Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Infected MSN messenger

This is a discussion on Infected MSN messenger within the Resolved HJT Threads forums, part of the Tech Support Forum category. Original thread https://www.techsupportforum.com/f100...sn-408731.html My MSN messenger is sending this msg out to my friends automatically: "h tt p://lmageshack.info/i/picqrwa.jpg don't click


 
 
Thread Tools Search this Thread
Old 08-29-2009, 10:08 AM   #1
Registered Member
 
Join Date: Nov 2007
Posts: 26
OS: p4



Original thread

https://www.techsupportforum.com/f100...sn-408731.html


My MSN messenger is sending this msg out to my friends automatically:

"http://lmageshack.info/i/picqrwa.jpg
don't click on it"







DDS (Ver_09-07-30.01) - NTFSx86
Run by master at 9:45:55.06 on Sat 08/29/2009
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1090 [GMT -7:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\p2phost.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Microsoft SQL Server\MSAS10.SS2K8\OLAP\bin\msmdsrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
C:\Microsoft SQL Server\MSSQL10.SS2K8\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Microsoft SQL Server\MSRS10.SS2K8\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Microsoft SQL Server\MSSQL10.SS2K8\MSSQL\Binn\fdlauncher.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Microsoft SQL Server\MSSQL10.SS2K8\MSSQL\Binn\fdhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\master\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-8355284605-1995916263-947694572-8816\rundll32.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
{7febefe3-6b19-4349-98d2-ffb09d4b49ca}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [StopMessengerSpam] c:\program files\stopmessengerspam\StopMessengerSpam.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\users\master\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\morpheus.lnk - c:\program files\morpheus\Morpheus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\VONGOT~1.LNK -
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~3.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: multnomah.or.us\robin.co
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://stoogetv.com/SOPCORE.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll

============= SERVICES / DRIVERS ===============

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-8-16 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-8-16 41424]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2008-12-18 202592]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
R2 MSOLAP$SS2K8;SQL Server Analysis Services (SS2K8);c:\microsoft sql server\msas10.ss2k8\olap\bin\msmdsrv.exe [2008-7-10 21945368]
R2 MSSQL$SS2K8;SQL Server (SS2K8);c:\microsoft sql server\mssql10.ss2k8\mssql\binn\sqlservr.exe [2008-7-10 40999448]
R2 ReportServer$SS2K8;SQL Server Reporting Services (SS2K8);c:\microsoft sql server\msrs10.ss2k8\reporting services\reportserver\bin\ReportingServicesService.exe [2008-7-10 1106968]
R3 MSSQLFDLauncher$SS2K8;SQL Full-text Filter Daemon Launcher (SS2K8);c:\microsoft sql server\mssql10.ss2k8\mssql\binn\fdlauncher.exe [2008-7-10 31256]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-8-5 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-8-5 99472]
S3 SQLAgent$SS2K8;SQL Server Agent (SS2K8);c:\microsoft sql server\mssql10.ss2k8\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

=============== Created Last 30 ================

2009-08-27 18:55 <DIR> --d----- C:\hijackthis_sfx
2009-08-22 12:15 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-08-22 12:14 <DIR> --d----- c:\program files\MSECache
2009-08-18 00:33 <DIR> --d----- c:\windows\system32\WinNTDlls
2009-08-18 00:33 <DIR> --d----- c:\windows\system32\Win98Dlls
2009-08-18 00:33 <DIR> --d----- c:\program files\Microsoft Press Training Kit Exam Prep
2009-08-16 13:55 <DIR> --d----- c:\users\master\.VirtualBox
2009-08-16 13:53 115,856 a------- c:\windows\system32\drivers\VBoxDrv.sys
2009-08-16 13:53 41,424 a------- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-08-16 13:53 <DIR> --d----- c:\program files\Sun
2009-08-11 14:00 <DIR> --d----- c:\programdata\Tencent
2009-08-11 14:00 <DIR> --d----- c:\progra~2\Tencent
2009-08-11 14:00 <DIR> --d----- c:\users\master\appdata\roaming\Tencent
2009-08-11 14:00 <DIR> --d----- C:\Download
2009-08-11 14:00 <DIR> --d----- c:\program files\Tencent
2009-08-11 00:18 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-08-11 00:13 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
2009-08-11 00:13 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2009-08-11 00:13 462,864 a------- c:\windows\system32\d3dx10_37.dll
2009-08-11 00:13 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-08-11 00:12 <DIR> --d----- c:\windows\system32\xlive
2009-08-11 00:12 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-08-10 00:09 <DIR> --d----- c:\windows\system32\directx
2009-08-05 16:20 133,648 a------- c:\windows\system32\VBoxNetFltNotify.dll
2009-08-05 16:20 99,472 a------- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-08-05 16:20 91,472 a------- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-07-31 18:33 <DIR> --d----- C:\QvodPlayer

==================== Find3M ====================

2009-08-29 09:45 55,302 a------- c:\programdata\nvModes.dat
2009-08-29 09:45 55,302 a------- c:\progra~2\nvModes.dat
2009-08-25 16:16 51,200 a------- c:\windows\inf\infpub.dat
2009-08-25 16:16 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-16 14:01 86,016 a------- c:\windows\inf\infstor.dat
2009-06-19 01:48 54,318 a------- c:\users\master\appdata\roaming\nvModes.dat
2009-06-16 08:46 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-23 21:53 56 a---h--- c:\programdata\ezsidmv.dat
2009-04-23 21:53 56 a---h--- c:\progra~2\ezsidmv.dat
2008-06-25 20:15 174 a--sh--- c:\program files\desktop.ini
2008-06-09 21:55 691 a------- c:\users\master\appdata\roaming\GetValue.vbs
2008-06-09 21:55 35 a------- c:\users\master\appdata\roaming\SetValue.bat
2008-06-05 18:24 47 a------- c:\users\master\readme.bat
2008-05-24 02:51 262,144 a------- c:\progra~2\ntuser.dat
2008-05-23 00:30 120 a------- c:\program files\Program Files.ini
2008-03-10 14:37 32 a------- c:\programdata\ezsid.dat
2008-03-10 14:37 32 a------- c:\progra~2\ezsid.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2006-03-04 18:47 262,144 a------- c:\program files\unst0_0.exe

============= FINISH: 9:46:25.23 ===============
Attached Files
File Type: zip attach.zip (5.9 KB, 22 views)
escaleraroyal is offline  
Sponsored Links
Advertisement
 
Old 09-05-2009, 04:35 AM   #2
Security Team
Analyst
 
Join Date: Jun 2008
Location: Finland
Posts: 1,454
OS: Win7 64-bit, Win8.1 64-bit



Hi,

You seem so have P2P file sharing software installed there. Please take a moment to read this topic > https://www.techsupportforum.com/f50/...ng-305923.html

I recommend to uninstall such software.


Please visit this webpage for download links, and instructions for running ComboFix tool:

https://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.


