayvplugin.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-04 18:04 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-04 17:50 <DIR> --d----- c:\programdata\Adobe
2009-10-04 17:12 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-10-04 17:00 1,225 a------- C:\CF-Submit.htm
2009-10-04 04:57 229,888 a------- c:\windows\PEV.exe
2009-10-04 04:57 161,792 a------- c:\windows\SWREG.exe
2009-10-04 04:57 98,816 a------- c:\windows\sed.exe
2009-10-03 01:54 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-29 11:02 2,004 a------- c:\windows\IMM02D.ini
2009-09-29 11:01 2,004 a------- c:\windows\IMM02C.ini
2009-09-29 10:57 2,004 a------- c:\windows\IMM02B.ini
2009-09-29 10:55 2,004 a------- c:\windows\IMM02A.ini
2009-09-29 10:47 332 a------- c:\windows\YAN2.INI
2009-09-25 21:20 <DIR> --d----- c:\program files\Warcraft III Non-Patched
2009-09-17 16:10 <DIR> --d----- C:\found.001
2009-09-17 11:32 <DIR> --d----- c:\program files\Trend Micro
2009-09-17 11:11 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-09-17 11:11 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-09-17 11:11 <DIR> --d----- c:\users\god\appdata\roaming\SUPERAntiSpyware.com
2009-09-17 11:11 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-16 15:28 <DIR> --d----- C:\Autoruns
2009-09-16 14:02 <DIR> --d----- c:\users\god\Tracing
2009-09-16 14:01 <DIR> --d----- c:\program files\Microsoft
2009-09-16 14:01 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-09-16 13:59 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-09-25 21:23 95,967 a------- c:\windows\War3Unin.dat
2009-09-25 21:23 2,829 a------- c:\windows\War3Unin.pif
2009-09-25 21:23 126,976 a------- c:\windows\War3Unin.exe
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-01 23:54 86,016 a------- c:\windows\inf\infstor.dat
2009-09-01 23:54 51,200 a------- c:\windows\inf\infpub.dat
2009-09-01 23:54 86,016 a------- c:\windows\inf\infstrng.dat
2009-08-17 18:57 622,080 a------- c:\windows\system32\icardagt.exe
2009-08-17 18:57 97,800 a------- c:\windows\system32\infocardapi.dll
2009-08-17 18:57 11,264 a------- c:\windows\system32\icardres.dll
2009-08-17 18:57 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-08-17 18:57 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-08-17 18:57 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-08-17 18:57 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-08-17 18:45 96,760 a------- c:\windows\system32\dfshim.dll
2009-08-17 18:45 41,984 a------- c:\windows\system32\netfxperf.dll
2009-08-17 18:45 282,112 a------- c:\windows\system32\mscoree.dll
2009-08-17 18:45 158,720 a------- c:\windows\system32\mscorier.dll
2009-08-17 18:45 83,968 a------- c:\windows\system32\mscories.dll
2008-11-11 18:46 12,963 a------- c:\programdata\ytataziw.dat
2008-11-11 18:46 12,963 a------- c:\progra~2\ytataziw.dat
2008-04-06 18:45 4,148 a------- c:\users\god\appdata\roaming\wklnhst.dat
2008-02-23 16:41 665,600 a------- c:\windows\inf\drvindex.dat
2007-08-30 00:30 174 a--sh--- c:\program files\desktop.ini

============= FINISH: 2:16:18.00 ===============

 

[Blade81]

Hi,

Upload C:\Qoobox\Quarantine\[4]-Submit_2009-10-04_17.00.27.zip file here. Kindly include a link to this topic.

Let me know when you've submitted the file.

 

[XvSiriusvX]

It is done.