Another Redirect

[facial26]

All my searches go throught copy book? Though i might aswell try this out!
Thanks for any help in advance
Sam


Well i ran GMER and i get "this program stopped working" halfway through?

[facial26]

I just tried some virus scans aswell, and now they all crash before completion?

[sUBs]

We can't help you when you don't post the logs we request.


Please follow the instructs from this webpage (sticky):

http://www.techsupportforum.com/secu...oval-help.html

You shall have a proper set of logs for us after that.

[facial26]

i can still not get gmer to run all the way through. here are the dds.


DDS (Version 1.0) - NTFSx86
Run by Sam Harris at 14:44:36.14 on 06/12/2008
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.3071.989 [GMT 0:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Bonjour\mDNSResponder.exe
c:\hp\HPEZBTN\HPBtnSrv.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kontiki\KService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehRecvr.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Program Files\iTunes\iTunes.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Sam Harris\Downloads\dds(3).com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [Windows*Updates] c:\windows\system\Update.exe
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [<NO NAME>]
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [Windows*Updates] c:\windows\system\Update.exe
mRun: [9F.tmp] c:\windows\temp\9F.tmp
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bizche~1.lnk - c:\program files\samsung\samsung biz reader\BizChecker.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\fortem~1.lnk - c:\program files\lg soft india\fortemanager\bin\Monitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-gb\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
TCP: {A1C5FADE-65A5-4C2F-9024-8E545C5B9CD9} = 85.255.112.126;85.255.112.131
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-26 28544]
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20080926.005\IDSvix86.sys [2008-9-29 270384]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2008-4-14 198240]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2008-11-6 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-14 99376]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2008-4-14 1176064]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-4-14 464384]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\SYMNDISV.SYS [2008-6-13 41008]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-12-3 51280]
S2 Windows Tribute Service;Windows Tribute Service;c:\windows\system32\kdyqh.exe -srv []
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 LGDDCDevice;LGDDCDevice;\??\c:\program files\lg soft india\fortemanager\bin\I2CDriver.sys [2008-7-30 14336]
S3 LGII2CDevice;LGII2CDevice;\??\c:\program files\lg soft india\fortemanager\bin\PII2CDriver.sys [2008-7-30 13312]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-20 29192]