You should also change your MSN Messenger password from a safe known computer.
Blade81 is offline  
Old 09-05-2009, 03:13 PM   #3
Registered Member
 
Join Date: Nov 2007
Posts: 26
OS: p4



ComboFix 09-09-05.01 - master 09/05/2009 12:50.6.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1636 [GMT -7:00]
Running from: c:\users\master\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3741081481-2426508949-2978702852-500
c:\$recycle.bin\S-1-5-21-3941799431-3655476644-333612531-500
c:\programdata\ntuser.dat{4dd95a44-ceba-11dc-8b40-001b24f99180}.TMContainer00000000000000000001.regtrans-ms
c:\programdata\ntuser.dat{d5ea5df9-23de-11dd-9639-001b24f99180}.TMContainer00000000000000000001.regtrans-ms
c:\recycler\S-1-5-21-1888620700-2386222755-355396205-9262
c:\recycler\S-1-5-21-8355284605-1995916263-947694572-8816
c:\recycler\S-1-5-21-8355284605-1995916263-947694572-8816\Desktop.ini
c:\recycler\S-1-5-21-8355284605-1995916263-947694572-8816\rundll32.exe
c:\users\master\AppData\Roaming\bcrypt.html
c:\windows\Installer\3f853.msi
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-09-05 19:59 . 2009-09-05 19:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-02 03:56 . 2009-09-02 04:18 -------- d-----w- C:\9467e9abe9c02ab9d0bab1c6d4
2009-08-28 01:55 . 2009-08-28 02:21 -------- d-----w- C:\hijackthis_sfx
2009-08-22 19:15 . 2009-08-22 19:15 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-08-22 19:14 . 2009-08-22 19:14 -------- d-----w- c:\program files\MSECache
2009-08-18 07:33 . 2009-08-18 07:33 -------- d-----w- c:\windows\system32\WinNTDlls
2009-08-18 07:33 . 2009-08-18 07:33 -------- d-----w- c:\program files\Microsoft Press Training Kit Exam Prep
2009-08-18 07:33 . 2009-08-18 07:33 -------- d-----w- c:\windows\system32\Win98Dlls
2009-08-16 20:55 . 2009-08-16 20:58 -------- d-----w- c:\users\master\.VirtualBox
2009-08-16 20:53 . 2009-08-05 23:19 115856 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-08-16 20:53 . 2009-08-05 23:21 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-08-16 20:53 . 2009-08-16 20:53 -------- d-----w- c:\program files\Sun
2009-08-11 21:00 . 2009-08-11 21:10 -------- d-----w- c:\programdata\Tencent
2009-08-11 21:00 . 2009-08-11 21:00 -------- d-----w- c:\users\master\AppData\Roaming\Tencent
2009-08-11 21:00 . 2009-08-11 21:00 -------- d-----w- C:\Download
2009-08-11 21:00 . 2009-08-16 08:36 -------- d-----w- c:\program files\Tencent
2009-08-11 07:13 . 2008-03-05 22:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-08-11 07:13 . 2008-03-05 22:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-08-11 07:13 . 2008-02-06 06:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-08-11 07:13 . 2007-04-05 01:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-08-11 07:12 . 2009-08-11 07:13 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-11 07:12 . 2009-08-11 07:12 -------- d-----w- c:\windows\system32\xlive
2009-08-10 07:04 . 2009-08-10 07:04 -------- d-----w- c:\users\master\AppData\Local\CAPCOM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 20:07 . 2009-01-02 09:43 -------- d-----w- c:\users\master\AppData\Roaming\LimeWire
2009-09-05 19:47 . 2009-06-19 09:21 55302 ----a-w- c:\programdata\nvModes.dat
2009-09-05 19:45 . 2008-01-30 22:31 -------- d-----w- c:\users\master\AppData\Roaming\uTorrent
2009-09-02 04:17 . 2007-11-26 05:02 -------- d-----w- c:\programdata\Microsoft Help
2009-09-02 04:12 . 2008-02-15 04:47 -------- d-----w- c:\program files\Microsoft SQL Server
2009-08-30 00:59 . 2008-09-28 19:53 -------- d-----w- c:\program files\Starcraft
2009-08-18 09:53 . 2008-01-29 00:14 -------- d-----w- c:\program files\Real
2009-08-18 09:43 . 2008-01-20 21:08 94392 ----a-w- c:\users\master\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-05 23:20 . 2009-08-05 23:20 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2009-08-05 23:20 . 2009-08-05 23:20 99472 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-08-05 23:20 . 2009-08-05 23:20 91472 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-08-01 03:10 . 2008-05-08 04:16 -------- d-----w- c:\program files\Common Files\Intuit
2009-08-01 03:04 . 2008-01-20 21:00 -------- d-----w- c:\program files\Electronic Arts
2009-06-19 08:48 . 2008-02-10 21:24 54318 ----a-w- c:\users\master\AppData\Roaming\nvModes.dat
2008-05-23 07:30 . 2008-05-23 07:30 120 ----a-w- c:\program files\Program Files.ini
2006-03-05 01:47 . 2008-05-23 07:30 262144 ----a-w- c:\program files\unst0_0.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-14 1688872]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-19 192000]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-17 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"StopMessengerSpam"="c:\program files\StopMessengerSpam\StopMessengerSpam.exe" [2002-12-19 77824]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-12-04 711200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-10 4390912]

c:\users\master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):03,c0,a2,33,9b,ee,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3741081481-2426508949-2978702852-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{334D7D46-1D66-4022-9908-87E1DE0A7302}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BB94DB1A-C77D-4DCA-92AD-54C57CE00BEE}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{7B7D14B1-C7CA-4E65-A56B-B4E6D0B1FF4B}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{547192FF-6A40-4864-9D00-AFECDB174310}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{391B6388-EF39-4888-80F0-848D80BEDBAC}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F03776F8-FA59-4F49-A87C-38E4C8EA9856}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{83C3586C-66B5-4931-BFDD-44D97CCBE7FF}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A6CFE4D9-FAAA-4D67-8343-52AB596F832C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6D6961DD-C4B6-43A5-B491-02833B8DDE6C}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{71D445E7-CC7B-40AE-A284-BF369619EC17}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{DE6BA1DD-B26C-4F07-9247-FF66F67243BE}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{0D722815-130E-42DC-9D69-D49FDF1DF5C9}c:\\users\\master\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\msnmsgr.exe"= UDP:c:\users\master\appdata\roaming\microsoft\internet explorer\quick launch\msnmsgr.exe:msnmsgr.exe
"UDP Query User{F00770E8-9806-4594-A2F9-39237B555435}c:\\users\\master\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\msnmsgr.exe"= TCP:c:\users\master\appdata\roaming\microsoft\internet explorer\quick launch\msnmsgr.exe:msnmsgr.exe
"TCP Query User{25C6FF2B-6525-48CC-BEFF-5283AD96B805}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5807F3F5-72EC-441E-BD1A-9C36A4D731CE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{38B327DA-1E90-472A-BEE7-4FCB825A76B8}"= UDP:c:\program files\Morpheus\Morpheus.exe:Morpheus
"{B45AB972-1D01-40D5-B0A9-FFC49A4CCE7E}"= TCP:c:\program files\Morpheus\Morpheus.exe:Morpheus
"{DD25CB20-12E3-4827-BA7B-475749153F42}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{15366C86-6017-4C5F-A2A8-2D49D7DD3DD9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{40EB1EEF-BEF9-4B12-8D2B-29181854D2BA}"= UDP:c:\program files\thunder network\thunder\Program\Thunder5.exe:Thunder
"{9EE0536C-810C-427E-B9BC-54040D0B23C0}"= TCP:c:\program files\thunder network\thunder\Program\Thunder5.exe:Thunder
"{D81B5118-C8A2-4536-91D5-2D7123013368}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{085B9DC8-7E3F-4974-B4E1-7E589D76AC90}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\PPStream\\PPStream.exe"= c:\program files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ
"c:\\Program Files\\PPStream\\PPSAP.exe"= c:\program files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷

R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [8/16/2009 1:53 PM 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [8/16/2009 1:53 PM 41424]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [11/24/2008 11:26 PM 203616]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [7/10/2008 1:22 AM 218136]
R2 MSOLAP$SS2K8;SQL Server Analysis Services (SS2K8);c:\microsoft sql server\MSAS10.SS2K8\OLAP\bin\msmdsrv.exe [7/10/2008 1:22 AM 21945368]
R2 MSSQL$SS2K8;SQL Server (SS2K8);c:\microsoft sql server\MSSQL10.SS2K8\MSSQL\Binn\sqlservr.exe [7/10/2008 2:49 AM 40999448]
R2 ReportServer$SS2K8;SQL Server Reporting Services (SS2K8);c:\microsoft sql server\MSRS10.SS2K8\Reporting Services\ReportServer\bin\ReportingServicesService.exe [7/10/2008 2:22 AM 1106968]
R3 MSSQLFDLauncher$SS2K8;SQL Full-text Filter Daemon Launcher (SS2K8);c:\microsoft sql server\MSSQL10.SS2K8\MSSQL\Binn\fdlauncher.exe [7/10/2008 1:15 AM 31256]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 3:40 PM 3668480]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [8/5/2009 4:20 PM 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\System32\drivers\VBoxNetFlt.sys [8/5/2009 4:20 PM 99472]
S3 SQLAgent$SS2K8;SQL Server Agent (SS2K8);c:\microsoft sql server\MSSQL10.SS2K8\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 2:49 AM 369688]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 2:49 AM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{76CD70F3-4B8A-4F6E-A372-FCEB4D642C45}.job
- c:\windows\system32\msfeedssync.exe [2008-06-26 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
Trusted Zone: multnomah.or.us\robin.co
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3741081481-2426508949-2978702852-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*3*0*ckHr\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-3741081481-2426508949-2978702852-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*n*@*Yeg™™>y:S\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-3741081481-2426508949-2978702852-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*o*m*™"Yeg™™>y:S\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-3741081481-2426508949-2978702852-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*¤|í‹W[U^]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3741081481-2426508949-2978702852-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*¤|í‹W[U^\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\microsoft sql server\MSSQL10.SS2K8\MSSQL\Binn\fdhost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\msdtc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2009-09-05 13:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-05 20:12
ComboFix2.txt 2008-11-19 04:23
ComboFix3.txt 2008-11-18 06:07

Pre-Run: 2,555,031,552 bytes free
Post-Run: 6,692,548,608 bytes free

256 --- E O F --- 2009-06-22 15:23






DDS (Ver_09-07-30.01) - NTFSx86
Run by master at 15:11:12.70 on Sat 09/05/2009
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1659 [GMT -7:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Microsoft SQL Server\MSAS10.SS2K8\OLAP\bin\msmdsrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
C:\Microsoft SQL Server\MSSQL10.SS2K8\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Microsoft SQL Server\MSRS10.SS2K8\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Microsoft SQL Server\MSSQL10.SS2K8\MSSQL\Binn\fdlauncher.exe
C:\Microsoft SQL Server\MSSQL10.SS2K8\MSSQL\Binn\fdhost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\master\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
{7febefe3-6b19-4349-98d2-ffb09d4b49ca}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [StopMessengerSpam] c:\program files\stopmessengerspam\StopMessengerSpam.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
StartupFolder: c:\users\master\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\morpheus.lnk - c:\program files\morpheus\Morpheus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\VONGOT~1.LNK -
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~3.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: multnomah.or.us\robin.co
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://stoogetv.com/SOPCORE.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll

============= SERVICES / DRIVERS ===============

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-8-16 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-8-16 41424]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2008-11-24 203616]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
R2 MSOLAP$SS2K8;SQL Server Analysis Services (SS2K8);c:\microsoft sql server\msas10.ss2k8\olap\bin\msmdsrv.exe [2008-7-10 21945368]
R2 MSSQL$SS2K8;SQL Server (SS2K8);c:\microsoft sql server\mssql10.ss2k8\mssql\binn\sqlservr.exe [2008-7-10 40999448]
R2 ReportServer$SS2K8;SQL Server Reporting Services (SS2K8);c:\microsoft sql server\msrs10.ss2k8\reporting services\reportserver\bin\ReportingServicesService.exe [2008-7-10 1106968]
R3 MSSQLFDLauncher$SS2K8;SQL Full-text Filter Daemon Launcher (SS2K8);c:\microsoft sql server\mssql10.ss2k8\mssql\binn\fdlauncher.exe [2008-7-10 31256]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-8-5 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-8-5 99472]
S3 SQLAgent$SS2K8;SQL Server Agent (SS2K8);c:\microsoft sql server\mssql10.ss2k8\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

=============== Created Last 30 ================

2009-09-05 13:11 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-05 12:49 230,912 a------- c:\windows\PEV.exe
2009-09-01 20:56 <DIR> --d----- C:\9467e9abe9c02ab9d0bab1c6d4
2009-08-27 18:55 <DIR> --d----- C:\hijackthis_sfx
2009-08-22 12:15 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-08-22 12:14 <DIR> --d----- c:\program files\MSECache
2009-08-18 00:33 <DIR> --d----- c:\windows\system32\WinNTDlls
2009-08-18 00:33 <DIR> --d----- c:\windows\system32\Win98Dlls
2009-08-18 00:33 <DIR> --d----- c:\program files\Microsoft Press Training Kit Exam Prep
2009-08-16 13:55 <DIR> --d----- c:\users\master\.VirtualBox
2009-08-16 13:53 115,856 a------- c:\windows\system32\drivers\VBoxDrv.sys
2009-08-16 13:53 41,424 a------- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-08-16 13:53 <DIR> --d----- c:\program files\Sun
2009-08-11 14:00 <DIR> --d----- c:\programdata\Tencent
2009-08-11 14:00 <DIR> --d----- c:\progra~2\Tencent
2009-08-11 14:00 <DIR> --d----- c:\users\master\appdata\roaming\Tencent
2009-08-11 14:00 <DIR> --d----- C:\Download
2009-08-11 14:00 <DIR> --d----- c:\program files\Tencent
2009-08-11 00:18 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-08-11 00:13 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
2009-08-11 00:13 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2009-08-11 00:13 462,864 a------- c:\windows\system32\d3dx10_37.dll
2009-08-11 00:13 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-08-11 00:12 <DIR> --d----- c:\windows\system32\xlive
2009-08-11 00:12 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-08-10 00:09 <DIR> --d----- c:\windows\system32\directx

==================== Find3M ====================

2009-09-05 14:59 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-05 14:59 51,200 a------- c:\windows\inf\infpub.dat
2009-09-05 13:37 55,302 a------- c:\programdata\nvModes.dat
2009-09-05 13:37 55,302 a------- c:\progra~2\nvModes.dat
2009-08-16 14:01 86,016 a------- c:\windows\inf\infstor.dat
2009-08-05 16:20 133,648 a------- c:\windows\system32\VBoxNetFltNotify.dll
2009-08-05 16:20 99,472 a------- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-08-05 16:20 91,472 a------- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-06-19 01:48 54,318 a------- c:\users\master\appdata\roaming\nvModes.dat
2009-06-16 08:46 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-23 21:53 56 a---h--- c:\programdata\ezsidmv.dat
2009-04-23 21:53 56 a---h--- c:\progra~2\ezsidmv.dat
2008-06-25 20:15 174 a--sh--- c:\program files\desktop.ini
2008-06-09 21:55 691 a------- c:\users\master\appdata\roaming\GetValue.vbs
2008-06-09 21:55 35 a------- c:\users\master\appdata\roaming\SetValue.bat
2008-06-05 18:24 47 a------- c:\users\master\readme.bat
2008-05-24 02:51 262,144 a------- c:\progra~2\ntuser.dat
2008-05-23 00:30 120 a------- c:\program files\Program Files.ini
2008-03-10 14:37 32 a------- c:\programdata\ezsid.dat
2008-03-10 14:37 32 a------- c:\progra~2\ezsid.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2006-03-04 18:47 262,144 a------- c:\program files\unst0_0.exe

