Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Redirect Virus
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 06-29-2009, 10:41 AM   #1 (permalink)
Registered User
 
theMadHatter's Avatar
 
Join Date: Apr 2006
Location: Duanesburg, ny
Posts: 21
OS: Vista Ultimate 64 bit


Send a message via AIM to theMadHatter
Redirect Virus
Hello,
I've seen a lot of these lately, hopefully they aren't becoming annoying for you guys.

Symptoms:
Search results from search engines (I've tried google and yahoo) are redirected to random pages. Sometimes through a site called moogle. Also, not sure if this is related, whenever I would try to run antivirus scans (mcafee, malwarebyte's) the computer would reset. However when I renamed the executables and ran them they didn't cause trigger a reset.

Thanks a lot.



DDS (Ver_09-06-26.01) - NTFSx86
Run by Philip at 20:41:09.89 on Sun 06/28/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.1594 [GMT -4:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\AMD\CodeAnalyst\bin\CALoadService.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\LTSvc\LTSVC.exe
C:\Windows\LTSvc\LTSvcMon.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\vmnat.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\LTSVC\LTTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Philip\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gmail.com/
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: OpenLastClosedTab.LastClosedTab: {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [Aim6]
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [VMware hqtray] "c:\program files\vmware\vmware player\hqtray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [XeroxRegistation] "c:\users\philip\appdata\local\temp\xerox\ereg\EReg.exe" /Startup
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\networ~1.lnk - c:\windows\ltsvc\LTTray.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll
LSP: c:\program files\vmware\vmware player\vsocklib.dll
Trusted Zone: dyndns.biz\liberteks
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-6-15 28544]
R2 CALoadService;CALoadService;c:\program files\amd\codeanalyst\bin\CALoadService.exe [2008-10-30 65536]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2007-12-13 18944]
R2 LTService;Liberteks;c:\windows\ltsvc\ltsvc.exe -sltservice --> c:\windows\ltsvc\LTSVC.exe -sLTService [?]
R2 LTSvcMon;Liberteks CheckUp Util;c:\windows\ltsvc\LTSvcMon.exe [2009-6-10 86017]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-1-22 185640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-11 24652]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-10-29 54960]
R3 CAPROF;CAPROF;c:\program files\amd\codeanalyst\bin\caprof.sys [2008-10-30 47160]
S2 gupdate1c9f0e262a2b55a;Google Update Service (gupdate1c9f0e262a2b55a);c:\program files\google\update\GoogleUpdate.exe [2009-6-19 133104]
S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [2005-1-6 18048]

=============== Created Last 30 ================

2009-06-27 01:22 16,621 a------- c:\windows\system32\973z4hacktoo5ba.ocx
2009-06-26 21:50 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-06-26 21:50 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-26 21:50 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-06-24 09:58 <DIR> --d----- c:\users\philip\appdata\roaming\mplayer
2009-06-23 21:28 <DIR> --d----- c:\programdata\AOL Downloads
2009-06-23 08:33 17,637 a------- c:\windows\system32\24a55ddzare19699.cpl
2009-06-22 13:57 <DIR> --d----- c:\users\philip\appdata\roaming\Malwarebytes
2009-06-22 13:48 <DIR> --d----- c:\program files\Trend Micro
2009-06-22 13:43 232,249,642 a------- c:\windows\MEMORY.DMP
2009-06-22 12:51 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-22 12:51 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-22 12:51 <DIR> --d----- c:\programdata\Malwarebytes
2009-06-22 12:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-22 12:51 <DIR> --d----- c:\progra~2\Malwarebytes
2009-06-22 11:13 318,976 a------- c:\windows\system32\CF25607.exe
2009-06-22 11:02 <DIR> --d----- c:\program files\CCleaner
2009-06-21 16:19 691 a------- c:\users\philip\appdata\roaming\GetValue.vbs
2009-06-21 16:19 35 a------- c:\users\philip\appdata\roaming\SetValue.bat
2009-06-21 16:19 6,676 a------- c:\windows\system32\tmp.reg
2009-06-20 14:05 12,031 a------- c:\windows\system32\254469p56za.exe
2009-06-20 06:00 16,432 a------- c:\windows\19395zpambot5a9.dll
2009-06-19 15:40 10,632 a------- c:\windows\73fdsp5rsz979.cpl
2009-06-19 00:47 17,929 a------- c:\windows\system32\19a05ac9door28z5.exe
2009-06-18 21:54 13,393 a------- c:\windows\system32\2628zvir9s153.bin
2009-06-17 23:36 14,300 a------- c:\windows\system32\51c95teal23z69.bin
2009-06-17 16:59 14,500 a------- c:\windows\1196notza9v5rus273.exe
2009-06-17 12:29 <DIR> --d----- c:\users\philip\appdata\roaming\Xerox
2009-06-17 10:37 12,792 a------- c:\windows\system32\9z993spy1995.exe
2009-06-16 15:01 <DIR> --d----- c:\users\philip\appdata\roaming\GrabPro
2009-06-16 13:52 15,555 a------- c:\windows\system32\9955downloader2z05.ocx
2009-06-15 14:08 <DIR> --d----- c:\program files\LogMeIn Rescue Calling Card
2009-06-15 11:37 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-06-15 11:37 <DIR> --d----- c:\program files\Panda Security
2009-06-15 08:51 13,804 a------- c:\windows\system32\77z7tro59df.dll
2009-06-14 16:53 12,947 a------- c:\windows\1692zorm1b5.bin
2009-06-14 01:54 18,272 a------- c:\windows\5d4bdowzlo9der1151.exe
2009-06-13 22:39 13,125 a------- c:\windows\system32\21557hzckt9ol5a4.dll
2009-06-13 13:42 5,748 a------- c:\windows\system32\3f90adzware2185.ocx
2009-06-12 17:03 <DIR> --d----- c:\program files\MagicISO
2009-06-12 14:07 <DIR> --d----- C:\MAGICDVDCOPY_TEMP
2009-06-12 14:06 87,608 a------- c:\users\philip\appdata\roaming\inst.exe
2009-06-12 14:06 47,360 a------- c:\users\philip\appdata\roaming\pcouffin.sys
2009-06-12 13:51 <DIR> --d----- c:\program files\M4aMp3
2009-06-11 21:08 6,311 a------- c:\windows\system32\531089ozm19.exe
2009-06-11 12:21 144 a------- c:\windows\w32dasm8.ini
2009-06-11 12:20 <DIR> --d----- c:\program files\win32dasm
2009-06-11 12:08 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-11 12:08 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-11 12:08 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-11 12:08 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-11 12:08 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-11 07:43 18,373 a------- c:\windows\system32\835thzef91655.ocx
2009-06-10 12:25 <DIR> --d----- c:\windows\LTSVC
2009-06-10 11:12 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-10 04:59 3,747 a------- c:\windows\system32\206z9vir5s409.ocx
2009-06-10 04:11 6,425 a------- c:\windows\system32\26z45spambot992.bin
2009-06-09 13:05 1,806 a------- c:\windows\TSearch.INI
2009-06-09 11:16 <DIR> --d----- c:\users\philip\appdata\roaming\LabTech Software
2009-06-08 21:39 5,085 a------- c:\windows\system32\715z9ownloade52153.exe
2009-06-08 20:29 2,738 a------- c:\windows\system32\23923hack5ozl51b.dll
2009-06-07 18:46 <DIR> --d----- c:\program files\tsearch
2009-06-05 12:50 <DIR> --d----- C:\accsdk_win32_1_6_8
2009-06-04 17:19 190 a------- c:\windows\ODBCINST.INI
2009-06-04 17:15 <DIR> --d----- c:\program files\LabTech Client
2009-06-02 19:05 12,787 a------- c:\windows\2936h5cktzol719.dll
2009-06-02 09:56 <DIR> --d----- c:\program files\iPod
2009-06-02 09:56 <DIR> --d----- c:\program files\iTunes
2009-06-01 17:10 6,892 a------- c:\windows\97065roje5z.bin
2009-06-01 07:52 <DIR> --d----- c:\users\philip\appdata\roaming\Sibelius Software
2009-06-01 07:52 <DIR> --d----- c:\program files\Musicnotes
2009-06-01 02:57 13,135 a------- c:\windows\753downloadzr13659.dll

==================== Find3M ====================

2009-06-19 00:47 17,687 a------- c:\windows\system32\57605teal449z.exe
2009-06-17 12:27 51,200 a------- c:\windows\inf\infpub.dat
2009-06-17 12:27 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-17 12:27 86,016 a------- c:\windows\inf\infstor.dat
2009-06-10 11:15 27,430 a------- c:\users\philip\appdata\roaming\nvModes.dat
2009-06-02 11:17 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-05-26 19:21 4,521 a------- c:\windows\system32\9525addwzre845.exe
2009-05-25 20:07 12,658 a------- c:\windows\system32\3a84addwar539z5.exe
2009-05-24 01:04 12,027 a------- c:\windows\system32\281435p9z5.exe
2009-05-23 19:08 2,814 a------- c:\windows\system32\515z8spambot1ec9.exe
2009-05-21 02:58 7,022 a------- c:\windows\system32\5e94steal262z5.dll
2009-05-18 21:47 12,104 a------- c:\windows\2c5baczdoor592.dll
2009-05-12 07:56 4,590 a------- c:\windows\bzbs5arse9057.bin
2009-05-09 01:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-08 12:22 14,497 a------- c:\windows\11338hazktool79c5.bin
2009-05-08 08:11 14,627 a------- c:\windows\3c8zspyw5re296.bin
2009-05-08 06:09 13,841 a------- c:\windows\system32\2745zviru974c.exe
2009-05-08 00:37 9,917 a------- c:\windows\3ed9ste5l1594z.dll
2009-05-07 12:52 11,533 a------- c:\windows\system32\299999roj35fz.dll
2009-05-05 17:20 12,641 a------- c:\windows\system32\7fvzr935.exe
2009-05-03 09:08 17,095 a------- c:\windows\system32\510bth5ea916z2.dll
2009-05-01 19:59 3,778 a------- c:\windows\2175z9r1357.dll
2009-04-26 17:48 7,981 a------- c:\windows\system32\71z5t9ief2991.exe
2009-04-26 11:53 8,959 a------- c:\windows\5fcczi91768.dll
2009-04-25 00:00 9,742 a------- c:\windows\system32\4z8dvir9595.bin
2009-04-24 00:42 12,663 a------- c:\windows\system32\59z59parse265.exe
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 07:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-21 03:28 13,234 a------- c:\windows\system32\9ad5thief214z.exe
2009-04-14 03:38 17,201 a------- c:\windows\system32\25d5th9eat35z2.dll
2009-04-09 21:40 3,155 a------- c:\windows\97z215pambotd8.dll
2009-04-09 02:15 17,438 a------- c:\windows\system32\32555wozm289.bin
2009-04-06 16:23 14,281 a------- c:\windows\29361spamzot365.dll
2009-04-02 21:57 17,091 a------- c:\windows\4a08d9wnload5r32z0.bin
2009-04-02 02:24 3,063 a------- c:\windows\258baddwar51z94.dll
2008-11-28 21:10 2,147 a------- c:\program files\INSTALL.LOG
2008-11-14 14:52 290,490 a------- c:\windows\inf\perflib\041d\perfi.dat
2008-11-14 14:52 290,490 a------- c:\windows\inf\perflib\041d\perfh.dat
2008-11-14 14:52 35,978 a------- c:\windows\inf\perflib\041d\perfd.dat
2008-11-14 14:52 35,978 a------- c:\windows\inf\perflib\041d\perfc.dat
2008-07-11 22:09 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2002-10-25 10:02 11,197 a------- c:\program files\UNWISE.INI
2002-07-26 17:02 153,088 a------- c:\program files\UNWISE.EXE

============= FINISH: 20:42:13.45 ===============
Attached Files
File Type: zip Attach.zip (6.0 KB, 2 views)
theMadHatter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 06-30-2009, 01:18 PM   #2 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,092
OS: XP