=============== Created Last 30 ================

2008-12-03 12:13 51,280 a------- c:\windows\system32\drivers\aswMonFlt.sys
2008-12-03 12:08 <DIR> --d----- c:\program files\Sophos
2008-12-02 01:09 250 a------- c:\windows\gmer.ini
2008-12-02 00:32 <DIR> --d----- c:\program files\iPod
2008-12-02 00:32 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-02 00:32 <DIR> --d----- c:\program files\iTunes
2008-12-02 00:32 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 21:17 <DIR> --d----- c:\programdata\WEBREG
2008-12-01 21:17 <DIR> --d----- c:\progra~2\WEBREG
2008-12-01 21:04 <DIR> --d----- c:\programdata\HPSSUPPLY
2008-12-01 19:27 127,930 a------- c:\windows\hppins22.dat
2008-12-01 19:26 258,048 a------- c:\windows\system32\hpzids01.dll
2008-12-01 19:26 1,504 a------- c:\windows\hppmdl22.dat
2008-11-28 17:25 1,228,579 a------- c:\windows\LightWave 3D 9 Uninstaller.exe
2008-11-28 17:25 <DIR> --d----- c:\program files\NewTek
2008-11-26 16:57 <DIR> --d----- c:\users\samhar~1\appdata\roaming\PeerNetworking
2008-11-26 13:22 16,952 -------- c:\windows\system32\drivers\RkPavproc1.sys
2008-11-26 13:20 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2008-11-26 13:19 <DIR> --d----- c:\program files\Panda Security
2008-11-21 16:31 356,352 a------- c:\windows\system32\RealMediaSplitter.ax
2008-11-21 16:31 <DIR> --d----- c:\program files\Free iPod Video Converter
2008-11-20 14:22 <DIR> --d----- c:\users\samhar~1\appdata\roaming\Red Alert 3
2008-11-20 13:22 29,192 a------- c:\windows\system32\drivers\ndisprot.sys
2008-11-20 13:22 <DIR> --dshr-- C:\resycled
2008-11-20 13:22 103 ---shr-- C:\autorun.inf
2008-11-20 13:22 <DIR> --d----- c:\program files\homeview
2008-11-16 14:14 <DIR> --d----- c:\users\samhar~1\appdata\roaming\Sports Interactive
2008-11-16 14:14 <DIR> --d----- c:\programdata\Sports Interactive
2008-11-16 14:14 <DIR> --d----- c:\progra~2\Sports Interactive
2008-11-16 14:11 15,128 a------- c:\windows\system32\x3daudio1_1.dll
2008-11-16 14:07 <DIR> --d-h--- c:\program files\Zero G Registry
2008-11-16 14:07 <DIR> --d----- c:\program files\Sports Interactive
2008-11-16 13:55 <DIR> --d-h--- c:\users\sam harris\InstallAnywhere
2008-11-15 14:29 19,588,096 a------- c:\windows\system32\imageres.dll
2008-11-15 14:28 <DIR> --d----- c:\programdata\Stardock
2008-11-15 14:28 <DIR> --d----- c:\progra~2\Stardock
2008-11-15 14:28 567,040 a------- c:\windows\system32\wbocx.ocx
2008-11-15 14:28 56,496 a------- c:\windows\system32\wbhelp2.dll
2008-11-15 14:28 <DIR> --d----- c:\program files\Stardock
2008-11-14 19:21 118,832 a------- c:\windows\system32\SHW32.DLL
2008-11-14 19:21 327,680 a------- c:\windows\system32\vp6dec.ax
2008-11-14 19:09 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2008-11-14 14:32 <DIR> --d----- c:\programdata\Codemasters
2008-11-14 14:32 <DIR> --d----- c:\progra~2\Codemasters
2008-11-14 14:32 444,952 a------- c:\windows\system32\wrap_oal.dll
2008-11-14 14:32 109,080 a------- c:\windows\system32\OpenAL32.dll
2008-11-14 14:32 <DIR> --d----- c:\program files\OpenAL
2008-11-14 14:32 805,400 a----r-- c:\windows\system32\tmpF598.tmp
2008-11-14 14:32 805,400 a----r-- c:\windows\system32\tmpF402.tmp
2008-11-14 14:30 <DIR> --d-h--- c:\windows\msdownld.tmp
2008-11-14 14:28 <DIR> --d----- c:\windows\system32\directx
2008-11-14 02:54 <DIR> --d----- C:\logs3
2008-11-14 02:54 <DIR> --d----- c:\windows\Downloaded Installations

==================== Find3M ====================

2008-12-01 20:42 143,360 a------- c:\windows\inf\infstrng.dat
2008-12-01 20:42 51,200 a------- c:\windows\inf\infpub.dat
2008-12-01 20:42 86,016 a------- c:\windows\inf\infstor.dat
2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-10-20 14:41 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-10-10 04:52 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2008-10-10 04:52 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2008-10-10 04:52 452,440 a------- c:\windows\system32\d3dx10_40.dll
2008-08-02 03:00 174 a--sh--- c:\program files\desktop.ini
2008-08-02 02:57 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-14 20:08 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:47:18.36 ===============

[sUBs]

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Download & save ComboFix to your Desktop but don't run it yet
Open NOTEPAD and copy/paste the text in the quotebox below into it:

Code:

Collect::
c:\Windows\system\Update.exe
c:\Windows\temp\9F.tmp

Save this as "CFScript"





Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt.