============= FINISH: 15:11:32.59 ===============






UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/3/2008 3:43:06 PM
System Uptime: 9/5/2009 1:37:14 PM (2 hours ago)

Motherboard: Quanta | | 30D2
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1667/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 221 GiB total, 7.144 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

µTorrent
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
AdventureWorksDB
Aero SWF.max 1.5.840
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Cards_Calendar_OrderGift_DoMorePlugout
Choice Guard
Combined Community Codec Pack 2008-01-24
DAEMON Tools Toolbar
DivX Codec
Download Accelerator Plus (DAP)
ESU for Microsoft Vista
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Product Detection
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
Intel® Matrix Storage Manager
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 7
Junk Mail filter update
LightScribe System Software 1.10.13.1
LimeWire 4.18.8
LiveUpdate (Symantec Corporation)
Magic ISO Maker v5.4 (build 0256)
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Press Training Kit Exam Prep Suite 70-432
Microsoft Silverlight
Microsoft SQL Server 2000 Reporting Services Standard Edition
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Analysis Services
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Integration Services
Microsoft SQL Server 2005 Notification Services
Microsoft SQL Server 2005 Tools
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Analysis Services
Microsoft SQL Server 2008 BI Development Studio
Microsoft SQL Server 2008 Books Online (August 2008)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Client Tools
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Full text search
Microsoft SQL Server 2008 Integration Services
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 Policies
Microsoft SQL Server 2008 Reporting Services
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft SQL Server Database Publishing Wizard 1.1
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Services for ADO.NET v2.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft XML Parser
MobileMe Control Panel
Motorola SM56 Speakerphone Modem
Move Networks Media Player for Internet Explorer
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.1
Nero 8 Trial
neroxml
NVIDIA Drivers
Oracle DBA Complete Video Course
Power2Go
PSSWCORE
QuickPlay SlingPlayer 0.4.4
QuickTime
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Service Pack 2 for SQL Server Analysis Services 2005 ENU (KB921896)
Service Pack 2 for SQL Server Database Services 2005 ENU (KB921896)
Service Pack 2 for SQL Server Integration Services 2005 ENU (KB921896)
Service Pack 2 for SQL Server Notification Services 2005 ENU (KB921896)
Service Pack 2 for SQL Server Tools and Workstation Components 2005 ENU (KB921896)
Slingbox Flash Tour
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SQLXML4
Starcraft
Stop Messenger Spam 1.0
Sun xVM VirtualBox
SupportSoft Assisted Service
Synaptics Pointing Device Driver
uCeritify M70-444 - Optimizing and Maintaing a Database Administration Solution Using Microsoft SQL Server 2005
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb970012)
VCRedistSetup
VideoToolkit01
Viewpoint Media Player
Visual CertExam Suite 1.9
VobSub v2.23 (Remove Only)
WeatherBug Gadget
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

9/5/2009 8:30:10 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.15.3 for the Network Card with network address 001B24F99180 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
9/5/2009 8:27:50 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001B24F99180 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
9/5/2009 2:30:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.
9/5/2009 2:15:58 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
9/5/2009 12:49:43 PM, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
9/5/2009 1:38:13 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001DE0401989 has been denied by the DHCP server 169.254.122.188 (The DHCP Server sent a DHCPNACK message).
9/5/2009 1:21:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
9/5/2009 1:04:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
9/5/2009 1:04:32 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/5/2009 1:04:19 PM, Error: Service Control Manager [7022] - The QuickPlay Background Capture Service (QBCS) service hung on starting.
9/5/2009 1:04:19 PM, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
9/5/2009 1:03:22 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/4/2009 11:24:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user master-PC\master SID (S-1-5-21-3741081481-2426508949-2978702852-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/4/2009 11:24:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {682159D9-C321-47CA-B3F1-30E36B2EC8B9} to the user master-PC\master SID (S-1-5-21-3741081481-2426508949-2978702852-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/30/2009 10:31:07 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001DE0401989 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/30/2009 10:30:34 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001B24F99180. The following error occurred: Element not found.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

==== End Of File ===========================
escaleraroyal is offline  
Sponsored Links
Advertisement
 
Old 09-05-2009, 03:50 PM   #4
Security Team
Analyst
 
Join Date: Jun 2008
Location: Finland
Posts: 1,454
OS: Win7 64-bit, Win8.1 64-bit



Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

Code:
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Get update 8.1.6 for Adobe Reader here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall your current Adobe shockwave player and get the fresh one here if needed.

Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Still issues left?
Blade81 is offline  
Old 09-05-2009, 05:29 PM   #5
Registered Member
 
Join Date: Nov 2007
Posts: 26
OS: p4



Seems like Kaspersky Online Scanner doesn't work on my PC. It shows this msg:
"Launch of a Java application is interrupted please established an uninterrupted internet connection for work for this program".

Another issue I have is. I deleted my recycle Bin from the desktop. Do you know how to get it back on Windows VISTA?



ComboFix 09-09-05.02 - master 09/05/2009 16:33.7.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1736 [GMT -7:00]
Running from: c:\users\master\Desktop\ComboFix.exe
Command switches used :: c:\users\master\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-09-05 23:39 . 2009-09-05 23:39 -------- d-----w- c:\users\master\AppData\Local\temp
2009-09-05 23:39 . 2009-09-05 23:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-05 23:39 . 2009-09-05 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-05 23:12 . 2009-09-05 23:12 -------- d-----w- C:\Rar$DR01.074
2009-09-02 03:56 . 2009-09-02 04:18 -------- d-----w- C:\9467e9abe9c02ab9d0bab1c6d4
2009-08-28 01:55 . 2009-08-28 02:21 -------- d-----w- C:\hijackthis_sfx
2009-08-22 19:15 . 2009-08-22 19:15 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-08-22 19:14 . 2009-08-22 19:14 -------- d-----w- c:\program files\MSECache
2009-08-18 07:33 . 2009-08-18 07:33 -------- d-----w- c:\windows\system32\WinNTDlls
2009-08-18 07:33 . 2009-08-18 07:33 -------- d-----w- c:\program files\Microsoft Press Training Kit Exam Prep
2009-08-18 07:33 . 2009-08-18 07:33 -------- d-----w- c:\windows\system32\Win98Dlls
2009-08-16 20:55 . 2009-08-16 20:58 -------- d-----w- c:\users\master\.VirtualBox
2009-08-16 20:53 . 2009-08-05 23:19 115856 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-08-16 20:53 . 2009-08-05 23:21 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-08-16 20:53 . 2009-08-16 20:53 -------- d-----w- c:\program files\Sun
2009-08-11 21:00 . 2009-08-11 21:10 -------- d-----w- c:\programdata\Tencent
2009-08-11 21:00 . 2009-08-11 21:00 -------- d-----w- c:\users\master\AppData\Roaming\Tencent
2009-08-11 21:00 . 2009-08-11 21:00 -------- d-----w- C:\Download
2009-08-11 21:00 . 2009-08-16 08:36 -------- d-----w- c:\program files\Tencent
2009-08-11 07:13 . 2008-03-05 22:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-08-11 07:13 . 2008-03-05 22:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-08-11 07:13 . 2008-02-06 06:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-08-11 07:13 . 2007-04-05 01:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-08-11 07:12 . 2009-08-11 07:13 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-08-11 07:12 . 2009-08-11 07:12 -------- d-----w- c:\windows\system32\xlive
2009-08-10 07:04 . 2009-08-10 07:04 -------- d-----w- c:\users\master\AppData\Local\CAPCOM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 23:14 . 2008-01-30 22:31 -------- d-----w- c:\users\master\AppData\Roaming\uTorrent
2009-09-05 22:18 . 2009-01-02 09:43 -------- d-----w- c:\users\master\AppData\Roaming\LimeWire
2009-09-05 20:37 . 2009-06-19 09:21 55302 ----a-w- c:\programdata\nvModes.dat
2009-09-02 04:17 . 2007-11-26 05:02 -------- d-----w- c:\programdata\Microsoft Help
2009-09-02 04:12 . 2008-02-15 04:47 -------- d-----w- c:\program files\Microsoft SQL Server
2009-08-30 00:59 . 2008-09-28 19:53 -------- d-----w- c:\program files\Starcraft
2009-08-18 09:53 . 2008-01-29 00:14 -------- d-----w- c:\program files\Real
2009-08-18 09:43 . 2008-01-20 21:08 94392 ----a-w- c:\users\master\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-05 23:20 . 2009-08-05 23:20 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2009-08-05 23:20 . 2009-08-05 23:20 99472 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-08-05 23:20 . 2009-08-05 23:20 91472 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-08-01 03:10 . 2008-05-08 04:16 -------- d-----w- c:\program files\Common Files\Intuit
2009-08-01 03:04 . 2008-01-20 21:00 -------- d-----w- c:\program files\Electronic Arts
2009-06-19 08:48 . 2008-02-10 21:24 54318 ----a-w- c:\users\master\AppData\Roaming\nvModes.dat
2008-05-23 07:30 . 2008-05-23 07:30 120 ----a-w- c:\program files\Program Files.ini
2006-03-05 01:47 . 2008-05-23 07:30 262144 ----a-w- c:\program files\unst0_0.exe
.