Re: Redirect Virus
Hello

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
Last edited by TheBruce1; 06-30-2009 at 01:55 PM.
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-02-2009, 05:59 AM   #3 (permalink)
Registered User
 
theMadHatter's Avatar
 
Join Date: Apr 2006
Location: Duanesburg, ny
Posts: 21
OS: Vista Ultimate 64 bit


Send a message via AIM to theMadHatter
Re: Redirect Virus
Wow sorry, I had the email notifications being sent to the wrong email. I'm running the things now.
theMadHatter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-02-2009, 06:32 AM   #4 (permalink)
Registered User
 
theMadHatter's Avatar
 
Join Date: Apr 2006
Location: Duanesburg, ny
Posts: 21
OS: Vista Ultimate 64 bit


Send a message via AIM to theMadHatter
Re: Redirect Virus
ComboFix

ComboFix 09-07-01.04 - Philip 07/02/2009 8:09.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.2267 [GMT -4:00]
Running from: c:\users\Philip\Desktop\bru1.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\program files\INSTALL.LOG
c:\users\Philip\AppData\Roaming\inst.exe
c:\windows\1015t9iez2523.dll
c:\windows\10952v5rzs91.ocx
c:\windows\109db5ckdo9rz679.ocx
c:\windows\10z569p566e.cpl
c:\windows\11287not-a-v9rzs6d5.cpl
c:\windows\11338hazktool79c5.bin
c:\windows\114z5hackto95623.bin
c:\windows\11889spam5ot3zf.dll
c:\windows\1196notza9v5rus273.exe
c:\windows\12794zot-a-95rus72d.cpl
c:\windows\128975zrm59a.ocx
c:\windows\131389o5m578z.dll
c:\windows\1348tro5497z.exe
c:\windows\13494not-a-5irus2dz.ocx
c:\windows\13509virzs393.ocx
c:\windows\14549virus1fz9.dll
c:\windows\14845pa9bzt269.cpl
c:\windows\14855hacktzol692.ocx
c:\windows\1491495zjdd.cpl
c:\windows\14a3down5oadez5609.exe
c:\windows\1512zworm599.ocx
c:\windows\1556s9az5ot5b0.cpl
c:\windows\157625acktoo9zde.ocx
c:\windows\15805z95ktool86.bin
c:\windows\1588hacktozl593.dll
c:\windows\16293virus975z.exe
c:\windows\165z9spy635.cpl
c:\windows\168b9hrezt25943.ocx
c:\windows\1692zorm1b5.bin
c:\windows\16935z5y122.bin
c:\windows\16964wor9z55.dll
c:\windows\17173zp96215.cpl
c:\windows\1718znot-5-9irus501.cpl
c:\windows\17213viru5191z.cpl
c:\windows\17491not-a-5irus6f4z.ocx
c:\windows\183165zt-a-9irus266.bin
c:\windows\18791spa5botzb9.exe
c:\windows\18794spazbot695.dll
c:\windows\18835virzs590.bin
c:\windows\18c9zdd5are80.bin
c:\windows\19021virus35z.dll
c:\windows\19090h5cztool58d.exe
c:\windows\19175troz398.exe
c:\windows\19228troz2e55.ocx
c:\windows\19395zpambot5a9.dll
c:\windows\1941addwa5e23z9.exe
c:\windows\19452v5ruz592.bin
c:\windows\1955addwarez285.dll
c:\windows\19653spz3dc5.exe
c:\windows\1966s59al162z.cpl
c:\windows\19795hacktoolz10.exe
c:\windows\199095ormz10.cpl
c:\windows\19z35troj71f.cpl
c:\windows\1az5t5ief20589.ocx
c:\windows\1b3as9ea5z398.ocx
c:\windows\1dazb5ckdoor25229.cpl
c:\windows\1ec5threat14792z.exe
c:\windows\1z957w9rm152.dll
c:\windows\215z1tr9j2085.cpl
c:\windows\2175z9r1357.dll
c:\windows\22112s5ambot51z9.ocx
c:\windows\22187spzmbo5994.ocx
c:\windows\2299z5irus249.bin
c:\windows\22c9zparse2151.cpl
c:\windows\23299not5a-virusz67.exe
c:\windows\237baddwz9e5475.ocx
c:\windows\2396spambotza5.exe
c:\windows\23b3adzwar9593.cpl
c:\windows\24918wo5mz97.dll
c:\windows\2525zsp5mbot799.bin
c:\windows\256z2v9rus67e.cpl
c:\windows\25744vir9s11z.bin
c:\windows\25817not-9-viru53c1z.exe
c:\windows\258baddwar51z94.dll
c:\windows\25938spyz6b.ocx
c:\windows\25959worm59z.exe
c:\windows\25b2stealz095.exe
c:\windows\25c4spar9z5241.exe
c:\windows\25fbspy9arz1753.dll
c:\windows\25z9downloade92782.exe
c:\windows\2609spars5284z.dll
c:\windows\26549tzoj1b35.dll
c:\windows\268515pam9oz12c.ocx
c:\windows\26eab5c9dooz1278.ocx
c:\windows\28051z9oj5d7.ocx
c:\windows\28105z5r9e.ocx
c:\windows\28153worm59z.dll
c:\windows\28298not5az9irus315.exe
c:\windows\28954troj5zb.dll
c:\windows\28995wor96z3.cpl
c:\windows\28azsp95se1976.cpl
c:\windows\28fdz9wnloader525.exe
c:\windows\29175ir1935z.exe
c:\windows\29314w5rz65.cpl
c:\windows\29361spamzot365.dll
c:\windows\2936h5cktzol719.dll
c:\windows\29374w9zm2e35.exe
c:\windows\29475not-a5virus5z3.exe
c:\windows\29525tz5j544.dll
c:\windows\2986spars52436z.bin
c:\windows\2997zvirus5c.bin
c:\windows\29c8virz7475.ocx
c:\windows\29z25spy299.bin
c:\windows\2babdownzo9d5r3139.bin
c:\windows\2bf5zddware7469.cpl
c:\windows\2c19zp5rse418.cpl
c:\windows\2c5baczdoor592.dll
c:\windows\2c5z9teal265.ocx
c:\windows\2d95azdw5re2233.ocx
c:\windows\2ezdthief9315.cpl
c:\windows\2f9fvz918555.exe
c:\windows\2z4519ac5tool454.exe
c:\windows\2z475s5ambot99.cpl
c:\windows\2z7405pambot69d.ocx
c:\windows\2z939pywa5e2583.cpl
c:\windows\2z966tr5j54.ocx
c:\windows\2zc2add5are529.cpl
c:\windows\30537s9zmb5t4ee.ocx
c:\windows\3055t9zj2f2.exe
c:\windows\309cbackdo5r1480z.dll
c:\windows\315195orm60z9.dll
c:\windows\3234spyzar51989.exe
c:\windows\3243zv5rus5889.exe
c:\windows\32469not-a-vzrus54b.dll
c:\windows\32532noz-a-9i5us3f2.exe
c:\windows\32d5downloade5z0829.cpl
c:\windows\3452threzt23957.ocx
c:\windows\348eth59zt29524.bin
c:\windows\3495w5rm4fdz.ocx
c:\windows\349cbaz5doo9268.cpl
c:\windows\353z2troj7f69.exe
c:\windows\354ab5ckdozr2297.bin
c:\windows\35552troj57z9.ocx
c:\windows\35e79zwnloader2500.cpl
c:\windows\35e9stez52794.bin
c:\windows\35z1sp9rse2205.dll
c:\windows\35z8threa913393.bin
c:\windows\369ethr5atz4864.ocx
c:\windows\3913sp5rsz2397.ocx
c:\windows\39505szy4fa.exe
c:\windows\39z4t9r5at28725.bin
c:\windows\39zbs9ea5310.ocx
c:\windows\3a1fbaczdoo52669.dll
c:\windows\3b889ackzoor3566.exe
c:\windows\3c8zspyw5re296.bin
c:\windows\3ca7spywa959z4.dll
c:\windows\3e5ethief1z829.dll
c:\windows\3ed9ste5l1594z.dll
c:\windows\3f529parse426z.exe
c:\windows\3f81thr95z15305.cpl
c:\windows\3z58spy9a5e628.exe
c:\windows\40d8downloade9z0335.exe
c:\windows\425a5hiez3901.cpl
c:\windows\4295p9rze37.ocx
c:\windows\42abvirz959.cpl
c:\windows\42fdth9e5t3z77.bin
c:\windows\4305spywzre1991.exe
c:\windows\434fdown9oader15z9.ocx
c:\windows\4490spy2e5z.exe
c:\windows\454espazse940.cpl
c:\windows\457t9oj52z.dll
c:\windows\458z9ir25995.cpl
c:\windows\45fbaddz9re669.exe
c:\windows\460cbackd5or1z98.dll
c:\windows\4689viz9540f.exe
c:\windows\46925ackzoor2617.bin
c:\windows\495cthizf18895.dll
c:\windows\497z5teal2587.dll
c:\windows\498zspyware135.cpl
c:\windows\4a08d9wnload5r32z0.bin
c:\windows\4b59stezl1985.ocx
c:\windows\4b95threat11856z.cpl
c:\windows\4e70baczdo5r1291.exe
c:\windows\4ea4t5iz92354.cpl
c:\windows\4f96zhief2155.bin
c:\windows\4z0495y4e5.ocx
c:\windows\4z4bthi592665.ocx
c:\windows\4ze5vir1998.ocx
c:\windows\502z1s9y428.dll
c:\windows\50598hack9ool4bz.bin
c:\windows\50f8backd5or9z56.dll
c:\windows\50z1downloa9er675.bin
c:\windows\5113t95ez2556.bin
c:\windows\51198virzs7a7.ocx
c:\windows\518zst9a52722.ocx
c:\windows\5190backdoor280z.cpl
c:\windows\51d9parse859z.exe
c:\windows\5253wo9m4d5z.ocx
c:\windows\5256threa53z8479.bin
c:\windows\5272threzt54097.cpl
c:\windows\5281downloader992z.cpl
c:\windows\529vzr5479.cpl
c:\windows\52aathre5t2346z9.ocx
c:\windows\52c5stezl1930.ocx
c:\windows\5317spy59cz.dll
c:\windows\5358hacktool29z.bin
c:\windows\53addow9loaze5872.ocx
c:\windows\5415z95us1da.exe
c:\windows\54673troj7z9.ocx
c:\windows\54c2thi5f2939z.ocx
c:\windows\54e6thie5298z.exe
c:\windows\5557not-9-virus3z7.exe
c:\windows\555b9pywaze2905.bin
c:\windows\5560steal30z19.cpl
c:\windows\55fthief9296z.bin
c:\windows\5705dzwnloade9391.dll
c:\windows\58dbthzeat29196.exe
c:\windows\58fcba9kdzor1235.dll
c:\windows\59096spa9botz5.dll
c:\windows\590dsparse30z0.bin
c:\windows\59382viruz995.bin
c:\windows\5944zackdo5r608.ocx
c:\windows\597btzreat5558.bin
c:\windows\5ad8vir95z9.exe
c:\windows\5az09hief2770.ocx
c:\windows\5b5spar9e517z.cpl
c:\windows\5c00szeal9165.ocx
c:\windows\5c9cdownloa5ez2155.cpl
c:\windows\5cd9thr95t1377z.exe
c:\windows\5d4bdowzlo9der1151.exe
c:\windows\5d86steal294z.cpl
c:\windows\5e5eazdware9205.cpl
c:\windows\5e96spyware5z95.ocx
c:\windows\5e99i51240z.bin
c:\windows\5ed1spars911z1.dll
c:\windows\5f5cthief2892z.cpl
c:\windows\5fcczi91768.dll
c:\windows\5z139ir2388.cpl
c:\windows\5zf29i5353.dll
c:\windows\5zf3v5r2599.cpl
c:\windows\61bzste9l1095.dll
c:\windows\62cfbaz9door155.exe
c:\windows\636ca9dwzre5265.exe
c:\windows\63c9backdzor2594.dll
c:\windows\63z8th9eat21058.bin
c:\windows\641195y36cz.cpl
c:\windows\644bthief2956z.ocx
c:\windows\651d9ownloa5er15z.cpl
c:\windows\66a69ze5l2937.bin
c:\windows\6802zackdoo96605.exe
c:\windows\685zt5re9t8968.cpl
c:\windows\688fzdd9are2555.ocx
c:\windows\689thrzat26655.dll
c:\windows\68d2t5i9f1z90.exe
c:\windows\690cthrzat20615.ocx
c:\windows\6912do5n9oaderz688.ocx
c:\windows\6924dow95zader867.dll
c:\windows\6959downloader10z0.dll
c:\windows\6965viz457.dll
c:\windows\69d0spazse58189.ocx
c:\windows\6b10ad9w5re1184z.dll
c:\windows\6c07t5rzat3960.ocx
c:\windows\6c5czpy9are1125.dll
c:\windows\6f5bvi9z550.cpl
c:\windows\6f5ebackd9or1917z.exe
c:\windows\6z0spy9are5945.exe
c:\windows\6z53thre9t8576.bin
c:\windows\71b5spywar51799z.exe
c:\windows\71d3a9dware2953z.exe
c:\windows\738cs5ar9e253z.bin
c:\windows\73fdsp5rsz979.cpl
c:\windows\7418not-a-viru95z35.bin
c:\windows\74229iru5z8f.exe
c:\windows\7454t9oj14fz.bin
c:\windows\7499troz695.cpl
c:\windows\7529baczdoor9786.exe
c:\windows\753downloadzr13659.dll
c:\windows\7550steal259z.exe
c:\windows\755zth95at22335.ocx
c:\windows\75b5zown5o9der2217.bin
c:\windows\75d59ddware2869z.cpl
c:\windows\76b1t5iez3109.cpl
c:\windows\7738h59ktool5z4.dll
c:\windows\7748back5zo92745.ocx
c:\windows\77zsparse30795.exe
c:\windows\782thre5z291049.ocx
c:\windows\78849ackd5oz1861.exe
c:\windows\7909d5wnloaderz26.cpl
c:\windows\797addza5e9456.dll
c:\windows\7a41vir2952z.dll
c:\windows\7a92addware527z.dll
c:\windows\7a95spyware67z.bin
c:\windows\7c1bbac5doorz95.dll
c:\windows\7cf89o5nloaderz519.dll
c:\windows\7f8ab5ckdozr14839.exe
c:\windows\8097sp5z93.ocx
c:\windows\89559pambot5f4z.ocx
c:\windows\91452zi5us305.cpl
c:\windows\9159zvirus5c8.bin
c:\windows\915z5py509.cpl
c:\windows\9178n5t-z-virus556.bin
c:\windows\91z52virus5b9.dll
c:\windows\92141v5rus62z.exe
c:\windows\925305orm5adz.exe
c:\windows\92614spambotz5.dll
c:\windows\93358zpambot4bb.cpl
c:\windows\93855hzcktool564.bin
c:\windows\95230worz7c.exe
c:\windows\95359viruszdd.bin
c:\windows\9538spyware1z8.ocx
c:\windows\95458spambot5z5.ocx
c:\windows\9559notza-viru954f.cpl
c:\windows\960bspzrse1851.bin
c:\windows\9680n5t-z-virus333.bin
c:\windows\96a2stez51124.dll
c:\windows\97065roje5z.bin
c:\windows\97c8zow5loader2780.cpl
c:\windows\97z215pambotd8.dll
c:\windows\9805t5zj901.cpl
c:\windows\9838hzckt5ol796.ocx
c:\windows\9952thr5zt15404.exe
c:\windows\9970w5rm3e0z.ocx
c:\windows\99z2tro5339.dll
c:\windows\9cf3d5wnlzader1449.exe
c:\windows\9d38s5eal14z7.bin
c:\windows\9e3z5parse3063.exe
c:\windows\9ea65teal1899z.bin
c:\windows\9f2dv5rz56.ocx
c:\windows\9z04ha5ktool29a9.exe
c:\windows\9z59troj658.dll
c:\windows\9z825orm529.exe
c:\windows\9z8ha5ktool929.dll
c:\windows\a49zown95ader380.ocx
c:\windows\b20do9nzoa5er1805.exe
c:\windows\b4595dwarz2315.exe
c:\windows\bzbs5arse9057.bin
c:\windows\c8cth9eat570z5.cpl
c:\windows\f6addwaze1095.cpl
c:\windows\f98spzwa9e546.dll
c:\windows\Installer\26cb6df.msi
c:\windows\Installer\63c9d.msi
c:\windows\Installer\6daebe.msi
c:\windows\system32\10489w5rm2z4.ocx
c:\windows\system32\11090szy3095.exe
c:\windows\system32\11z69virus52.exe
c:\windows\system32\12052hack9oo52ez.bin
c:\windows\system32\123959pambot648z.bin
c:\windows\system32\12559sz9504.dll
c:\windows\system32\1296zwo9m5d8.ocx
c:\windows\system32\13910z5rm1239.cpl
c:\windows\system32\1398z9d5are559.dll
c:\windows\system32\139955zy396.cpl
c:\windows\system32\14222no5-a-vzr9s674.exe
c:\windows\system32\14305trojz29.dll
c:\windows\system32\14915sz5m9ot457.ocx
c:\windows\system32\14916zpambot75f.cpl
c:\windows\system32\14z05tro915e.cpl
c:\windows\system32\15060z9oj3f5.cpl
c:\windows\system32\15155zirus910.ocx
c:\windows\system32\1515zworm694.cpl
c:\windows\system32\15590spz58e.bin
c:\windows\system32\1565szy379.exe
c:\windows\system32\156z8virus54b9.bin
c:\windows\system32\15b5downloader29z5.dll
c:\windows\system32\15bfdowz5oa9er625.ocx