[facial26]

this is the combofix log


ComboFix 08-12-06.06 - Sam Harris 2008-12-07 16:24:55.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1621 [GMT 0:00]
Running from: c:\users\Sam Harris\Desktop\ComboFix.exe
Command switches used :: c:\users\Sam Harris\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 16:26 --------- d-----w c:\programdata\Kontiki
2008-12-03 12:13 --------- d-----w c:\program files\Alwil Software
2008-12-03 12:08 --------- d-----w c:\program files\Sophos
2008-12-02 12:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-02 12:28 --------- d-----w c:\program files\Activision
2008-12-02 00:49 --------- d-----w c:\users\Sam Harris\AppData\Roaming\Apple Computer
2008-12-02 00:32 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-02 00:32 --------- d-----w c:\program files\iTunes
2008-12-02 00:32 --------- d-----w c:\program files\iPod
2008-12-02 00:32 --------- d-----w c:\program files\Common Files\Apple
2008-12-02 00:30 --------- d-----w c:\program files\QuickTime
2008-12-02 00:19 --------- d-----w c:\program files\Safari
2008-12-01 22:19 --------- d-----w c:\users\Sam Harris\AppData\Roaming\HP
2008-12-01 21:17 --------- d-----w c:\programdata\WEBREG
2008-12-01 21:16 --------- d-----w c:\programdata\HP
2008-12-01 21:04 --------- d-----w c:\programdata\HPSSUPPLY
2008-12-01 21:04 --------- d-----w c:\program files\HP
2008-12-01 21:02 --------- d-----w c:\program files\Common Files\HP
2008-11-28 17:46 --------- d-----w c:\users\Sam Harris\AppData\Roaming\uTorrent
2008-11-28 17:25 1,228,579 ----a-w c:\windows\LightWave 3D 9 Uninstaller.exe
2008-11-28 17:25 --------- d-----w c:\program files\NewTek
2008-11-26 16:57 --------- d-----w c:\users\Sam Harris\AppData\Roaming\PeerNetworking
2008-11-26 13:19 --------- d-----w c:\program files\Panda Security
2008-11-21 16:31 --------- d-----w c:\program files\Free iPod Video Converter
2008-11-21 02:18 --------- d-----w c:\program files\Wisdom-soft
2008-11-20 14:41 --------- d-----w c:\users\Sam Harris\AppData\Roaming\Red Alert 3
2008-11-20 13:49 --------- d-----w c:\program files\Electronic Arts
2008-11-20 13:22 29,192 ----a-w c:\windows\system32\drivers\ndisprot.sys
2008-11-20 13:22 --------- d-----w c:\program files\homeview
2008-11-19 16:06 --------- d-----w c:\programdata\Microsoft Help
2008-11-18 15:13 --------- d-----w c:\program files\InterCasino £££
2008-11-16 14:15 --------- d-----w c:\users\Sam Harris\AppData\Roaming\Sports Interactive
2008-11-16 14:14 --------- d-----w c:\programdata\Sports Interactive
2008-11-16 14:09 --------- d--h--w c:\program files\Zero G Registry
2008-11-16 14:07 --------- d-----w c:\program files\Sports Interactive
2008-11-15 14:29 19,588,096 ----a-w c:\windows\System32\imageres.dll
2008-11-15 14:28 --------- d-----w c:\programdata\Stardock
2008-11-15 14:28 --------- d-----w c:\program files\Stardock
2008-11-14 19:13 --------- d-----w c:\program files\EA SPORTS
2008-11-14 14:32 444,952 ----a-w c:\windows\System32\wrap_oal.dll
2008-11-14 14:32 109,080 ----a-w c:\windows\System32\OpenAL32.dll
2008-11-14 14:32 --------- d-----w c:\programdata\Codemasters
2008-11-14 14:32 --------- d-----w c:\program files\OpenAL
2008-11-14 02:54 --------- d-----w c:\program files\Kontiki
2008-11-13 21:54 --------- d--h--r c:\users\Sam Harris\AppData\Roaming\SecuROM
2008-11-07 00:42 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-27 10:04 70,992 ----a-w c:\windows\System32\XAPOFX1_2.dll
2008-10-27 10:04 514,384 ----a-w c:\windows\System32\XAudio2_3.dll
2008-10-27 10:04 235,856 ----a-w c:\windows\System32\xactengine3_3.dll
2008-10-27 10:04 23,376 ----a-w c:\windows\System32\X3DAudio1_5.dll
2008-10-24 00:33 --------- d-----w c:\program files\TryMedia
2008-10-24 00:19 --------- d-----w c:\users\Sam Harris\AppData\Roaming\Activision
2008-10-24 00:19 --------- d-----w c:\programdata\Activision
2008-10-24 00:15 --------- d-----w c:\program files\Team17
2008-10-21 14:24 --------- d-----w c:\program files\Sun
2008-10-21 14:09 --------- d-----w c:\program files\Java
2008-10-20 16:46 --------- d-----w c:\program files\Samsung
2008-10-20 16:44 --------- d-----w c:\users\Sam Harris\AppData\Roaming\InstallShield
2008-10-20 14:41 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-10-20 14:25 --------- d-----w c:\programdata\KONAMI
2008-10-20 14:17 --------- d-----w c:\program files\KONAMI
2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll
2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2008-10-16 14:08 162,064 ----a-w c:\windows\System32\wuwebv.dll