((((((((((((((((((((((((((((( [email protected]_20.04.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-26 03:18 . 2009-09-05 20:06 68532 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-05 20:07 94010 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-20 20:58 . 2009-09-05 20:07 17854 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3741081481-2426508949-2978702852-1000_UserData.bin
- 2008-01-20 20:53 . 2009-09-05 15:38 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-20 20:53 . 2009-09-05 23:07 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-20 20:53 . 2009-09-05 15:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-20 20:53 . 2009-09-05 23:07 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-20 20:53 . 2009-09-05 23:07 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-20 20:53 . 2009-09-05 15:38 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:25 . 2009-09-05 21:59 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-09-02 03:17 51200 c:\windows\inf\infpub.dat
+ 2009-09-05 21:06 . 2009-09-05 21:06 9560 c:\windows\System32\networklist\icons\{E622981C-52A8-4B8E-8F91-6225ED6BE6E7}_48.bin
+ 2009-09-05 21:06 . 2009-09-05 21:06 4280 c:\windows\System32\networklist\icons\{E622981C-52A8-4B8E-8F91-6225ED6BE6E7}_32.bin
+ 2009-09-05 21:06 . 2009-09-05 21:06 2456 c:\windows\System32\networklist\icons\{E622981C-52A8-4B8E-8F91-6225ED6BE6E7}_24.bin
+ 2008-06-30 02:06 . 2009-09-05 21:59 443626 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:25 . 2009-09-02 03:17 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-09-05 21:59 143360 c:\windows\inf\infstrng.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-14 1688872]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"CollaborationHost"="c:\windows\system32\p2phost.exe" [2008-01-19 192000]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-17 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"StopMessengerSpam"="c:\program files\StopMessengerSpam\StopMessengerSpam.exe" [2002-12-19 77824]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-12-04 711200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-10 4390912]

c:\users\master\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-9-18 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):03,c0,a2,33,9b,ee,c9,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3741081481-2426508949-2978702852-1000]
"EnableNotificationsRef"=dword:00000003

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{334D7D46-1D66-4022-9908-87E1DE0A7302}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BB94DB1A-C77D-4DCA-92AD-54C57CE00BEE}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{7B7D14B1-C7CA-4E65-A56B-B4E6D0B1FF4B}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{547192FF-6A40-4864-9D00-AFECDB174310}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{391B6388-EF39-4888-80F0-848D80BEDBAC}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F03776F8-FA59-4F49-A87C-38E4C8EA9856}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{83C3586C-66B5-4931-BFDD-44D97CCBE7FF}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A6CFE4D9-FAAA-4D67-8343-52AB596F832C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6D6961DD-C4B6-43A5-B491-02833B8DDE6C}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{71D445E7-CC7B-40AE-A284-BF369619EC17}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{DE6BA1DD-B26C-4F07-9247-FF66F67243BE}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{0D722815-130E-42DC-9D69-D49FDF1DF5C9}c:\\users\\master\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\msnmsgr.exe"= UDP:c:\users\master\appdata\roaming\microsoft\internet explorer\quick launch\msnmsgr.exe:msnmsgr.exe
"UDP Query User{F00770E8-9806-4594-A2F9-39237B555435}c:\\users\\master\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\msnmsgr.exe"= TCP:c:\users\master\appdata\roaming\microsoft\internet explorer\quick launch\msnmsgr.exe:msnmsgr.exe
"TCP Query User{25C6FF2B-6525-48CC-BEFF-5283AD96B805}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5807F3F5-72EC-441E-BD1A-9C36A4D731CE}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{38B327DA-1E90-472A-BEE7-4FCB825A76B8}"= UDP:c:\program files\Morpheus\Morpheus.exe:Morpheus
"{B45AB972-1D01-40D5-B0A9-FFC49A4CCE7E}"= TCP:c:\program files\Morpheus\Morpheus.exe:Morpheus
"{DD25CB20-12E3-4827-BA7B-475749153F42}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{15366C86-6017-4C5F-A2A8-2D49D7DD3DD9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{40EB1EEF-BEF9-4B12-8D2B-29181854D2BA}"= UDP:c:\program files\thunder network\thunder\Program\Thunder5.exe:Thunder
"{9EE0536C-810C-427E-B9BC-54040D0B23C0}"= TCP:c:\program files\thunder network\thunder\Program\Thunder5.exe:Thunder
"{D81B5118-C8A2-4536-91D5-2D7123013368}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{085B9DC8-7E3F-4974-B4E1-7E589D76AC90}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\PPStream\\PPStream.exe"= c:\program files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ
"c:\\Program Files\\PPStream\\PPSAP.exe"= c:\program files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷

R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [8/16/2009 1:53 PM 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [8/16/2009 1:53 PM 41424]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [11/24/2008 11:26 PM 203616]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [7/10/2008 1:22 AM 218136]
R2 MSOLAP$SS2K8;SQL Server Analysis Services (SS2K8);c:\microsoft sql server\MSAS10.SS2K8\OLAP\bin\msmdsrv.exe [7/10/2008 1:22 AM 21945368]
R2 MSSQL$SS2K8;SQL Server (SS2K8);c:\microsoft sql server\MSSQL10.SS2K8\MSSQL\Binn\sqlservr.exe [7/10/2008 2:49 AM 40999448]
R2 ReportServer$SS2K8;SQL Server Reporting Services (SS2K8);c:\microsoft sql server\MSRS10.SS2K8\Reporting Services\ReportServer\bin\ReportingServicesService.exe [7/10/2008 2:22 AM 1106968]
R3 MSSQLFDLauncher$SS2K8;SQL Full-text Filter Daemon Launcher (SS2K8);c:\microsoft sql server\MSSQL10.SS2K8\MSSQL\Binn\fdlauncher.exe [7/10/2008 1:15 AM 31256]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 3:40 PM 3668480]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [8/5/2009 4:20 PM 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\System32\drivers\VBoxNetFlt.sys [8/5/2009 4:20 PM 99472]
S3 SQLAgent$SS2K8;SQL Server Agent (SS2K8);c:\microsoft sql server\MSSQL10.SS2K8\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 2:49 AM 369688]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 2:49 AM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{76CD70F3-4B8A-4F6E-A372-FCEB4D642C45}.job
- c:\windows\system32\msfeedssync.exe [2008-06-26 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
Trusted Zone: multnomah.or.us\robin.co
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-09-05 16:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\master\AppData\Local\Temp\catchme.dll 53248 bytes executable