c:\windows\system32\15dbv9z3159.dll
c:\windows\system32\15f5szyw9re1418.dll
c:\windows\system32\15zback5oo92653.exe
c:\windows\system32\160ztro5119.exe
c:\windows\system32\16382zr5j7a19.bin
c:\windows\system32\16464not9a5vizus307.dll
c:\windows\system32\1647noz-a-5irus6b39.exe
c:\windows\system32\1659zh9c5tool12e.exe
c:\windows\system32\16889o5za-virus1f3.ocx
c:\windows\system32\16955noz-a-vir5s1b99.cpl
c:\windows\system32\16z55sp9c5.exe
c:\windows\system32\17080not9a5vzrus21c.bin
c:\windows\system32\17389h5zf616.cpl
c:\windows\system32\188z5spambot91c.cpl
c:\windows\system32\18c9back5oor3z5.cpl
c:\windows\system32\19379sz95f9.ocx
c:\windows\system32\193hac5toolz9b.cpl
c:\windows\system32\19554troj7ccz.ocx
c:\windows\system32\19561vzru51.cpl
c:\windows\system32\19561zpy45.ocx
c:\windows\system32\195fthreatz1790.cpl
c:\windows\system32\195z3not5a-vir9s4ad.dll
c:\windows\system32\196z4not-a-vi5us764.bin
c:\windows\system32\19701s5a9bzt3c.bin
c:\windows\system32\19815spamb9t3dz.cpl
c:\windows\system32\19955spambotf2z.bin
c:\windows\system32\19a05ac9door28z5.exe
c:\windows\system32\19bbb5ckdozr3172.cpl
c:\windows\system32\19cz5hief895.cpl
c:\windows\system32\19w5zm905.cpl
c:\windows\system32\1a71dow9loazer5728.dll
c:\windows\system32\1e79bzckdo5r2938.exe
c:\windows\system32\1e9z5hie93138.ocx
c:\windows\system32\1ef5downlzader1988.cpl
c:\windows\system32\1z094t59j5d6.bin
c:\windows\system32\1z52bac9do5r561.ocx
c:\windows\system32\1z79addwar51190.exe
c:\windows\system32\1z865h9cktool302.dll
c:\windows\system32\206z9vir5s409.ocx
c:\windows\system32\2082ztr9592.cpl
c:\windows\system32\211559ackzoolf5.dll
c:\windows\system32\21215not-a-vizus298.cpl
c:\windows\system32\21449vi5uz295.exe
c:\windows\system32\21490s5amboz94.exe
c:\windows\system32\21557hzckt9ol5a4.dll
c:\windows\system32\21659rzj5b2.exe
c:\windows\system32\222z2virus259.exe
c:\windows\system32\22909vi9us15z.bin
c:\windows\system32\23469ha5ktool9ez.dll
c:\windows\system32\23592n9t-a-virus3z2.cpl
c:\windows\system32\23855z95m305.cpl
c:\windows\system32\23923hack5ozl51b.dll
c:\windows\system32\249viru9zb05.dll
c:\windows\system32\24a55ddzare19699.cpl
c:\windows\system32\25078notza-virus953.bin
c:\windows\system32\25199zo59a-virus94.bin
c:\windows\system32\251cth9eat2774z.dll
c:\windows\system32\252955py47z.bin
c:\windows\system32\25438tro5zc9.bin
c:\windows\system32\254469p56za.exe
c:\windows\system32\25504zr5j58b9.ocx
c:\windows\system32\25959not-a-virusz44.bin
c:\windows\system32\25d5th9eat35z2.dll
c:\windows\system32\25f8backdoo952z.cpl
c:\windows\system32\261149ackz5ol4e2.exe
c:\windows\system32\261ct9i5f3115z.dll
c:\windows\system32\2628zvir9s153.bin
c:\windows\system32\2634za9ktoo566d.cpl
c:\windows\system32\26573trojz9f.ocx
c:\windows\system32\26991tr59599z.bin
c:\windows\system32\269vi9us5z1.dll
c:\windows\system32\26z45spambot992.bin
c:\windows\system32\2725spambot7z9.cpl
c:\windows\system32\2745zviru974c.exe
c:\windows\system32\27562spamzo5659.bin
c:\windows\system32\27895trojz4.ocx
c:\windows\system32\2792459ojz03.cpl
c:\windows\system32\27z585r9j18a.exe
c:\windows\system32\281435p9z5.exe
c:\windows\system32\28274not-z-9irus5e.exe
c:\windows\system32\28462vi59z507.cpl
c:\windows\system32\28908wormz6b5.cpl
c:\windows\system32\28z99wo5m66.cpl
c:\windows\system32\29775tr9jz6d.dll
c:\windows\system32\299999roj35fz.dll
c:\windows\system32\2a52vi95z1.exe
c:\windows\system32\2c95sp59se1674z.bin
c:\windows\system32\2dzes9ea51108.exe
c:\windows\system32\2e58zpywar91962.bin
c:\windows\system32\2e92threat15099z.bin
c:\windows\system32\2e9e5tzal31339.cpl
c:\windows\system32\2ec3st5az16699.ocx
c:\windows\system32\2z56hacktool22f9.bin
c:\windows\system32\300eaddwa9ez153.exe
c:\windows\system32\30158virusz99.ocx
c:\windows\system32\3089z5orm3f6.cpl
c:\windows\system32\31028h5cztoo946f.ocx
c:\windows\system32\31094hacz5ool16b.dll
c:\windows\system32\31518not-a-vzrus295.cpl
c:\windows\system32\31538z95j5ca.ocx
c:\windows\system32\3159noz-a-vi5us64f.ocx
c:\windows\system32\3217addwzre2965.ocx
c:\windows\system32\32555wozm289.bin
c:\windows\system32\32571szy279.cpl
c:\windows\system32\32692zo5m1709.bin
c:\windows\system32\32e5addw5ze9149.cpl
c:\windows\system32\3340z5r1292.dll
c:\windows\system32\3559tzief147.cpl
c:\windows\system32\3599thief85z.cpl
c:\windows\system32\35z12s9y6f3.ocx
c:\windows\system32\371bthreaz156985.cpl
c:\windows\system32\3845not-az9irus11f.ocx
c:\windows\system32\385stzal2597.dll
c:\windows\system32\38b9do59loazer1243.exe
c:\windows\system32\38zcste5l22349.exe
c:\windows\system32\39076hazktool5075.dll
c:\windows\system32\39291tzoj5d1.exe
c:\windows\system32\393s5a9botz4a.dll
c:\windows\system32\397asparze1258.cpl
c:\windows\system32\39919pywar5z806.bin
c:\windows\system32\3a17spz5se2966.cpl
c:\windows\system32\3a84addwar539z5.exe
c:\windows\system32\3a95zackdo9r2575.dll
c:\windows\system32\3afzteal8395.ocx
c:\windows\system32\3c9baczdo9r17645.dll
c:\windows\system32\3e559pzrse1684.cpl
c:\windows\system32\3f90adzware2185.ocx
c:\windows\system32\3z2bdo5nloader3259.bin
c:\windows\system32\3zd295reat9728.dll
c:\windows\system32\400a5dzare13979.dll
c:\windows\system32\400ddzw9lo5der2673.bin
c:\windows\system32\4015thre9t8688z.ocx
c:\windows\system32\404Fix.exe
c:\windows\system32\41c2spaz9e8145.exe
c:\windows\system32\42d4threz526419.bin
c:\windows\system32\439faddwzre5239.cpl
c:\windows\system32\44a8down9ozder2345.cpl
c:\windows\system32\45bf9pyware255z.cpl
c:\windows\system32\45z8sp9w5re1718.bin
c:\windows\system32\46c5threa915z18.cpl
c:\windows\system32\46d4t5reat2594z.cpl
c:\windows\system32\486fad59arez657.bin
c:\windows\system32\48z5t59eat24976.ocx
c:\windows\system32\494fstez52755.cpl
c:\windows\system32\499cs5arse2z53.ocx
c:\windows\system32\4ddo5nloaderz49.ocx
c:\windows\system32\4f81backdozr59489.dll
c:\windows\system32\4z52hackto5l12c9.dll
c:\windows\system32\4z8dvir9595.bin
c:\windows\system32\4z905ir415.bin
c:\windows\system32\502fs9eal32z3.dll
c:\windows\system32\506159rojzae.cpl
c:\windows\system32\50zaadd9are205.dll
c:\windows\system32\510bth5ea916z2.dll
c:\windows\system32\512sze5l599.dll
c:\windows\system32\515z8spambot1ec9.exe
c:\windows\system32\51c95teal23z69.bin
c:\windows\system32\521z9spam9ot3e3.dll
c:\windows\system32\5225st59lz692.bin
c:\windows\system32\5255worz6119.exe
c:\windows\system32\52edzh9e5t30959.ocx
c:\windows\system32\531089ozm19.exe
c:\windows\system32\53345hie9142z.bin
c:\windows\system32\540fsparze3932.cpl
c:\windows\system32\542z1spambo961f.dll
c:\windows\system32\54403not-a-vz9us1d0.dll
c:\windows\system32\55495hreaz12257.ocx
c:\windows\system32\5561worz9eb5.ocx
c:\windows\system32\55729iruz68f5.ocx
c:\windows\system32\55b9zddware1718.bin
c:\windows\system32\55c9tzreat8209.exe
c:\windows\system32\55dst9al44z.bin
c:\windows\system32\5629vir5z1.exe
c:\windows\system32\56459ir139z.ocx
c:\windows\system32\5653thre9t589z9.exe
c:\windows\system32\5660z5ambo96dd.cpl
c:\windows\system32\5679downzoade53190.exe
c:\windows\system32\56z65hre9t24649.bin
c:\windows\system32\570noz-a-virus3259.ocx
c:\windows\system32\570z9vi9us757.dll
c:\windows\system32\574fsteal299z.ocx
c:\windows\system32\57605teal449z.exe
c:\windows\system32\589espaz5e1357.bin
c:\windows\system32\58z43spy95d.dll
c:\windows\system32\58z9spy198.dll
c:\windows\system32\5928ztroj52f.cpl
c:\windows\system32\5935vir99z.exe
c:\windows\system32\5937ztroj536.cpl
c:\windows\system32\5945addwarez976.bin
c:\windows\system32\5953stezl8515.dll
c:\windows\system32\5955zworm267.cpl
c:\windows\system32\5977vzr195.dll
c:\windows\system32\5995thi9f42z5.ocx
c:\windows\system32\59a6szywar5755.exe
c:\windows\system32\59a8st5alz295.ocx
c:\windows\system32\59d4s9eal28z9.dll
c:\windows\system32\59dthief3096z.cpl
c:\windows\system32\59f0thiez2104.cpl
c:\windows\system32\59z59parse265.exe
c:\windows\system32\5a69addw5re11z0.exe
c:\windows\system32\5a6zsteal975.dll
c:\windows\system32\5ab4za9kdoor185.bin
c:\windows\system32\5az5v5r995.exe
c:\windows\system32\5c5fthreat1z598.ocx
c:\windows\system32\5c93thiez25535.cpl
c:\windows\system32\5d1dspz5are901.cpl
c:\windows\system32\5e94steal262z5.dll
c:\windows\system32\5e9zdow5lo9der1029.dll
c:\windows\system32\5f21spar5e2z59.bin
c:\windows\system32\5f4z59reat495.cpl
c:\windows\system32\5z407tro9511.exe
c:\windows\system32\5z545h9eat18402.cpl
c:\windows\system32\5z5fs9yware2390.ocx
c:\windows\system32\5z75th9ef9995.bin
c:\windows\system32\6030tr9j4z5.dll
c:\windows\system32\60519zoj56e.ocx
c:\windows\system32\6059a9zwa5e1872.dll
c:\windows\system32\6137spyware5z819.cpl
c:\windows\system32\6242threzt99546.ocx
c:\windows\system32\6397baczdo5r2610.ocx
c:\windows\system32\639avir547z9.bin
c:\windows\system32\6474thzef25509.bin
c:\windows\system32\64z2steal9515.dll
c:\windows\system32\654zwo9m56.bin
c:\windows\system32\658bthizf1790.ocx
c:\windows\system32\681cste9511z6.ocx
c:\windows\system32\683fspyw5re2z09.bin
c:\windows\system32\6899w9zm5a7.cpl
c:\windows\system32\6az0vi5792.cpl
c:\windows\system32\6d0595rz847.exe
c:\windows\system32\6e59s9eaz221.exe
c:\windows\system32\6ef85d9ware241z.exe
c:\windows\system32\6fdthrea959927z.cpl
c:\windows\system32\6z56t5oj390.bin
c:\windows\system32\6z6595yware2742.ocx
c:\windows\system32\706e9ack5ozr770.ocx
c:\windows\system32\70zsp556e9.cpl
c:\windows\system32\7149zpy20e5.exe
c:\windows\system32\71579acztool129.ocx
c:\windows\system32\715z9ownloade52153.exe
c:\windows\system32\7168hackto9l55z.exe
c:\windows\system32\71z5t9ief2991.exe
c:\windows\system32\7295backdozr13159.dll
c:\windows\system32\7395szar5e954.cpl
c:\windows\system32\739zste5l3175.cpl
c:\windows\system32\75asteal1z999.cpl
c:\windows\system32\75z5vir965.dll
c:\windows\system32\7625steaz26539.dll
c:\windows\system32\76dfad59zre747.exe
c:\windows\system32\76zcste5l18919.cpl
c:\windows\system32\77z7tro59df.dll
c:\windows\system32\782bs9yware117z5.ocx
c:\windows\system32\7874bac5do9r112z.exe
c:\windows\system32\78z5hrea932126.bin
c:\windows\system32\7a5c9owzloade51182.dll
c:\windows\system32\7af6th5e9t248z8.bin
c:\windows\system32\7b49viz859.cpl
c:\windows\system32\7be0stea51z619.dll
c:\windows\system32\7cz9thie53167.cpl
c:\windows\system32\7e97zpyware525.bin
c:\windows\system32\7f91dowzl9ader6215.dll
c:\windows\system32\7fvzr935.exe
c:\windows\system32\7z70t59j60.bin
c:\windows\system32\7z9thie553.ocx
c:\windows\system32\7zc1thr5a924320.ocx
c:\windows\system32\7zdd9wn5oader194.dll
c:\windows\system32\835thzef91655.ocx
c:\windows\system32\8497troz5fb.dll
c:\windows\system32\8518no9-a-vizus269.dll
c:\windows\system32\879thre9t20z205.dll
c:\windows\system32\8949zot-a5virus21b9.exe
c:\windows\system32\8995n5t9a-virzs679.ocx
c:\windows\system32\8z34spa95ot443.dll
c:\windows\system32\902845roz742.bin
c:\windows\system32\9078v5r311z.bin
c:\windows\system32\9093v5zusaf.cpl
c:\windows\system32\90edaddwarez253.exe
c:\windows\system32\913v5z949.bin
c:\windows\system32\9154troj3z3.ocx
c:\windows\system32\915avir4z5.dll
c:\windows\system32\91dthzef30895.cpl
c:\windows\system32\92zdown9oader1505.bin
c:\windows\system32\9304trzj85.cpl
c:\windows\system32\9339viz5s669.dll
c:\windows\system32\93458hackto5l5z5.bin
c:\windows\system32\9357spy545z.exe
c:\windows\system32\9400t5rzat21786.ocx
c:\windows\system32\94835virus5zc.ocx
c:\windows\system32\9507spy3z75.cpl
c:\windows\system32\9525addwzre845.exe
c:\windows\system32\95535zirus75f.cpl
c:\windows\system32\95773z5rus5a3.bin
c:\windows\system32\9609spam5oz99.cpl
c:\windows\system32\966s9eal2570z.ocx
c:\windows\system32\973z4hacktoo5ba.ocx
c:\windows\system32\974z9worm85.cpl
c:\windows\system32\9754zormbf.ocx
c:\windows\system32\986espyware18z65.cpl
c:\windows\system32\9915viruz1c4.cpl
c:\windows\system32\9955downloader2z05.ocx
c:\windows\system32\99ddbackdooz2545.ocx
c:\windows\system32\9a955ir125z.bin
c:\windows\system32\9ad5thief214z.exe
c:\windows\system32\9ec2zpars52729.cpl
c:\windows\system32\9f05thzeat2957.exe
c:\windows\system32\9z993spy1995.exe
c:\windows\system32\9za2backdoor5434.ocx
c:\windows\system32\9zcdspyware26425.bin