2008-10-16 13:56 31,232 ----a-w c:\windows\System32\wuapp.exe
2008-10-15 20:52 --------- d-----w c:\users\Sam Harris\AppData\Roaming\Skype
2008-10-15 20:34 --------- d-----w c:\users\Sam Harris\AppData\Roaming\skypePM
2008-10-14 20:48 --------- d-----w c:\users\Sam Harris\AppData\Roaming\Blender Foundation
2008-10-14 20:48 --------- d-----w c:\program files\Blender Foundation
2008-10-10 04:52 452,440 ----a-w c:\windows\System32\d3dx10_40.dll
2008-10-10 04:52 4,379,984 ----a-w c:\windows\System32\D3DX9_40.dll
2008-10-10 04:52 2,036,576 ----a-w c:\windows\System32\D3DCompiler_40.dll
2008-10-08 22:53 --------- d-----w c:\programdata\Office Genuine Advantage
2008-10-08 19:51 --------- d-----w c:\program files\Microsoft.NET
2008-10-08 19:48 --------- d-----w c:\users\Sam Harris\AppData\Roaming\GetRightToGo
2008-08-02 03:00 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-12-07_16.06.42.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-07 16:24:07 6,262,784 ----a-w c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2008-12-07 16:02:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-07 16:02:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-07 16:02:21 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-07 16:27:02 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-07 16:27:02 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-07-18 21:08:20 72,256 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2008-10-16 14:08:00 70,416 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
- 2008-12-07 16:02:54 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-07 16:24:15 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-07 16:02:54 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-07 16:24:15 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-07 16:02:54 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-07 16:24:15 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-03 18:32:55 108,122 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-07 1651 108,122 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-03 18:32:55 622,906 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-07 1651 622,906 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-01 20:47:07 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-12-07 16:23:25 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-12-01 21:16:00 70,126 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-07 16:04:48 70,730 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-01 20:47:22 141,243,717 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-12-07 16:22:16 141,536,421 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-10-16 21:12:19 561,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wuapi.dll
+ 2008-10-16 20:55:59 83,456 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wudriver.dll
+ 2008-10-16 21:08:57 34,328 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.2.6001.788_none_107673f57a433d77\wups.dll
+ 2008-10-16 13:56:04 31,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuapp.exe
+ 2008-10-16 14:08:00 162,064 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.2.6001.788_none_ba8134361ffa6f73\wuwebv.dll
+ 2008-10-16 21:09:43 51,224 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuauclt.exe
+ 2008-10-16 21:13:38 1,809,944 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wuaueng.dll
+ 2008-10-16 21:09:43 43,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.2.6001.788_none_2a6539a96682e474\wups2.dll
+ 2008-10-16 20:56:28 1,524,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.2.6001.788_none_a8125d5406872725\wucltux.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-14 1232896]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-01-19 942080]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8473120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2008-06-10 54672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"4oD"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 c:\windows\RtHDVCpl.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BizChecker.lnk - c:\program files\Samsung\Samsung Biz Reader\BizChecker.exe [2008-10-20 32768]