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3741081481-2426508949-2978702852-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*3*0*ckHr\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-3741081481-2426508949-2978702852-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*n*@*Yeg™™>y:S\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-3741081481-2426508949-2978702852-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*o*m*™"Yeg™™>y:S\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-3741081481-2426508949-2978702852-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*¤|í‹W[U^]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3741081481-2426508949-2978702852-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*¤|í‹W[U^\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-05 16:44
ComboFix-quarantined-files.txt 2009-09-05 23:42
ComboFix2.txt 2009-09-05 20:13
ComboFix3.txt 2008-11-19 04:23
ComboFix4.txt 2008-11-18 06:07

Pre-Run: 7,300,775,936 bytes free
Post-Run: 7,179,952,128 bytes free

230 --- E O F --- 2009-06-22 15:23







DDS (Ver_09-07-30.01) - NTFSx86
Run by master at 17:27:26.59 on Sat 09/05/2009
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1508 [GMT -7:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Microsoft SQL Server\MSAS10.SS2K8\OLAP\bin\msmdsrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
C:\Microsoft SQL Server\MSSQL10.SS2K8\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Microsoft SQL Server\MSRS10.SS2K8\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Microsoft SQL Server\MSSQL10.SS2K8\MSSQL\Binn\fdlauncher.exe
C:\Microsoft SQL Server\MSSQL10.SS2K8\MSSQL\Binn\fdhost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\p2phost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\master\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
{7febefe3-6b19-4349-98d2-ffb09d4b49ca}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [StopMessengerSpam] c:\program files\stopmessengerspam\StopMessengerSpam.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\master\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\morpheus.lnk - c:\program files\morpheus\Morpheus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\VONGOT~1.LNK -
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: multnomah.or.us\robin.co
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://stoogetv.com/SOPCORE.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll

============= SERVICES / DRIVERS ===============

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-8-16 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-8-16 41424]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2008-11-24 203616]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
R2 MSOLAP$SS2K8;SQL Server Analysis Services (SS2K8);c:\microsoft sql server\msas10.ss2k8\olap\bin\msmdsrv.exe [2008-7-10 21945368]
R2 MSSQL$SS2K8;SQL Server (SS2K8);c:\microsoft sql server\mssql10.ss2k8\mssql\binn\sqlservr.exe [2008-7-10 40999448]
R2 ReportServer$SS2K8;SQL Server Reporting Services (SS2K8);c:\microsoft sql server\msrs10.ss2k8\reporting services\reportserver\bin\ReportingServicesService.exe [2008-7-10 1106968]
R3 MSSQLFDLauncher$SS2K8;SQL Full-text Filter Daemon Launcher (SS2K8);c:\microsoft sql server\mssql10.ss2k8\mssql\binn\fdlauncher.exe [2008-7-10 31256]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-8-5 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-8-5 99472]
S3 SQLAgent$SS2K8;SQL Server Agent (SS2K8);c:\microsoft sql server\mssql10.ss2k8\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

=============== Created Last 30 ================

2009-09-05 17:09 <DIR> --d----- c:\windows\system32\Adobe
2009-09-05 17:04 <DIR> --d----- c:\users\master\appdata\roaming\Foxit
2009-09-05 17:04 <DIR> --d----- c:\program files\Foxit Software
2009-09-05 16:41 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-05 16:12 <DIR> --d----- C:\Rar$DR01.074
2009-09-05 12:49 230,912 a------- c:\windows\PEV.exe
2009-09-01 20:56 <DIR> --d----- C:\9467e9abe9c02ab9d0bab1c6d4
2009-08-27 18:55 <DIR> --d----- C:\hijackthis_sfx
2009-08-22 12:15 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-08-22 12:14 <DIR> --d----- c:\program files\MSECache
2009-08-18 00:33 <DIR> --d----- c:\windows\system32\WinNTDlls
2009-08-18 00:33 <DIR> --d----- c:\windows\system32\Win98Dlls
2009-08-18 00:33 <DIR> --d----- c:\program files\Microsoft Press Training Kit Exam Prep
2009-08-16 13:55 <DIR> --d----- c:\users\master\.VirtualBox
2009-08-16 13:53 115,856 a------- c:\windows\system32\drivers\VBoxDrv.sys
2009-08-16 13:53 41,424 a------- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-08-16 13:53 <DIR> --d----- c:\program files\Sun
2009-08-11 14:00 <DIR> --d----- c:\programdata\Tencent
2009-08-11 14:00 <DIR> --d----- c:\progra~2\Tencent
2009-08-11 14:00 <DIR> --d----- c:\users\master\appdata\roaming\Tencent
2009-08-11 14:00 <DIR> --d----- C:\Download
2009-08-11 14:00 <DIR> --d----- c:\program files\Tencent
2009-08-11 00:18 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-08-11 00:13 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
2009-08-11 00:13 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2009-08-11 00:13 462,864 a------- c:\windows\system32\d3dx10_37.dll
2009-08-11 00:13 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-08-11 00:12 <DIR> --d----- c:\windows\system32\xlive
2009-08-11 00:12 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-08-10 00:09 <DIR> --d----- c:\windows\system32\directx

==================== Find3M ====================

2009-09-05 17:22 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-05 14:59 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-05 14:59 51,200 a------- c:\windows\inf\infpub.dat
2009-09-05 13:37 55,302 a------- c:\programdata\nvModes.dat
2009-09-05 13:37 55,302 a------- c:\progra~2\nvModes.dat
2009-08-16 14:01 86,016 a------- c:\windows\inf\infstor.dat
2009-08-05 16:20 133,648 a------- c:\windows\system32\VBoxNetFltNotify.dll
2009-08-05 16:20 99,472 a------- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-08-05 16:20 91,472 a------- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-06-19 01:48 54,318 a------- c:\users\master\appdata\roaming\nvModes.dat
2009-06-16 08:46 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-23 21:53 56 a---h--- c:\programdata\ezsidmv.dat
2009-04-23 21:53 56 a---h--- c:\progra~2\ezsidmv.dat
2008-06-25 20:15 174 a--sh--- c:\program files\desktop.ini
2008-06-09 21:55 691 a------- c:\users\master\appdata\roaming\GetValue.vbs
2008-06-09 21:55 35 a------- c:\users\master\appdata\roaming\SetValue.bat
2008-06-05 18:24 47 a------- c:\users\master\readme.bat
2008-05-24 02:51 262,144 a------- c:\progra~2\ntuser.dat
2008-05-23 00:30 120 a------- c:\program files\Program Files.ini
2008-03-10 14:37 32 a------- c:\programdata\ezsid.dat
2008-03-10 14:37 32 a------- c:\progra~2\ezsid.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2006-03-04 18:47 262,144 a------- c:\program files\unst0_0.exe

============= FINISH: 17:27:46.15 ===============







UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/3/2008 3:43:06 PM
System Uptime: 9/5/2009 1:37:14 PM (4 hours ago)