c:\windows\system32\a76zack5oor3971.dll
c:\windows\system32\a9cbackdz9r956.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\b29tzr5at23404.ocx
c:\windows\system32\b75sp9ware15z7.cpl
c:\windows\system32\b9f5zeal1644.exe
c:\windows\system32\c09ddza5e3027.dll
c:\windows\system32\c69st5zl1269.bin
c:\windows\system32\cect5zef3919.ocx
c:\windows\system32\d59sparse3z74.ocx
c:\windows\system32\drivers\MSIVXcfdhcvtyqiuyojontpyqvkibeuxperdw.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\e9e9pyware59z6.dll
c:\windows\system32\e9zs5yware1448.dll
c:\windows\system32\f60download59z211.cpl
c:\windows\system32\fz9thief5198.ocx
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\KBL.LOG
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXtudspfkaisnprxwrssqktvbadpoqfipu.dll
c:\windows\system32\MSIVXxfllixiimmmwdlmgwevvqajngsxyhvec.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\z1199virus758.bin
c:\windows\system32\z1518vi9us624.bin
c:\windows\system32\z151spywa9e1922.bin
c:\windows\system32\z1946troj35.dll
c:\windows\system32\z2414not-a-v95us6c0.dll
c:\windows\system32\z2bthief4599.ocx
c:\windows\system32\z3b1vir529.ocx
c:\windows\system32\z479troj1845.exe
c:\windows\system32\z515threat5998.cpl
c:\windows\system32\z552sp95d7.ocx
c:\windows\system32\z5585wo9m5fd.ocx
c:\windows\system32\z5599v5rus737.ocx
c:\windows\system32\z594downloader1885.bin
c:\windows\system32\z595threa59706.exe
c:\windows\system32\z59cad9ware1555.bin
c:\windows\system32\z5c3sparse5693.exe
c:\windows\system32\z6935wo5m459.cpl
c:\windows\system32\z90f5hief2297.dll
c:\windows\system32\z9539v9rus5bb.ocx
c:\windows\system32\z9800tro5145.bin
c:\windows\system32\z995spy4a2.cpl
c:\windows\system32\zbc2vir2559.dll
c:\windows\system32\zce85parse1939.exe
c:\windows\system32\zf85addwar91882.exe
c:\windows\z06625i9us71.dll
c:\windows\z092v9rus157.exe
c:\windows\z114hac9t5ol245.cpl
c:\windows\z1649orm2195.exe
c:\windows\z1b9steal757.exe
c:\windows\z2058not-a-vir5s9fa.ocx
c:\windows\z2848w5rm79a.cpl
c:\windows\z2949roj195.bin
c:\windows\z2960hackt5ol665.exe
c:\windows\z34cthre5t2019.cpl
c:\windows\z4455sp95d2.dll
c:\windows\z533hackt9ol52.exe
c:\windows\z5365t9oj20c.exe
c:\windows\z5557spy59a.ocx
c:\windows\z5705spamb9t6e75.dll
c:\windows\z58dthreat20419.exe
c:\windows\z59499irus5a5.exe
c:\windows\z660s95mbot6d3.cpl
c:\windows\z745hac9tool65e5.exe
c:\windows\z8259spamb5t971.dll
c:\windows\z8575spy902.ocx
c:\windows\z9255troj1b99.cpl
c:\windows\z9c0t9re5t25299.dll
c:\windows\z9est5al1629.exe
c:\windows\zb01ad5wa9e1763.cpl
c:\windows\zbc5thie91819.ocx
c:\windows\zc4dthreat52629.bin
c:\windows\zc93addwar51972.cpl
c:\windows\zf4a9pyware2235.bin
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-07-02 12:24 . 2009-07-02 12:24 -------- d-----w- c:\users\Philip\AppData\Local\temp
2009-07-01 23:27 . 2009-07-01 23:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-01 23:27 . 2009-07-01 23:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-01 23:27 . 2009-07-01 23:27 -------- d-----w- c:\program files\OpenAL
2009-06-29 19:47 . 2009-06-29 19:47 -------- d-----w- c:\program files\Fotosizer
2009-06-29 17:44 . 2009-06-30 15:39 -------- d-----w- c:\program files\Photo Viewer
2009-06-27 01:50 . 2009-06-29 00:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-27 01:50 . 2009-06-29 00:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-24 13:58 . 2009-06-24 13:58 -------- d-----w- c:\users\Philip\AppData\Roaming\mplayer
2009-06-24 01:27 . 2006-10-12 16:29 83504 ----a-w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\TEMP\ProgUpd.dll
2009-06-22 17:57 . 2009-06-22 17:57 -------- d-----w- c:\users\Philip\AppData\Roaming\Malwarebytes
2009-06-22 17:48 . 2009-06-22 17:48 -------- d-----w- c:\program files\Trend Micro
2009-06-22 16:51 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-22 16:51 . 2009-06-22 17:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-22 16:51 . 2009-06-22 16:51 -------- d-----w- c:\programdata\Malwarebytes
2009-06-22 16:51 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-22 15:02 . 2009-06-22 15:02 -------- d-----w- c:\program files\CCleaner
2009-06-21 20:19 . 2009-06-21 20:19 35 ----a-w- c:\users\Philip\AppData\Roaming\SetValue.bat
2009-06-19 04:56 . 2009-06-19 05:07 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-17 16:29 . 2009-06-17 16:29 -------- d-----w- c:\users\Philip\AppData\Roaming\Xerox
2009-06-16 19:01 . 2009-06-16 19:01 -------- d-----w- c:\users\Philip\AppData\Roaming\Yahoo!
2009-06-16 19:01 . 2009-06-16 19:01 -------- d-----w- c:\users\Philip\AppData\Roaming\GrabPro
2009-06-16 19:01 . 2009-06-16 19:03 -------- d-----w- c:\users\Philip\AppData\Roaming\Orbit
2009-06-15 18:08 . 2009-06-15 19:58 -------- d-----w- c:\users\Philip\AppData\Local\LogMeIn Rescue Calling Card
2009-06-15 18:08 . 2009-06-15 18:09 -------- d-----w- c:\program files\LogMeIn Rescue Calling Card
2009-06-15 15:37 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-15 15:37 . 2009-06-15 15:37 -------- d-----w- c:\program files\Panda Security
2009-06-12 21:03 . 2009-06-12 21:03 -------- d-----w- c:\program files\MagicISO
2009-06-12 18:51 . 2009-06-12 18:51 -------- d-----w- c:\users\Philip\AppData\Roaming\dvdcss
2009-06-12 18:07 . 2009-06-12 18:07 -------- d-----w- c:\users\Philip\AppData\Local\MagicSoftware
2009-06-12 18:07 . 2009-06-12 18:07 -------- d-----w- C:\MAGICDVDCOPY_TEMP
2009-06-12 18:06 . 2009-06-12 18:07 -------- d-----w- c:\users\Philip\AppData\Roaming\Vso
2009-06-12 18:06 . 2009-06-12 18:06 47360 ----a-w- c:\users\Philip\AppData\Roaming\pcouffin.sys
2009-06-12 17:51 . 2009-06-12 17:51 -------- d-----w- c:\program files\M4aMp3
2009-06-11 16:20 . 2009-06-11 16:21 -------- d-----w- c:\program files\win32dasm
2009-06-11 16:08 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-11 16:08 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-10 16:25 . 2009-06-30 12:26 -------- d-----w- c:\windows\LTSVC
2009-06-10 15:12 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-09 15:16 . 2009-06-09 15:16 -------- d-----w- c:\users\Philip\AppData\Roaming\LabTech Software
2009-06-07 22:46 . 2009-06-09 17:01 -------- d-----w- c:\program files\tsearch
2009-06-05 16:50 . 2009-01-14 19:16 -------- d-----w- C:\accsdk_win32_1_6_8
2009-06-04 21:31 . 2009-06-04 21:31 -------- d-----w- c:\users\Philip\AppData\Local\LabTech Software LLC
2009-06-04 21:15 . 2009-06-25 15:08 -------- d-----w- c:\program files\LabTech Client
2009-06-02 13:56 . 2009-06-02 13:56 -------- d-----w- c:\program files\iPod
2009-06-02 13:56 . 2009-06-02 13:56 -------- d-----w- c:\program files\iTunes
2009-06-02 13:53 . 2009-06-02 13:54 -------- d-----w- c:\program files\QuickTime
2009-06-02 13:46 . 2009-06-02 13:46 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 12:06 . 2009-02-01 01:21 -------- d-----w- c:\programdata\VMware
2009-07-02 12:04 . 2008-05-01 02:51 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-02 12:04 . 2008-10-09 14:58 -------- d-----w- c:\users\Philip\AppData\Roaming\DNA
2009-07-02 10:49 . 2008-09-28 15:38 -------- d-----w- c:\programdata\Google Updater
2009-07-02 10:46 . 2008-10-09 14:58 -------- d-----w- c:\program files\DNA
2009-07-01 23:59 . 2009-05-27 16:45 -------- d-----w- c:\users\Philip\AppData\Roaming\.anki
2009-07-01 00:02 . 2008-09-30 20:42 -------- d-----w- c:\users\Philip\AppData\Roaming\BitTorrent
2009-06-24 01:29 . 2008-02-29 04:27 -------- d-----w- c:\program files\AIM6
2009-06-24 01:29 . 2008-02-29 04:28 -------- d-----w- c:\programdata\Viewpoint
2009-06-24 01:28 . 2009-06-24 01:28 -------- d-----w- c:\programdata\AOL Downloads
2009-06-23 18:37 . 2008-10-14 01:32 -------- d-----w- c:\program files\Steam
2009-06-21 20:19 . 2009-06-21 20:19 691 ----a-w- c:\users\Philip\AppData\Roaming\GetValue.vbs
2009-06-19 17:11 . 2008-08-12 02:26 7944 ----a-w- c:\users\Philip\AppData\Local\d3d9caps.dat
2009-06-19 13:35 . 2008-09-28 15:38 -------- d-----w- c:\program files\Google
2009-06-17 00:51 . 2008-07-11 13:29 -------- d-----w- c:\program files\Yahoo!
2009-06-16 18:36 . 2008-07-27 05:25 1700880 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2009-06-12 21:02 . 2008-12-30 18:10 -------- d-----w- c:\program files\Xilisoft
2009-06-11 16:10 . 2008-02-29 05:15 -------- d-----w- c:\programdata\Microsoft Help
2009-06-11 14:12 . 2008-02-29 04:51 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 16:24 . 2008-07-14 01:34 -------- d-----w- c:\program files\Business Objects
2009-06-10 15:15 . 2008-07-15 23:40 27430 ----a-w- c:\users\Philip\AppData\Roaming\nvModes.dat
2009-06-09 17:00 . 2008-12-05 14:24 -------- d-----w- c:\program files\DOSBox-0.72
2009-06-09 16:41 . 2008-07-14 01:18 1715456 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-06-04 14:52 . 2009-05-26 14:07 -------- d-----w- c:\users\Philip\AppData\Roaming\mIRC
2009-06-02 13:56 . 2008-07-16 15:09 -------- d-----w- c:\program files\Common Files\Apple
2009-06-02 13:56 . 2008-07-16 15:10 -------- d-----w- c:\programdata\Apple Computer
2009-06-01 14:23 . 2008-07-11 13:35 122784 ----a-w- c:\users\Philip\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-01 11:52 . 2009-06-01 11:52 -------- d-----w- c:\users\Philip\AppData\Roaming\Sibelius Software
2009-06-01 11:52 . 2009-06-01 11:52 -------- d-----w- c:\program files\Musicnotes
2009-05-27 18:52 . 2009-05-27 18:52 -------- d-----w- c:\users\Philip\AppData\Roaming\.matplotlib
2009-05-27 16:44 . 2009-05-27 16:44 -------- d-----w- c:\program files\Anki
2009-05-26 14:36 . 2009-05-26 14:30 -------- d-----w- c:\users\Philip\AppData\Roaming\leafChat
2009-05-26 14:24 . 2009-05-26 14:20 -------- d-----w- c:\users\Philip\AppData\Roaming\X-Chat 2
2009-05-22 22:09 . 2009-05-22 22:09 127877 ----a-w- c:\users\Philip\AppData\Roaming\Move Networks\uninstall.exe
2009-05-22 22:09 . 2009-05-22 22:09 -------- d-----w- c:\users\Philip\AppData\Roaming\Move Networks
2009-05-22 22:09 . 2009-05-01 06:30 4183416 ----a-w- c:\users\Philip\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
2009-05-19 12:48 . 2008-10-14 01:52 -------- d-----w- c:\program files\Common Files\Steam
2009-05-19 05:36 . 2009-06-24 01:28 2884832 ----a-w- c:\programdata\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-06-24 01:28 28 ----a-w- c:\programdata\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-24 01:28 1484856 ----a-w- c:\programdata\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-06-24 01:28 97072 ----a-w- c:\programdata\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-06-24 01:28 25 ----a-w- c:\programdata\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-24 01:28 142040 ----a-w- c:\programdata\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-06-24 01:28 30512 ----a-w- c:\programdata\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-06-24 01:28 111920 ----a-w- c:\programdata\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-17 14:19 . 2008-05-01 03:20 -------- d-----w- c:\programdata\NVIDIA
2009-05-16 20:27 . 2008-05-01 03:15 -------- d-----w- c:\programdata\WildTangent
2009-05-16 01:40 . 2008-10-19 00:52 -------- d-----w- c:\users\Philip\AppData\Roaming\Hamachi
2009-05-15 11:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-10 22:36 . 2009-04-02 20:42 10134 ----a-r- c:\users\Philip\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-05-09 21:49 . 2008-07-16 14:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-09 05:50 . 2009-06-10 15:13 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 15:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-08 21:47 . 2008-07-14 01:25 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\users\Philip\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-04-23 12:42 . 2009-06-10 15:13 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 15:13 2033152 ----a-w- c:\windows\system32\win32k.sys
2002-10-25 14:02 . 2008-11-29 01:10 11197 ----a-w- c:\program files\UNWISE.INI