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2008-07-30 1064960]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1795595B-3BEB-430F-9C75-C6602604CEF0}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"TCP Query User{8B7F9270-BB7F-4ACF-81CA-8F3DA65D3467}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{6E95B784-6D67-40DA-8EE1-F85703677238}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{DE098A60-B9E2-4D44-B81E-04DDD179FB84}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B060D85D-3191-4F3C-8C55-C5135680BF84}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{1C87D4BA-371B-489E-83DA-061FE9A3BA0C}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{281340B1-5E0B-4D0A-AE8A-FCC6D8D3F577}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F0209C38-50E0-4CFF-AD5A-9D3319A2401C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3023391C-D3D3-46E4-BCDA-4D94DE537013}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{489C6517-B152-4A7F-890A-9E6E46BC3704}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{B4C54CAD-1D0D-49E3-B923-56455DAE9A07}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{D8CE6956-6B00-46D8-83CD-97B5D51EA151}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{B291CA01-BF58-4894-A51D-B050E6651FF0}"= UDP:64130:UT
"{678E56FB-69C0-4552-A7E4-3831C05796D6}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{352E111F-30F1-4502-808B-7976281DAA86}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{3D1D24BB-B0C7-4696-B02E-C48C717EBA4B}"= UDP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{7A9B53EB-4642-44B9-9D02-2E289F6C32BA}"= TCP:c:\program files\TVersity\Media Server\MediaServer.exe:TVersity Media Server
"{73F81B5B-E118-4583-87CE-AB5963EAD65E}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{8EB35804-AAE3-4944-8869-EAA13B375EDF}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{ADB49839-6977-4194-B635-BF4811D585E7}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{F1630344-458B-4149-9A83-70EA292CA76F}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{89C2C653-7112-4D9A-BA40-445D8D263A4B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CD89DD03-3027-497D-B292-74A2FA74826D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{620399A6-7F47-4F81-AA04-0B75A1AFB64F}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{317EFCBB-A3C3-49C1-87DB-925E1E0C627B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EE13EE6C-846C-480F-AD9C-7CF8E869B072}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E5A3E577-DD5C-4B3F-93DA-9863B5B6CC18}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{722F15C3-F22D-4491-8A90-D5FC792AE98B}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008
"{B2ED0B58-E361-4BC1-A985-6CA288757C66}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{40D2C4D0-80A2-4ED8-B08E-1AB6690701F6}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DFBC21F2-2E0B-4C7F-B090-3AE70ACCE1C2}"= UDP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{877B6F74-C22B-4880-8585-8A06B1427921}"= TCP:c:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009
"{D5598EF3-673A-4A37-9E97-5842928925A3}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{DA384D9E-8FA5-4390-AD90-DAFD007F5FDB}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{05778F7C-6F7A-42D9-8C99-BC01AB8DB62D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{13484D03-728C-4AE4-A9CD-B49AB985406B}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-11-26 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-03 78416]
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080926.005\IDSvix86.sys [2008-09-29 270384]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-03 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-12-03 51280]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2008-04-14 198240]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-11-06 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-14 99376]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2008-04-14 1176064]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2008-04-14 464384]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888]
S3 LGDDCDevice;LGDDCDevice;\??\c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2008-07-30 14336]
S3 LGII2CDevice;LGII2CDevice;\??\c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2008-07-30 13312]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-20 29192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23b8caeb-411e-11dd-a100-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75a322c7-92d6-11dd-bc12-f913e9b18959}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL f:\resycled\boot.com f:
\shell\Open\command - f:\resycled\boot.com f:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75a322cd-92d6-11dd-bc12-f913e9b18959}]
\shell\AutoRun\command - wd_windows_tools\setup.exe

*Newly Created Service* - ASWFSBLK
*Newly Created Service* - ASWMONFLT
*Newly Created Service* - ASWRDR
*Newly Created Service* - ASWSP
*Newly Created Service* - ASWTDI
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-12-01 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Sam Harris.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 11:19]

2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{EB29FF8B-EE09-4EBB-8AC0-732263DBBF8F}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = <local>;*.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FireFox -: Profile - c:\users\Sam Harris\AppData\Roaming\Mozilla\Firefox\Profiles\4dxe9ed0.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.uk/
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 16:27:06
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-07 16:28:27
ComboFix-quarantined-files.txt 2008-12-07 16:28:24
ComboFix2.txt 2008-12-07 16:07:21

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 434,276,851,712 bytes free

297 --- E O F --- 2008-09-26 12:52:30

[sUBs]

You ran ComboFix twice. We need the log from the first run. It's located at C:\QooBox\ComboFix2.txt


After posting that, visit http://www.kaspersky.com/service?chapter=161739400

Vista users right click on the Internet Explorer shortcut, and choose Run As Administrator.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

[facial26]

Here you go. it does seem as if everything is working again now though. I am just about to do the above.
Which would you say is the best protection software available?

Thanks

[sUBs]

Quote:

Which would you say is the best protection software available?

You already have one of the best protection available. Vista's UAC which you had disabled. :(

I'll wait for the Kaspersky scan results

[facial26]

ah. is there any other you would recomend? or is it a waste of money?

The Kaspersky starts doing the update then it crashes. do i have to do it in Internet Explorer, as apposed to firefox?
Thanks

[sUBs]

Use IE. It's more stable.

Let me know if you have troubles with IE

[facial26]

heres the kaspersky report :)


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 9, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 09, 2008 00:43:40
Records in database: 1444973
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\
L:\
M:\

Scan statistics:
Files scanned: 286707
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 04:09:01


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\autorun.inf.vir Infected: Worm.Win32.AutoRun.nuu 1
C:\Qoobox\Quarantine\C\Windows\system\Update.exe.vir Infected: Trojan.Win32.Buzus.aaup 1

The selected area was scanned.

[sUBs]

C:\QooBox] is ComboFix's quarantine folder. We'll take care of it when we uninstall ComboFix. Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

1. Uninstall ComboFix ... do not skip this step
   This process will perform some post cleanup measures.
   Do this by going to to Start > Run & typing in ComboFix /u
   
   
   
2. ANTIVIRUS SOFTWARE
   It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
   
   
   
3. Microsoft Windows Update → http://www.windowsupdate.com
   Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
   
   
4. SPYWAREBLASTER
   SpywareBlaster prevents the installation of malicious ActiveX, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies & restricts the actions of potentially unwanted sites.
   
   Unlike other programs, SpywareBlaster does not have to remain running in the background. A tutorial on installing & using this product can be found here → http://www.bleepingcomputer.com/forums/tutorial49.html

Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.

• http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  
  
• http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  
  
• http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  
  
• http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
  
  ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
  
  NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://computercops.biz/postlite7736-.html

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Kindly respond to this thread once more so we can mark this thread as resolved.

[facial26]

Thank you very much! Only one problem i have now i dont know if it is related. When i click go on my web browser, alot of the time it bring "page cannot be found" but as soon as i hit refresh it is fine?

Thanks for all your help

Sam

[sUBs]

Please show me a gmer log.

[facial26]

think this is right :)

[sUBs]

Quote:

When i click go on my web browser, alot of the time it bring "page cannot be found" but as soon as i hit refresh it is fine?

The logs looks okay. I think this may be due to some temporary issues with your ISP. Please give them a call.

[facial26]

Okay will do.
Thanks for all your help
Sam