2002-07-26 21:02 . 2008-11-29 01:10 153088 ----a-w- c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-08 159744]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-10-29 64048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-07-17 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-09 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-09 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
Network Monitoring Tray.lnk - c:\windows\LTSVC\LTTray.exe [2009-4-22 430080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi8"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3958591771-1126899415-3006480088-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7C154DA9-96B9-4480-91C3-8FC2F9E01536}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3BD5CE79-4436-4204-921D-1B8E51162E77}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0A22178B-C5CD-4868-A8BA-B91A7681A0E9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ACE79C0C-21A9-4443-8313-E2B400B9DBD3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{167BE05E-A65C-476A-A01B-C3B1D78BD124}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A9AAFC9D-2385-4528-8147-2519D1E2E1D5}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{FA68AEC2-F352-4337-AB0D-991D8FB54BD9}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EB15CD0A-D009-44CE-8D41-FBCFEB5A258F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{505D8E7A-4BB1-4FD4-A73E-02A96164BEF3}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{654E0CEE-A297-4719-8778-E49A092A41E8}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F87F295F-D795-4C1B-98E2-E0955B847972}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7B247066-E8AC-4016-A7F5-F3630CA7E4E4}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{2EABEA6B-73BF-446A-8DC8-B255652F4D6B}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{CC729256-DA9F-44C5-A9B5-4B9F998E636C}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{E1FAFD41-C7BF-45FD-920F-67FA51F44337}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{3ABAD78C-05F7-4619-8CA3-739C26E03466}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A85F20C8-3066-4078-950F-E813E3719505}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BE125A03-74A0-45D2-BD91-E54CD9C912E3}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{291828A2-3AB2-497C-AAAE-F478DCA1B19E}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{11404974-2A62-407A-A39D-A54831E2E211}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{257038C4-4CF1-4BE8-B661-8088A92B2DAF}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{5683661D-BA0F-4D65-BB13-ED813963C381}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{E2B569E8-E927-4CA8-8F74-72FB7BBF7569}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{3C0BACDA-73B9-4208-AC1D-58BF4DAEC73C}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{BCABF9FE-5028-4779-A3B3-38B4839510CD}c:\\program files\\ea games\\mohaa\\mohaa.exe"= UDP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault
"UDP Query User{C5988953-5A62-4229-8B28-001199BC98E5}c:\\program files\\ea games\\mohaa\\mohaa.exe"= TCP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault
"{150B576A-7F2E-4C95-9071-742B152352E0}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{64DC54EE-4E49-4E34-9606-74C706C0EBCC}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{801B2BC8-C9DC-4754-9FC3-C57B5F4AB033}c:\\program files\\steam\\steamapps\\carpenoctum319\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\carpenoctum319\counter-strike source\hl2.exe:hl2
"UDP Query User{F4D26217-C3B0-4895-99E5-E994B3AF308E}c:\\program files\\steam\\steamapps\\carpenoctum319\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\carpenoctum319\counter-strike source\hl2.exe:hl2
"TCP Query User{0D49E10D-EC5B-4656-B184-BFA7C3D4240A}c:\\program files\\steam\\steamapps\\carpenoctum319\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\carpenoctum319\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{40848A26-C91C-4692-8A7A-465FE1E6E3FE}c:\\program files\\steam\\steamapps\\carpenoctum319\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\carpenoctum319\half-life 2 deathmatch\hl2.exe:hl2
"{AC022B66-6B39-41C5-8F50-6AAA9FFEDEA0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F803E459-5EBA-4884-BA34-FC2610805F6B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A229AEBE-424F-4A9F-8219-4248081AF9F5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7CF89123-7FFE-40A2-A7E7-1E2154EE99D2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{CF7F479C-DF5C-4B9F-A0D3-19F37987AB75}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{4A0AECE0-16D9-49B3-ADC6-22289156E8DA}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{1AF57C22-E449-44D9-A842-CE6C0AA61D84}c:\\program files\\eclipse\\eclipse.exe"= UDP:c:\program files\eclipse\eclipse.exe:eclipse
"UDP Query User{46006C01-3978-4269-B96D-D30D15F55063}c:\\program files\\eclipse\\eclipse.exe"= TCP:c:\program files\eclipse\eclipse.exe:eclipse
"{E5639647-68F6-416D-99BF-75C4DF80BD9A}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{C2F477DF-875D-45CB-97F5-6A0299EDC36E}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{D530270E-08EF-4014-9AA4-CFF9AE0AD947}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{5F63CC25-612A-41CE-864E-5CED2977F459}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{22F0C051-E72E-43D8-AF57-58298F24173A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{180D498F-D31C-4E55-8F3D-23B6CC2610BD}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{2CA1A1F9-BC04-40D8-8202-A5E0748B4B4C}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{DEC797D8-20F2-4DF7-A6FF-FFAC535FECCD}c:\\program files\\torque game engine demo\\demo.exe"= UDP:c:\program files\torque game engine demo\demo.exe:demo
"UDP Query User{A518F63E-FA2E-4DB6-AFBD-89E18B6106BE}c:\\program files\\torque game engine demo\\demo.exe"= TCP:c:\program files\torque game engine demo\demo.exe:demo
"TCP Query User{CEBA2B90-308C-43C7-B2B1-E2678B052155}c:\\xampp\\apache\\bin\\apache.exe"= UDP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server
"UDP Query User{B97F55FF-C38A-4F26-A78A-DA1A40A3F74A}c:\\xampp\\apache\\bin\\apache.exe"= TCP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server
"TCP Query User{02FEAEB1-6154-4BE5-A456-685E7DF12AF7}c:\\xampp\\mysql\\bin\\mysqld.exe"= UDP:c:\xampp\mysql\bin\mysqld.exe:mysqld
"UDP Query User{6F4D13FA-B907-49C2-8877-ED78A54A8382}c:\\xampp\\mysql\\bin\\mysqld.exe"= TCP:c:\xampp\mysql\bin\mysqld.exe:mysqld
"TCP Query User{80E9F7E1-E234-4F89-AD59-3BB3CE6B9966}c:\\program files\\phpdesigner 2008\\phpdesigner2008.exe"= UDP:c:\program files\phpdesigner 2008\phpdesigner2008.exe:phpDesigner2008
"UDP Query User{22EA4F66-C377-4D31-943A-3070F71E857F}c:\\program files\\phpdesigner 2008\\phpdesigner2008.exe"= TCP:c:\program files\phpdesigner 2008\phpdesigner2008.exe:phpDesigner2008
"TCP Query User{B7BD7AF3-C00E-4DAF-B6D2-7F6B0AE98B50}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{85C96C69-7BA6-4D37-9965-7996C746CFBB}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E183F825-3220-4E1C-9BB6-27654D0072ED}"= UDP:c:\program files\Anyplace Control 4\apc_host.exe:Anyplace Control - Host Module
"{389BCAEB-4BF8-49AA-9DEE-E0370E838D92}"= TCP:c:\program files\Anyplace Control 4\apc_host.exe:Anyplace Control - Host Module
"{F0A333B8-7BCB-4F71-AD83-71F241BDD0DE}"= UDP:c:\program files\VMware\VMware Player\vmware-authd.exe:VMware Authd
"{33BA8516-6F1B-408C-AB39-AFA851ADAFFB}"= TCP:c:\program files\VMware\VMware Player\vmware-authd.exe:VMware Authd
"TCP Query User{B5D455B3-A4B5-436B-8BB7-DA6B09744167}c:\\program files\\steam\\steamapps\\carpenoctum319\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\carpenoctum319\source sdk base\hl2.exe:hl2
"UDP Query User{7EED8399-8E53-4A9C-8415-F929086DC6FD}c:\\program files\\steam\\steamapps\\carpenoctum319\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\carpenoctum319\source sdk base\hl2.exe:hl2
"TCP Query User{E7E24832-4E4A-4A66-B5C3-497E66957253}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{063D21C6-F560-47F2-9336-D29A2D5A5E80}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"{9AA045E5-7B9D-41B1-8310-C5D913CFFC20}"= UDP:c:\program files\CCFile\ccfile.exe:CCFile
"{76A7B4A9-11E9-4BCC-BA4B-7391A298C6E5}"= TCP:c:\program files\CCFile\ccfile.exe:CCFile
"{38909F9A-AF83-45CF-8667-5634230F395E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2676C7E1-2168-4FB3-818A-9D75975CF212}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6B65DC03-5DEF-4DDA-BA9F-3B60D1D744F5}"= UDP:c:\program files\Steam\SteamApps\common\geometry wars\GeometryWars.exe:Geometry Wars
"{06699FA1-117F-49CE-8A73-33BB9E5D466A}"= TCP:c:\program files\Steam\SteamApps\common\geometry wars\GeometryWars.exe:Geometry Wars
"TCP Query User{83DA0233-C200-4552-BA87-559C4773DA56}c:\\worms armageddon\\wa.exe"= UDP:c:\worms armageddon\wa.exe:Worms Armageddon
"UDP Query User{F2314B2E-B9B5-4420-B618-5E7E3E50DBD2}c:\\worms armageddon\\wa.exe"= TCP:c:\worms armageddon\wa.exe:Worms Armageddon
"{714B7C88-ADC5-49E9-A392-7AD4B023A255}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{944C3344-5230-4986-BD23-817A5585E39E}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{C7E9FDFF-FA64-49BC-BF24-14A65846BD8E}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{376DCA30-59C9-4EFF-9689-A10348EC5E5D}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{40E4D570-07E5-4C85-80F2-50D923DD4323}c:\\program files\\xchat\\xchat.exe"= UDP:c:\program files\xchat\xchat.exe:XChat IRC Client
"UDP Query User{F0E851D2-9BAA-4858-93DB-EAD06C553B90}c:\\program files\\xchat\\xchat.exe"= TCP:c:\program files\xchat\xchat.exe:XChat IRC Client
"TCP Query User{996E9420-6C82-4D4B-8A6B-6CD95B0323D1}c:\\windows\\system32\\javaw.exe"= UDP:c:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{AC2D289F-4520-486B-906D-AECB64F96C91}c:\\windows\\system32\\javaw.exe"= TCP:c:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"{4571E4D8-28AB-44B3-93B8-253C544AC574}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{03ABA3B7-64DE-4AA6-B42B-BCF3A30287DA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{86618C97-3D61-4E24-A85C-35725B787170}c:\\program files\\labtech client\\ltclient.exe"= UDP:c:\program files\labtech client\ltclient.exe:LTClient
"UDP Query User{7A6D1D12-5D3C-4C8B-8B6D-CF954FAC2C40}c:\\program files\\labtech client\\ltclient.exe"= TCP:c:\program files\labtech client\ltclient.exe:LTClient
"TCP Query User{12FE33EF-DB63-414A-9DD3-C2EC0AE15643}c:\\accsdk_win32_1_6_8\\dist\\release\\accbuddy.exe"= UDP:c:\accsdk_win32_1_6_8\dist\release\accbuddy.exe:AccBuddy Sample Application
"UDP Query User{4119EC3C-8A30-4A11-AE1F-119F7A706500}c:\\accsdk_win32_1_6_8\\dist\\release\\accbuddy.exe"= TCP:c:\accsdk_win32_1_6_8\dist\release\accbuddy.exe:AccBuddy Sample Application
"TCP Query User{4033AAB6-C154-4002-B67A-15DE80E5FE28}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{239F2AF2-D097-4060-B67A-54C5B98913DC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{ADC6B8E6-6B9C-4366-A7AA-B0912EF4DAA3}c:\\users\\philip\\appdata\\local\\temp\\rarsfx0\\windows utilities\\installer32\\installationmanager.exe"= UDP:c:\users\philip\appdata\local\temp\rarsfx0\windows utilities\installer32\installationmanager.exe:installationmanager.exe
"UDP Query User{E5EF110D-8512-47C3-A57D-3269C56093FD}c:\\users\\philip\\appdata\\local\\temp\\rarsfx0\\windows utilities\\installer32\\installationmanager.exe"= TCP:c:\users\philip\appdata\local\temp\rarsfx0\windows utilities\installer32\installationmanager.exe:installationmanager.exe
"TCP Query User{9860E65A-9432-44A8-9B0F-83687E9DE417}c:\\xampp\\apache\\bin\\apache.exe"= UDP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server
"UDP Query User{66B44BAB-533F-4929-80C9-66369222AC8F}c:\\xampp\\apache\\bin\\apache.exe"= TCP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server
"TCP Query User{D2C65975-9F06-4D7D-A7B7-449766923317}c:\\xampp\\mysql\\bin\\mysqld.exe"= UDP:c:\xampp\mysql\bin\mysqld.exe:mysqld
"UDP Query User{FB39A351-4C19-4C4C-A2CC-8BE1242A5E93}c:\\xampp\\mysql\\bin\\mysqld.exe"= TCP:c:\xampp\mysql\bin\mysqld.exe:mysqld

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\xchat\\xchat.exe"= c:\program files\xchat\xchat.exe:*:Enabled:XChat IRC Client

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [6/15/2009 11:37 AM 28544]
R2 CALoadService;CALoadService;c:\program files\AMD\CodeAnalyst\bin\CALoadService.exe [10/30/2008 4:07 PM 65536]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [12/13/2007 11:07 AM 18944]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [1/22/2009 5:31 AM 185640]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/11/2008 9:51 PM 24652]
R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [10/29/2008 12:01 AM 54960]
R3 CAPROF;CAPROF;c:\program files\AMD\CodeAnalyst\bin\caprof.sys [10/30/2008 4:01 PM 47160]
S2 gupdate1c9f0e262a2b55a;Google Update Service (gupdate1c9f0e262a2b55a);c:\program files\Google\Update\GoogleUpdate.exe [6/19/2009 9:32 AM 133104]
S3 PL-40R;CASIO USB MIDI;c:\windows\System32\drivers\pl40rwdm.sys [1/6/2005 6:10 AM 18048]
S4 LTService;Liberteks;c:\windows\LTSvc\LTSVC.exe -sLTService --> c:\windows\LTSvc\LTSVC.exe -sLTService [?]
S4 LTSvcMon;Liberteks CheckUp Util;c:\windows\LTSVC\LTSvcMon.exe [6/10/2009 12:25 PM 86017]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-28 20:41]

2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 13:32]

2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 13:32]

2009-07-01 c:\windows\Tasks\HPCeeScheduleForPhilip.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-02-29 19:58]

2009-07-02 c:\windows\Tasks\User_Feed_Synchronization-{3B7FE522-F7F9-4C5D-A81E-F5A71EFD17B3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-19 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
Trusted Zone: dyndns.biz\liberteks
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 08:24
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-02 8:27
ComboFix-quarantined-files.txt 2009-07-02 12:27

Pre-Run: 62,214,090,752 bytes free
Post-Run: 62,254,080,000 bytes free

1128 --- E O F --- 2009-06-29 19:12


HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:30:42: AM, on 7/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: LastClosedTab - {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll (file missing)
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Network Monitoring Tray.lnk = C:\Windows\LTSVC\LTTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Open Last Closed Tab - {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: liberteks.dyndns.biz (HKLM)
O15 - Trusted IP range: 192.168.1.125 (HKLM)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/res.../wlscctrl2.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CALoadService - Advanced Micro Devices - C:\Program Files\AMD\CodeAnalyst\bin\CALoadService.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9f0e262a2b55a) (gupdate1c9f0e262a2b55a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10333 bytes
theMadHatter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-02-2009, 08:43 AM   #5 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,092
OS: XP


Re: Redirect Virus
Hello again

I see you have VM player installed, if you are going to do any risky surfing/downloading it should be done inside the VM player, there should be no excuse for having this amount of infections present, especially with VM player installed.

========

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: LastClosedTab - {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O9 - Extra button: Open Last Closed Tab - {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - mscoree.dll (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: liberteks.dyndns.biz (HKLM)
O15 - Trusted IP range: 192.168.1.125 (HKLM)

Please remember to close all other windows, including browsers then click Fix checked.


========

P2P

P2P - I see you have P2P software (BitTorrent and DNA) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are Here,
Here and Here.

=========


Click Start> Control Panel>Programs>Program and Features and uninstall the following programs:

Viewpoint Media Player<---Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

Additional Information Here

=========

Open notepad and copy/paste the text in the quotebox below into it:

Code:
Folder::
c:\program files\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy
c:\programdata\WildTangent

File::
c:\users\Philip\AppData\Roaming\SetValue.bat

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

=========

JAVA OUTDATED


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 14. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

=========

Download ATF-Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

=========

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

This animation will guide you through the process:




To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

========
Logs Required
C:\Combofix.txt
Kaspersky Scan Report

An update on how your system is running.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-02-2009, 03:50 PM   #6 (permalink)
Registered User
 
theMadHatter's Avatar
 
Join Date: Apr 2006
Location: Duanesburg, ny
Posts: 21
OS: Vista Ultimate 64 bit


Send a message via AIM to theMadHatter
Re: Redirect Virus
The combofix log is attached because it would have taken five posts to fit it in.

The redirects seem to have stopped working.
Thanks very much.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, July 2, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 02, 2009 18:08:15
Records in database: 2415233
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 318341
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 04:53:47

No malware has been detected. The scan area is clean.

The selected area was scanned.
Attached Files
File Type: txt ComboFix.txt (498.7 KB, 1 views)
theMadHatter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-02-2009, 04:13 PM   #7 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,092
OS: XP


Re: Redirect Virus
Hello again

If you have removed DNA and Bittorrent, then delete these folders in blue(if present):

c:\program files\DNA
c:\users\Philip\AppData\Roaming\DNA
c:\program files\BitTorrent
c:\users\Philip\AppData\Roaming\BitTorrent

Let me know if you have removed DNA/Bittorrent.

=========

Open notepad and copy/paste the text in the quotebox below into it:

Code:
Driver::
Viewpoint Manager Service

Folder::
c:\program files\Viewpoint
c:\programdata\Viewpoint

FileLook::
c:\program files\CCFile\ccfile.exe

DDS::
uInternet Settings,ProxyOverride = *.local
Save this as CFscript

caprof.sys





Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the C:\Combofix.txt in your reply.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-03-2009, 09:27 AM   #8 (permalink)
Registered User
 
theMadHatter's Avatar
 
Join Date: Apr 2006
Location: Duanesburg, ny
Posts: 21
OS: Vista Ultimate 64 bit


Send a message via AIM to theMadHatter
Re: Redirect Virus
I have removed DNA/Bittorrent.



ComboFix 09-07-01.04 - Philip 07/03/2009 11:04.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.2104 [GMT -4:00]
Running from: c:\users\Philip\Desktop\bru1.exe
Command switches used :: c:\users\Philip\Desktop\CFscript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\programdata\Viewpoint

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.

2009-07-03 15:13 . 2009-07-03 15:17 -------- d-----w- c:\users\Philip\AppData\Local\temp
2009-07-02 21:09 . 2009-07-02 21:09 -------- d-----w- c:\users\Philip\AppData\Local\AOL OCP
2009-07-02 21:08 . 2009-07-02 21:08 -------- d-----w- c:\users\Philip\AppData\Local\AOL
2009-07-02 18:49 . 2009-07-02 18:49 -------- d-----w- c:\users\Philip\AppData\Local\Apple Computer
2009-07-02 18:06 . 2009-07-02 18:07 -------- d-----w- c:\users\Philip\AppData\Local\Adobe
2009-07-01 23:27 . 2009-07-01 23:27 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-07-01 23:27 . 2009-07-01 23:27 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-07-01 23:27 . 2009-07-01 23:27 -------- d-----w- c:\program files\OpenAL
2009-06-29 19:47 . 2009-06-29 19:47 -------- d-----w- c:\program files\Fotosizer
2009-06-29 17:44 . 2009-06-30 15:39 -------- d-----w- c:\program files\Photo Viewer
2009-06-24 13:58 . 2009-06-24 13:58 -------- d-----w- c:\users\Philip\AppData\Roaming\mplayer
2009-06-24 01:27 . 2006-10-12 16:29 83504 ----a-w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\TEMP\ProgUpd.dll
2009-06-22 17:57 . 2009-06-22 17:57 -------- d-----w- c:\users\Philip\AppData\Roaming\Malwarebytes
2009-06-22 17:48 . 2009-06-22 17:48 -------- d-----w- c:\program files\Trend Micro
2009-06-22 16:51 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-22 16:51 . 2009-06-22 17:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-22 16:51 . 2009-06-22 16:51 -------- d-----w- c:\programdata\Malwarebytes
2009-06-22 16:51 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-22 15:02 . 2009-06-22 15:02 -------- d-----w- c:\program files\CCleaner
2009-06-19 04:56 . 2009-06-19 05:07 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-17 16:29 . 2009-06-17 16:29 -------- d-----w- c:\users\Philip\AppData\Roaming\Xerox
2009-06-16 19:01 . 2009-06-16 19:01 -------- d-----w- c:\users\Philip\AppData\Roaming\Yahoo!
2009-06-16 19:01 . 2009-06-16 19:01 -------- d-----w- c:\users\Philip\AppData\Roaming\GrabPro
2009-06-16 19:01 . 2009-06-16 19:03 -------- d-----w- c:\users\Philip\AppData\Roaming\Orbit
2009-06-15 18:08 . 2009-06-15 19:58 -------- d-----w- c:\users\Philip\AppData\Local\LogMeIn Rescue Calling Card
2009-06-15 18:08 . 2009-06-15 18:09 -------- d-----w- c:\program files\LogMeIn Rescue Calling Card
2009-06-15 15:37 . 2008-06-19 21:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-15 15:37 . 2009-06-15 15:37 -------- d-----w- c:\program files\Panda Security
2009-06-12 21:03 . 2009-06-12 21:03 -------- d-----w- c:\program files\MagicISO
2009-06-12 18:51 . 2009-06-12 18:51 -------- d-----w- c:\users\Philip\AppData\Roaming\dvdcss
2009-06-12 18:07 . 2009-06-12 18:07 -------- d-----w- c:\users\Philip\AppData\Local\MagicSoftware
2009-06-12 18:07 . 2009-06-12 18:07 -------- d-----w- C:\MAGICDVDCOPY_TEMP
2009-06-12 18:06 . 2009-06-12 18:07 -------- d-----w- c:\users\Philip\AppData\Roaming\Vso
2009-06-12 18:06 . 2009-06-12 18:06 47360 ----a-w- c:\users\Philip\AppData\Roaming\pcouffin.sys
2009-06-12 17:51 . 2009-06-12 17:51 -------- d-----w- c:\program files\M4aMp3
2009-06-11 16:20 . 2009-06-11 16:21 -------- d-----w- c:\program files\win32dasm
2009-06-11 16:08 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-11 16:08 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-10 16:25 . 2009-06-30 12:26 -------- d-----w- c:\windows\LTSVC
2009-06-10 15:12 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-09 15:16 . 2009-06-09 15:16 -------- d-----w- c:\users\Philip\AppData\Roaming\LabTech Software
2009-06-07 22:46 . 2009-06-09 17:01 -------- d-----w- c:\program files\tsearch
2009-06-05 16:50 . 2009-01-14 19:16 -------- d-----w- C:\accsdk_win32_1_6_8
2009-06-04 21:31 . 2009-06-04 21:31 -------- d-----w- c:\users\Philip\AppData\Local\LabTech Software LLC
2009-06-04 21:15 . 2009-06-25 15:08 -------- d-----w- c:\program files\LabTech Client

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 15:16 . 2009-02-01 01:21 -------- d-----w- c:\programdata\VMware
2009-07-03 15:13 . 2008-05-01 02:51 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-03 13:33 . 2008-09-10 01:03 2242 ----a-w- c:\users\Philip\AppData\Local\DreamCalc DC4G.dat
2009-07-03 13:10 . 2008-09-28 15:38 -------- d-----w- c:\programdata\Google Updater
2009-07-02 19:09 . 2008-07-16 15:12 -------- d-----w- c:\users\Philip\AppData\Roaming\Apple Computer
2009-07-02 15:55 . 2008-12-27 20:53 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-02 15:53 . 2008-02-29 05:45 -------- d-----w- c:\program files\Java
2009-07-02 12:45 . 2009-07-02 12:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-07-01 23:59 . 2009-05-27 16:45 -------- d-----w- c:\users\Philip\AppData\Roaming\.anki
2009-06-24 01:29 . 2008-02-29 04:27 -------- d-----w- c:\program files\AIM6
2009-06-24 01:28 . 2009-06-24 01:28 -------- d-----w- c:\programdata\AOL Downloads
2009-06-23 18:37 . 2008-10-14 01:32 -------- d-----w- c:\program files\Steam
2009-06-21 20:19 . 2009-06-21 20:19 691 ----a-w- c:\users\Philip\AppData\Roaming\GetValue.vbs
2009-06-19 17:11 . 2008-08-12 02:26 7944 ----a-w- c:\users\Philip\AppData\Local\d3d9caps.dat
2009-06-19 13:35 . 2008-09-28 15:38 -------- d-----w- c:\program files\Google
2009-06-17 00:51 . 2008-07-11 13:29 -------- d-----w- c:\program files\Yahoo!
2009-06-12 21:02 . 2008-12-30 18:10 -------- d-----w- c:\program files\Xilisoft
2009-06-11 16:10 . 2008-02-29 05:15 -------- d-----w- c:\programdata\Microsoft Help
2009-06-11 14:12 . 2008-02-29 04:51 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 16:24 . 2008-07-14 01:34 -------- d-----w- c:\program files\Business Objects
2009-06-10 15:15 . 2008-07-15 23:40 27430 ----a-w- c:\users\Philip\AppData\Roaming\nvModes.dat
2009-06-09 17:00 . 2008-12-05 14:24 -------- d-----w- c:\program files\DOSBox-0.72
2009-06-09 16:41 . 2008-07-14 01:18 1715456 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-06-04 14:52 . 2009-05-26 14:07 -------- d-----w- c:\users\Philip\AppData\Roaming\mIRC
2009-06-02 13:56 . 2009-06-02 13:56 -------- d-----w- c:\program files\iTunes
2009-06-02 13:56 . 2009-06-02 13:56 -------- d-----w- c:\program files\iPod
2009-06-02 13:56 . 2008-07-16 15:09 -------- d-----w- c:\program files\Common Files\Apple
2009-06-02 13:56 . 2008-07-16 15:10 -------- d-----w- c:\programdata\Apple Computer
2009-06-02 13:54 . 2009-06-02 13:53 -------- d-----w- c:\program files\QuickTime
2009-06-02 13:46 . 2009-06-02 13:46 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 14:23 . 2008-07-11 13:35 122784 ----a-w- c:\users\Philip\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-01 11:52 . 2009-06-01 11:52 -------- d-----w- c:\users\Philip\AppData\Roaming\Sibelius Software
2009-06-01 11:52 . 2009-06-01 11:52 -------- d-----w- c:\program files\Musicnotes
2009-05-27 18:52 . 2009-05-27 18:52 -------- d-----w- c:\users\Philip\AppData\Roaming\.matplotlib
2009-05-27 16:44 . 2009-05-27 16:44 -------- d-----w- c:\program files\Anki
2009-05-26 14:36 . 2009-05-26 14:30 -------- d-----w- c:\users\Philip\AppData\Roaming\leafChat
2009-05-26 14:24 . 2009-05-26 14:20 -------- d-----w- c:\users\Philip\AppData\Roaming\X-Chat 2
2009-05-22 22:09 . 2009-05-22 22:09 127877 ----a-w- c:\users\Philip\AppData\Roaming\Move Networks\uninstall.exe
2009-05-22 22:09 . 2009-05-22 22:09 -------- d-----w- c:\users\Philip\AppData\Roaming\Move Networks
2009-05-22 22:09 . 2009-05-01 06:30 4183416 ----a-w- c:\users\Philip\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
2009-05-19 12:48 . 2008-10-14 01:52 -------- d-----w- c:\program files\Common Files\Steam
2009-05-19 05:36 . 2009-06-24 01:28 2884832 ----a-w- c:\programdata\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-06-24 01:28 28 ----a-w- c:\programdata\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-24 01:28 1484856 ----a-w- c:\programdata\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-06-24 01:28 97072 ----a-w- c:\programdata\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-06-24 01:28 25 ----a-w- c:\programdata\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-24 01:28 142040 ----a-w- c:\programdata\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-06-24 01:28 30512 ----a-w- c:\programdata\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-06-24 01:28 111920 ----a-w- c:\programdata\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-17 14:19 . 2008-05-01 03:20 -------- d-----w- c:\programdata\NVIDIA
2009-05-16 01:40 . 2008-10-19 00:52 -------- d-----w- c:\users\Philip\AppData\Roaming\Hamachi
2009-05-15 11:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-10 22:36 . 2009-04-02 20:42 10134 ----a-r- c:\users\Philip\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-05-09 21:49 . 2008-07-16 14:13 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-09 05:50 . 2009-06-10 15:13 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 15:13 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-08 21:47 . 2008-07-14 01:25 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\users\Philip\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-04-23 12:42 . 2009-06-10 15:13 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 15:13 2033152 ----a-w- c:\windows\system32\win32k.sys
2002-10-25 14:02 . 2008-11-29 01:10 11197 ----a-w- c:\program files\UNWISE.INI
2002-07-26 21:02 . 2008-11-29 01:10 153088 ----a-w- c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((( SnapShot@2009-07-02_12.24.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-07-03 15:01 65928 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-11 13:23 . 2009-07-03 15:17 17276 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3958591771-1126899415-3006480088-1000_UserData.bin
- 2008-07-11 13:16 . 2009-07-02 12:04 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-11 13:16 . 2009-07-03 15:13 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-11 13:16 . 2009-07-03 15:13 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-11 13:16 . 2009-07-02 12:04 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-11 13:16 . 2009-07-03 15:13 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-11 13:16 . 2009-07-02 12:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:25 . 2009-06-17 16:27 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-07-02 13:24 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-06-17 16:27 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-07-02 13:24 51200 c:\windows\inf\infpub.dat
+ 2009-07-03 15:15 . 2009-07-03 15:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-02 12:05 . 2009-07-02 12:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-03 15:15 . 2009-07-03 15:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-02 12:05 . 2009-07-02 12:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-07-03 15:17 117656 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-04-07 21:02 . 2009-03-09 09:19 148888 c:\windows\System32\javaws.exe
+ 2009-07-02 15:55 . 2009-07-02 15:55 148888 c:\windows\System32\javaws.exe
- 2009-04-07 21:02 . 2009-03-09 09:19 144792 c:\windows\System32\javaw.exe
+ 2009-07-02 15:55 . 2009-07-02 15:55 144792 c:\windows\System32\javaw.exe
- 2009-04-07 21:02 . 2009-03-09 09:19 144792 c:\windows\System32\java.exe
+ 2009-07-02 15:55 . 2009-07-02 15:55 144792 c:\windows\System32\java.exe
- 2009-01-31 05:49 . 2009-07-02 12:04 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-01-31 05:49 . 2009-07-03 15:13 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2006-11-02 10:25 . 2009-06-17 16:27 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-07-02 13:24 143360 c:\windows\inf\infstrng.dat
+ 2009-07-02 15:55 . 2009-07-02 15:55 1563648 c:\windows\Installer\313049.msi
+ 2006-11-02 07:26 . 2006-11-02 09:39 15821312 c:\windows\System32\imageres2.dll
+ 2006-11-02 07:26 . 2007-02-08 22:04 15822336 c:\windows\System32\imageres.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-08 159744]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-10-29 64048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-07-17 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-09 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-09 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-09 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-02 148888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]
Network Monitoring Tray.lnk - c:\windows\LTSVC\LTTray.exe [2009-4-22 430080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi8"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3958591771-1126899415-3006480088-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7C154DA9-96B9-4480-91C3-8FC2F9E01536}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3BD5CE79-4436-4204-921D-1B8E51162E77}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0A22178B-C5CD-4868-A8BA-B91A7681A0E9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ACE79C0C-21A9-4443-8313-E2B400B9DBD3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{167BE05E-A65C-476A-A01B-C3B1D78BD124}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A9AAFC9D-2385-4528-8147-2519D1E2E1D5}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{FA68AEC2-F352-4337-AB0D-991D8FB54BD9}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EB15CD0A-D009-44CE-8D41-FBCFEB5A258F}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{505D8E7A-4BB1-4FD4-A73E-02A96164BEF3}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{654E0CEE-A297-4719-8778-E49A092A41E8}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F87F295F-D795-4C1B-98E2-E0955B847972}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7B247066-E8AC-4016-A7F5-F3630CA7E4E4}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{2EABEA6B-73BF-446A-8DC8-B255652F4D6B}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{CC729256-DA9F-44C5-A9B5-4B9F998E636C}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{E1FAFD41-C7BF-45FD-920F-67FA51F44337}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{3ABAD78C-05F7-4619-8CA3-739C26E03466}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A85F20C8-3066-4078-950F-E813E3719505}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{BE125A03-74A0-45D2-BD91-E54CD9C912E3}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{291828A2-3AB2-497C-AAAE-F478DCA1B19E}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{11404974-2A62-407A-A39D-A54831E2E211}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{257038C4-4CF1-4BE8-B661-8088A92B2DAF}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{5683661D-BA0F-4D65-BB13-ED813963C381}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{E2B569E8-E927-4CA8-8F74-72FB7BBF7569}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{3C0BACDA-73B9-4208-AC1D-58BF4DAEC73C}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{BCABF9FE-5028-4779-A3B3-38B4839510CD}c:\\program files\\ea games\\mohaa\\mohaa.exe"= UDP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault
"UDP Query User{C5988953-5A62-4229-8B28-001199BC98E5}c:\\program files\\ea games\\mohaa\\mohaa.exe"= TCP:c:\program files\ea games\mohaa\mohaa.exe:Medal of Honor Allied Assault
"{150B576A-7F2E-4C95-9071-742B152352E0}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{64DC54EE-4E49-4E34-9606-74C706C0EBCC}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{801B2BC8-C9DC-4754-9FC3-C57B5F4AB033}c:\\program files\\steam\\steamapps\\carpenoctum319\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\carpenoctum319\counter-strike source\hl2.exe:hl2
"UDP Query User{F4D26217-C3B0-4895-99E5-E994B3AF308E}c:\\program files\\steam\\steamapps\\carpenoctum319\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\carpenoctum319\counter-strike source\hl2.exe:hl2
"TCP Query User{0D49E10D-EC5B-4656-B184-BFA7C3D4240A}c:\\program files\\steam\\steamapps\\carpenoctum319\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\carpenoctum319\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{40848A26-C91C-4692-8A7A-465FE1E6E3FE}c:\\program files\\steam\\steamapps\\carpenoctum319\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\carpenoctum319\half-life 2 deathmatch\hl2.exe:hl2
"{AC022B66-6B39-41C5-8F50-6AAA9FFEDEA0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F803E459-5EBA-4884-BA34-FC2610805F6B}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A229AEBE-424F-4A9F-8219-4248081AF9F5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7CF89123-7FFE-40A2-A7E7-1E2154EE99D2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{CF7F479C-DF5C-4B9F-A0D3-19F37987AB75}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{4A0AECE0-16D9-49B3-ADC6-22289156E8DA}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{1AF57C22-E449-44D9-A842-CE6C0AA61D84}c:\\program files\\eclipse\\eclipse.exe"= UDP:c:\program files\eclipse\eclipse.exe:eclipse
"UDP Query User{46006C01-3978-4269-B96D-D30D15F55063}c:\\program files\\eclipse\\eclipse.exe"= TCP:c:\program files\eclipse\eclipse.exe:eclipse
"{D530270E-08EF-4014-9AA4-CFF9AE0AD947}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{5F63CC25-612A-41CE-864E-5CED2977F459}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{22F0C051-E72E-43D8-AF57-58298F24173A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{180D498F-D31C-4E55-8F3D-23B6CC2610BD}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{2CA1A1F9-BC04-40D8-8202-A5E0748B4B4C}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{DEC797D8-20F2-4DF7-A6FF-FFAC535FECCD}c:\\program files\\torque game engine demo\\demo.exe"= UDP:c:\program files\torque game engine demo\demo.exe:demo
"UDP Query User{A518F63E-FA2E-4DB6-AFBD-89E18B6106BE}c:\\program files\\torque game engine demo\\demo.exe"= TCP:c:\program files\torque game engine demo\demo.exe:demo
"TCP Query User{CEBA2B90-308C-43C7-B2B1-E2678B052155}c:\\xampp\\apache\\bin\\apache.exe"= UDP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server
"UDP Query User{B97F55FF-C38A-4F26-A78A-DA1A40A3F74A}c:\\xampp\\apache\\bin\\apache.exe"= TCP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server
"TCP Query User{02FEAEB1-6154-4BE5-A456-685E7DF12AF7}c:\\xampp\\mysql\\bin\\mysqld.exe"= UDP:c:\xampp\mysql\bin\mysqld.exe:mysqld
"UDP Query User{6F4D13FA-B907-49C2-8877-ED78A54A8382}c:\\xampp\\mysql\\bin\\mysqld.exe"= TCP:c:\xampp\mysql\bin\mysqld.exe:mysqld
"TCP Query User{80E9F7E1-E234-4F89-AD59-3BB3CE6B9966}c:\\program files\\phpdesigner 2008\\phpdesigner2008.exe"= UDP:c:\program files\phpdesigner 2008\phpdesigner2008.exe:phpDesigner2008
"UDP Query User{22EA4F66-C377-4D31-943A-3070F71E857F}c:\\program files\\phpdesigner 2008\\phpdesigner2008.exe"= TCP:c:\program files\phpdesigner 2008\phpdesigner2008.exe:phpDesigner2008
"TCP Query User{B7BD7AF3-C00E-4DAF-B6D2-7F6B0AE98B50}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{85C96C69-7BA6-4D37-9965-7996C746CFBB}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E183F825-3220-4E1C-9BB6-27654D0072ED}"= UDP:c:\program files\Anyplace Control 4\apc_host.exe:Anyplace Control - Host Module
"{389BCAEB-4BF8-49AA-9DEE-E0370E838D92}"= TCP:c:\program files\Anyplace Control 4\apc_host.exe:Anyplace Control - Host Module
"{F0A333B8-7BCB-4F71-AD83-71F241BDD0DE}"= UDP:c:\program files\VMware\VMware Player\vmware-authd.exe:VMware Authd
"{33BA8516-6F1B-408C-AB39-AFA851ADAFFB}"= TCP:c:\program files\VMware\VMware Player\vmware-authd.exe:VMware Authd
"TCP Query User{B5D455B3-A4B5-436B-8BB7-DA6B09744167}c:\\program files\\steam\\steamapps\\carpenoctum319\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\carpenoctum319\source sdk base\hl2.exe:hl2
"UDP Query User{7EED8399-8E53-4A9C-8415-F929086DC6FD}c:\\program files\\steam\\steamapps\\carpenoctum319\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\carpenoctum319\source sdk base\hl2.exe:hl2
"TCP Query User{E7E24832-4E4A-4A66-B5C3-497E66957253}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{063D21C6-F560-47F2-9336-D29A2D5A5E80}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"{9AA045E5-7B9D-41B1-8310-C5D913CFFC20}"= UDP:c:\program files\CCFile\ccfile.exe:CCFile
"{76A7B4A9-11E9-4BCC-BA4B-7391A298C6E5}"= TCP:c:\program files\CCFile\ccfile.exe:CCFile
"{38909F9A-AF83-45CF-8667-5634230F395E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2676C7E1-2168-4FB3-818A-9D75975CF212}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6B65DC03-5DEF-4DDA-BA9F-3B60D1D744F5}"= UDP:c:\program files\Steam\SteamApps\common\geometry wars\GeometryWars.exe:Geometry Wars
"{06699FA1-117F-49CE-8A73-33BB9E5D466A}"= TCP:c:\program files\Steam\SteamApps\common\geometry wars\GeometryWars.exe:Geometry Wars
"TCP Query User{83DA0233-C200-4552-BA87-559C4773DA56}c:\\worms armageddon\\wa.exe"= UDP:c:\worms armageddon\wa.exe:Worms Armageddon
"UDP Query User{F2314B2E-B9B5-4420-B618-5E7E3E50DBD2}c:\\worms armageddon\\wa.exe"= TCP:c:\worms armageddon\wa.exe:Worms Armageddon
"{714B7C88-ADC5-49E9-A392-7AD4B023A255}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{944C3344-5230-4986-BD23-817A5585E39E}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{C7E9FDFF-FA64-49BC-BF24-14A65846BD8E}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{376DCA30-59C9-4EFF-9689-A10348EC5E5D}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{40E4D570-07E5-4C85-80F2-50D923DD4323}c:\\program files\\xchat\\xchat.exe"= UDP:c:\program files\xchat\xchat.exe:XChat IRC Client
"UDP Query User{F0E851D2-9BAA-4858-93DB-EAD06C553B90}c:\\program files\\xchat\\xchat.exe"= TCP:c:\program files\xchat\xchat.exe:XChat IRC Client
"TCP Query User{996E9420-6C82-4D4B-8A6B-6CD95B0323D1}c:\\windows\\system32\\javaw.exe"= UDP:c:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{AC2D289F-4520-486B-906D-AECB64F96C91}c:\\windows\\system32\\javaw.exe"= TCP:c:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"{4571E4D8-28AB-44B3-93B8-253C544AC574}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{03ABA3B7-64DE-4AA6-B42B-BCF3A30287DA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{86618C97-3D61-4E24-A85C-35725B787170}c:\\program files\\labtech client\\ltclient.exe"= UDP:c:\program files\labtech client\ltclient.exe:LTClient
"UDP Query User{7A6D1D12-5D3C-4C8B-8B6D-CF954FAC2C40}c:\\program files\\labtech client\\ltclient.exe"= TCP:c:\program files\labtech client\ltclient.exe:LTClient
"TCP Query User{12FE33EF-DB63-414A-9DD3-C2EC0AE15643}c:\\accsdk_win32_1_6_8\\dist\\release\\accbuddy.exe"= UDP:c:\accsdk_win32_1_6_8\dist\release\accbuddy.exe:AccBuddy Sample Application
"UDP Query User{4119EC3C-8A30-4A11-AE1F-119F7A706500}c:\\accsdk_win32_1_6_8\\dist\\release\\accbuddy.exe"= TCP:c:\accsdk_win32_1_6_8\dist\release\accbuddy.exe:AccBuddy Sample Application
"TCP Query User{4033AAB6-C154-4002-B67A-15DE80E5FE28}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{239F2AF2-D097-4060-B67A-54C5B98913DC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{ADC6B8E6-6B9C-4366-A7AA-B0912EF4DAA3}c:\\users\\philip\\appdata\\local\\temp\\rarsfx0\\windows utilities\\installer32\\installationmanager.exe"= UDP:c:\users\philip\appdata\local\temp\rarsfx0\windows utilities\installer32\installationmanager.exe:installationmanager.exe
"UDP Query User{E5EF110D-8512-47C3-A57D-3269C56093FD}c:\\users\\philip\\appdata\\local\\temp\\rarsfx0\\windows utilities\\installer32\\installationmanager.exe"= TCP:c:\users\philip\appdata\local\temp\rarsfx0\windows utilities\installer32\installationmanager.exe:installationmanager.exe
"TCP Query User{9860E65A-9432-44A8-9B0F-83687E9DE417}c:\\xampp\\apache\\bin\\apache.exe"= UDP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server
"UDP Query User{66B44BAB-533F-4929-80C9-66369222AC8F}c:\\xampp\\apache\\bin\\apache.exe"= TCP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server
"TCP Query User{D2C65975-9F06-4D7D-A7B7-449766923317}c:\\xampp\\mysql\\bin\\mysqld.exe"= UDP:c:\xampp\mysql\bin\mysqld.exe:mysqld
"UDP Query User{FB39A351-4C19-4C4C-A2CC-8BE1242A5E93}c:\\xampp\\mysql\\bin\\mysqld.exe"= TCP:c:\xampp\mysql\bin\mysqld.exe:mysqld

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\xchat\\xchat.exe"= c:\program files\xchat\xchat.exe:*:Enabled:XChat IRC Client

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [6/15/2009 11:37 AM 28544]
R2 CALoadService;CALoadService;c:\program files\AMD\CodeAnalyst\bin\CALoadService.exe [10/30/2008 4:07 PM 65536]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [12/13/2007 11:07 AM 18944]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [1/22/2009 5:31 AM 185640]
R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [10/29/2008 12:01 AM 54960]
R3 CAPROF;CAPROF;c:\program files\AMD\CodeAnalyst\bin\caprof.sys [10/30/2008 4:01 PM 47160]
S2 gupdate1c9f0e262a2b55a;Google Update Service (gupdate1c9f0e262a2b55a);c:\program files\Google\Update\GoogleUpdate.exe [6/19/2009 9:32 AM 133104]
S3 PL-40R;CASIO USB MIDI;c:\windows\System32\drivers\pl40rwdm.sys [1/6/2005 6:10 AM 18048]
S4 LTService;Liberteks;c:\windows\LTSvc\LTSVC.exe -sLTService --> c:\windows\LTSvc\LTSVC.exe -sLTService [?]
S4 LTSvcMon;Liberteks CheckUp Util;c:\windows\LTSVC\LTSvcMon.exe [6/10/2009 12:25 PM 86017]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-07-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-28 20:41]

2009-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 13:32]

2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-19 13:32]

2009-07-01 c:\windows\Tasks\HPCeeScheduleForPhilip.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-02-29 19:58]

2009-07-03 c:\windows\Tasks\User_Feed_Synchronization-{3B7FE522-F7F9-4C5D-A81E-F5A71EFD17B3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-19 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-03 11:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5360)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\System32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\System32\rundll32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\vmnat.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\windows\System32\vmnetdhcp.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\windows\System32\rundll32.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
.
**************************************************************************
.
Completion time: 2009-07-03 11:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-03 15:25
ComboFix2.txt 2009-07-02 12:50

Pre-Run: 63,073,992,704 bytes free
Post-Run: 62,820,216,832 bytes free

446 --- E O F --- 2009-07-03 13:15
theMadHatter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-03-2009, 09:56 AM   #9 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,092
OS: XP


Re: Redirect Virus
Hello again

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
{291828A2-3AB2-497C-AAAE-F478DCA1B19E}"=-
"{11404974-2A62-407A-A39D-A54831E2E211}"=-
"{257038C4-4CF1-4BE8-B661-8088A92B2DAF}"=-
"{5683661D-BA0F-4D65-BB13-ED813963C381}"=-
"{150B576A-7F2E-4C95-9071-742B152352E0}"=-
"{64DC54EE-4E49-4E34-9606-74C706C0EBCC}"=-
"{D530270E-08EF-4014-9AA4-CFF9AE0AD947}"=-
"{5F63CC25-612A-41CE-864E-5CED2977F459}"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

Save the file as "Fix.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the Fix.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

=========

If there are no further issues, continue below.

=========

Delete DDS from your desktop, you can keep ATF-Cleaner if you wish... otherwise delete from desktop.

=========

Well done, your logs are clean.

Click start>run>type(or copy/paste command into run box):

ComboFix /u

Click ok.

==========

Clear IE7 cookies

*On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
*On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too].
*Click OK, and then click OK again.


Clear Firefox cookies/cache

• Select "Tools"
• Select "Options".
• Select "Privacy".
• In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want.
• Click OK.
• In Private area click "Clear Now".

-------------------------------------------------------------------------------------------

MICROSOFT UPDATES

1.Click Start,Run, type sysdm.cpl, and then press OK.
2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended).

Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday".

------------------------------------------------------------------------------------------

Useful Information and Programs to keep you safe.

WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites.

WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites.


For Internet Explorer users:
WOT for IE

--------------------------------------------------------------------------------------

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Avant
Firefox
Opera
K-Meleon

------------------------------------------------------------------------------------------

Free Antispyware Products
SuperAntiSpyware
Malwarebytes ' Anti-Malware

SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items

------------------------------------------------------------------

The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

If your having trouble downloading & extracting,see link below for guidance:
http://www.mvps.org/winhelp2002/hosts2.htm

Once you have extracted the host file,double click on it and a new window will open.

Double-click on mvps.batand follow the prompts

---------------------------------------------------------------

Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

----------------------------------------

SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users.

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

==============================================

Secunia PSI is a programme that will alert you to vulnerabilities and outdated programs you have installed, such as Java, Flash Player and many more.

It can also alert you if you have not installed the latest patches from Microsoft.

==============================================

Also, please take a look at this well written article:

PC Safety and Security--What Do I Need?

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Please reply to this thread once more, as we may mark this as resolved, thanks.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-03-2009, 10:21 AM   #10 (permalink)
Registered User
 
theMadHatter's Avatar
 
Join Date: Apr 2006
Location: Duanesburg, ny
Posts: 21
OS: Vista Ultimate 64 bit


Send a message via AIM to theMadHatter
Re: Redirect Virus
Thank you very much!
theMadHatter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-03-2009, 10:31 AM   #11 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,092
OS: XP


Re: Redirect Virus
You`re welcome, take care
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:37 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85