Motherboard: Quanta | | 30D2
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1667/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 221 GiB total, 5.772 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP795: 9/5/2009 4:31:42 PM - ComboFix created restore point
RP796: 9/5/2009 5:05:33 PM - Removed Adobe Reader 8.1.2
RP797: 9/5/2009 5:10:55 PM - Removed Java(TM) 6 Update 2
RP798: 9/5/2009 5:11:47 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP799: 9/5/2009 5:12:24 PM - Removed Java(TM) 6 Update 7
RP800: 9/5/2009 5:21:53 PM - Installed Java(TM) 6 Update 16

==== Installed Programs ======================

µTorrent
Activation Assistant for the 2007 Microsoft Office suites
Adobe Shockwave Player
Adobe Shockwave Player 11.5
AdventureWorksDB
Aero SWF.max 1.5.840
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Cards_Calendar_OrderGift_DoMorePlugout
Choice Guard
Combined Community Codec Pack 2008-01-24
DAEMON Tools Toolbar
DivX Codec
Download Accelerator Plus (DAP)
ESU for Microsoft Vista
Foxit Reader
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Product Detection
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
Intel® Matrix Storage Manager
IrfanView (remove only)
Java(TM) 6 Update 16
Junk Mail filter update
LightScribe System Software 1.10.13.1
LimeWire 4.18.8
LiveUpdate (Symantec Corporation)
Magic ISO Maker v5.4 (build 0256)
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Press Training Kit Exam Prep Suite 70-432
Microsoft Silverlight
Microsoft SQL Server 2000 Reporting Services Standard Edition
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Analysis Services
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Integration Services
Microsoft SQL Server 2005 Notification Services
Microsoft SQL Server 2005 Tools
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Analysis Services
Microsoft SQL Server 2008 BI Development Studio
Microsoft SQL Server 2008 Books Online (August 2008)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Client Tools
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Full text search
Microsoft SQL Server 2008 Integration Services
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 Policies
Microsoft SQL Server 2008 Reporting Services
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft SQL Server Database Publishing Wizard 1.1
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Services for ADO.NET v2.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft XML Parser
MobileMe Control Panel
Motorola SM56 Speakerphone Modem
Move Networks Media Player for Internet Explorer
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.1
Nero 8 Trial
neroxml
NVIDIA Drivers
Oracle DBA Complete Video Course
Power2Go
PSSWCORE
QuickPlay SlingPlayer 0.4.4
QuickTime
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Service Pack 2 for SQL Server Analysis Services 2005 ENU (KB921896)
Service Pack 2 for SQL Server Database Services 2005 ENU (KB921896)
Service Pack 2 for SQL Server Integration Services 2005 ENU (KB921896)
Service Pack 2 for SQL Server Notification Services 2005 ENU (KB921896)
Service Pack 2 for SQL Server Tools and Workstation Components 2005 ENU (KB921896)
Slingbox Flash Tour
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SQLXML4
Starcraft
Stop Messenger Spam 1.0
Sun xVM VirtualBox
SupportSoft Assisted Service
Synaptics Pointing Device Driver
uCeritify M70-444 - Optimizing and Maintaing a Database Administration Solution Using Microsoft SQL Server 2005
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb970012)
VCRedistSetup
VideoToolkit01
Viewpoint Media Player
Visual CertExam Suite 1.9
VobSub v2.23 (Remove Only)
WeatherBug Gadget
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

9/5/2009 8:30:10 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.15.3 for the Network Card with network address 001B24F99180 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
9/5/2009 8:27:50 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001B24F99180 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
9/5/2009 5:24:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.
9/5/2009 523 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
9/5/2009 523 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/5/2009 523 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/5/2009 4:39:51 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/5/2009 4:39:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
9/5/2009 4:32:18 PM, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
9/5/2009 2:15:58 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
9/5/2009 1:38:13 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001DE0401989 has been denied by the DHCP server 169.254.122.188 (The DHCP Server sent a DHCPNACK message).
9/5/2009 1:21:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
9/5/2009 1:04:19 PM, Error: Service Control Manager [7022] - The QuickPlay Background Capture Service (QBCS) service hung on starting.
9/5/2009 1:04:19 PM, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
9/5/2009 1:03:22 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/4/2009 11:24:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user master-PC\master SID (S-1-5-21-3741081481-2426508949-2978702852-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/4/2009 11:24:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {682159D9-C321-47CA-B3F1-30E36B2EC8B9} to the user master-PC\master SID (S-1-5-21-3741081481-2426508949-2978702852-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/30/2009 10:31:07 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001DE0401989 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/30/2009 10:30:34 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001B24F99180. The following error occurred: Element not found.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

==== End Of File ===========================
escaleraroyal is offline  
Old 09-06-2009, 02:20 AM   #6
Security Team
Analyst
 
Join Date: Jun 2008
Location: Finland
Posts: 1,454
OS: Win7 64-bit, Win8.1 64-bit



Hi,

Quote:
Another issue I have is. I deleted my recycle Bin from the desktop. Do you know how to get it back on Windows VISTA?
Right click on the desktop then click Personalize, once there look to the left pane near the top and click Change Desktop Icons, this is where you choose which icons you want to appear on your desktop.


Uninstall Adobe Shockwave Player (leave that 11.5 installed)

Let's replace Kaspersky online scanner with ESET.
* Go here to run an online scanner from ESET.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a new dds.txt log & a description of any remaining problems
Blade81 is offline  
Old 09-06-2009, 11:04 AM   #7
Registered Member
 
Join Date: Nov 2007
Posts: 26
OS: p4



The control panel uninstall program doesn't have Adobe Shockwave Player . I can only see Adobe Flash player 10 activex and adobe shockwave player 11.5 installed.

Another issue is my internet search speed is slower now after I used Combofix.

This file does not exisits, cannot open C:\Program Files\EsetOnlineScanner\log.txt The only log file i found in the ESET folder is:




[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK


-------------------------------------------------------------------------------------


then i found a list of found threat and exported to text file:

C:\Program Files\Morpheus\morpheustoolbar.exe Win32/Toolbar.AskSBar application
C:\Qoobox\Quarantine\C\RECYCLER\S-1-5-21-8355284605-1995916263-947694572-8816\rundll32.exe.vir a variant of Win32/Injector.UH trojan
C:\Users\master\AppData\Local\VirtualStore\Windows\System32\phc5qtj0e7nr.bmp Win32/TrojanDownloader.FakeAlert.GS trojan
C:\Users\master\AppData\Local\VirtualStore\Windows\System32\winvax32.rom probably a variant of Win32/TrojanDownloader.Agent trojan
C:\Users\master\Desktop\app\Nero-8.2.8.0_eng_trial.exe Win32/Toolbar.AskSBar application
C:\Users\master\Desktop\PROM\mp3_x\KungFuWhores - Tia Tanaka.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\mp3_x\my-first-creampie.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\mp3_x\TryTeens - Liliane.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\SSIS\AmirNetz_Demo.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\SSIS\DonaldFarmer_Demo.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\SSIS\KamalHathi_Demo.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\SSIS\RSAuthoringDemo.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\SSIS\sql_07.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E01\COME-KVIP-201-EP.clip01.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E01\COME-KVIP-201-EP.clip02.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E01\COME-KVIP-201-EP.clip03.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E01\COME-KVIP-201-EP.clip04.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E06\COME-KVIP-206-EP.clip01.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E06\COME-KVIP-206-EP.clip02.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E06\COME-KVIP-206-EP.clip03.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E06\COME-KVIP-206-EP.clip04.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E07\COME-KVIP-207-EP.clip01.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E07\COME-KVIP-207-EP.clip02.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E07\COME-KVIP-207-EP.clip03.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E07\COME-KVIP-207-EP.clip04.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E08\COME-KVIP-208-EP.clip01.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E08\COME-KVIP-208-EP.clip02.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E08\COME-KVIP-208-EP.clip03.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E08\COME-KVIP-208-EP.clip04.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E11\COME-KVIP-211-EP.clip01.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E11\COME-KVIP-211-EP.clip02.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E11\COME-KVIP-211-EP.clip03.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E11\COME-KVIP-211-EP.clip04.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E13\COME-KVIP-213-EP.clip01.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E13\COME-KVIP-213-EP.clip02.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E13\COME-KVIP-213-EP.clip03.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\PROM\[??][A??][????][01-32][TVRIP-RMVB]\Keys to the VIP Season 2 Complete\Keys to the VIP - S02E13\COME-KVIP-213-EP.clip04.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 10 DISTRIBUTED QUERIES (18 min)\2. Executing Distributed Queries.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 12 T-SQL & STORED PROCEDURES (68 min)\0. Introduction.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 12 T-SQL & STORED PROCEDURES (68 min)\1. Introducing T-SQL.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 12 T-SQL & STORED PROCEDURES (68 min)\10. Working with a Cursor.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 12 T-SQL & STORED PROCEDURES (68 min)\11. Handling Errors.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 12 T-SQL & STORED PROCEDURES (68 min)\12. Explaining the Raise Error.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 12 T-SQL & STORED PROCEDURES (68 min)\13. Controlling Transactions.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 12 T-SQL & STORED PROCEDURES (68 min)\2. Working with Variables.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 12 T-SQL & STORED PROCEDURES (68 min)\3. Controlling Procedural Flow.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 12 T-SQL & STORED PROCEDURES (68 min)\4. Examining SQL Server with Code.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 12 T-SQL & STORED PROCEDURES (68 min)\5. Using Temp Tables.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 12 T-SQL & STORED PROCEDURES (68 min)\6. Developing Dynamic SQL.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 12 T-SQL & STORED PROCEDURES (68 min)\7. Introducing Stored Procedures.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 12 T-SQL & STORED PROCEDURES (68 min)\8. Passing Parameters.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 12 T-SQL & STORED PROCEDURES (68 min)\9. Returning Parameters.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 13 TRIGGERS & AUDIT TRAILS (31 min)\0. Introduction.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 13 TRIGGERS & AUDIT TRAILS (31 min)\1. Introducing After Triggers.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 13 TRIGGERS & AUDIT TRAILS (31 min)\2. Using Instead of Trigger.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 13 TRIGGERS & AUDIT TRAILS (31 min)\3. Disabling Triggers.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 13 TRIGGERS & AUDIT TRAILS (31 min)\4. Using the Update ( ) Function.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 13 TRIGGERS & AUDIT TRAILS (31 min)\5. Selecting Transaction Data.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 13 TRIGGERS & AUDIT TRAILS (31 min)\6. Nesting & Recursion.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 13 TRIGGERS & AUDIT TRAILS (31 min)\7. Enforcing Complex RI.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 13 TRIGGERS & AUDIT TRAILS (31 min)\8. Auditing Data Changes.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 14 USER-DEFINED FUNCTIONS (27 min)\0. Introduction.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 14 USER-DEFINED FUNCTIONS (27 min)\1. Creating Scalar Functions.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 14 USER-DEFINED FUNCTIONS (27 min)\2. Working with Inline Table-Valued Functions.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 14 USER-DEFINED FUNCTIONS (27 min)\3. Using Multi-Statement Table-Valued UDFs.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 14 USER-DEFINED FUNCTIONS (27 min)\4. Navigating a Hierarchy.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 14 USER-DEFINED FUNCTIONS (27 min)\5. Having Fun with Apply.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 14 USER-DEFINED FUNCTIONS (27 min)\6. Exploring Functions in Nordic.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 15 INDEXING FOR PERFORMANCE (31 min)\0. Introduction.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 15 INDEXING FOR PERFORMANCE (31 min)\1. Introducing Indexes.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 15 INDEXING FOR PERFORMANCE (31 min)\2. Creating Indexes.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 15 INDEXING FOR PERFORMANCE (31 min)\3. Examinging Query Execution Plans, Pt. 1.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 15 INDEXING FOR PERFORMANCE (31 min)\4. Examinging Query Execution Plans, Pt. 2.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 16 TRANSACTIONS, LOCKING & BLOCKING (33 min)\0 Introduction.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 16 TRANSACTIONS, LOCKING & BLOCKING (33 min)\1. Introducing ACID.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 16 TRANSACTIONS, LOCKING & BLOCKING (33 min)\3. Stepping through a Transaction.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 16 TRANSACTIONS, LOCKING & BLOCKING (33 min)\4. Exploring Locks.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 17 INTRODUCTION TO OPTIMIZATION THEORY (21 min)\0. Introduction.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 4 WORKING WITH SINGLE TABLE QUERIES(42 min)\1. Understanding Query Flow.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 4 WORKING WITH SINGLE TABLE QUERIES(42 min)\10. Sorting Data.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 4 WORKING WITH SINGLE TABLE QUERIES(42 min)\11. Topping Off the Query with Predicates.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 4 WORKING WITH SINGLE TABLE QUERIES(42 min)\2. Filtering Data with the Where Clause.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 4 WORKING WITH SINGLE TABLE QUERIES(42 min)\3. Columns, Expressions & Scalar Functions.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 4 WORKING WITH SINGLE TABLE QUERIES(42 min)\4. Using Case Expressions.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 4 WORKING WITH SINGLE TABLE QUERIES(42 min)\5. Working with Nulls & Coalesce.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 4 WORKING WITH SINGLE TABLE QUERIES(42 min)\6. Selecting Environment Functions.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 4 WORKING WITH SINGLE TABLE QUERIES(42 min)\7. Working with Dates & Times.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 4 WORKING WITH SINGLE TABLE QUERIES(42 min)\8. Parsing Strings.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\master\Desktop\TOTAL.TRAINING.ONLINE.MICROSOFT.SQL.SERVER.DEVELOPMENT-HELL\Lesson 4 WORKING WITH SINGLE TABLE QUERIES(42 min)\9. Converting Data.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Public\Videos\Sample Videos\Bear.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Public\Videos\Sample Videos\Butterfly.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Users\Public\Videos\Sample Videos\Lake.wmv a variant of WMA/TrojanDownloader.GetCodec.gen trojan






DDS (Ver_09-07-30.01) - NTFSx86
Run by master at 11:03:05.82 on Sun 09/06/2009
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1043 [GMT -7:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\p2phost.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Microsoft SQL Server\MSAS10.SS2K8\OLAP\bin\msmdsrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
C:\Microsoft SQL Server\MSSQL10.SS2K8\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Microsoft SQL Server\MSRS10.SS2K8\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Microsoft SQL Server\MSSQL10.SS2K8\MSSQL\Binn\fdlauncher.exe
C:\Microsoft SQL Server\MSSQL10.SS2K8\MSSQL\Binn\fdhost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\master\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
{7febefe3-6b19-4349-98d2-ffb09d4b49ca}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [StopMessengerSpam] c:\program files\stopmessengerspam\StopMessengerSpam.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\master\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\morpheus.lnk - c:\program files\morpheus\Morpheus.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\VONGOT~1.LNK -
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: multnomah.or.us\robin.co
DPF: {00000130-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/ACELPACM.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://stoogetv.com/SOPCORE.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\dap\dapie.dll

============= SERVICES / DRIVERS ===============

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-8-16 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-8-16 41424]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2008-11-24 203616]
R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
R2 MSOLAP$SS2K8;SQL Server Analysis Services (SS2K8);c:\microsoft sql server\msas10.ss2k8\olap\bin\msmdsrv.exe [2008-7-10 21945368]
R2 MSSQL$SS2K8;SQL Server (SS2K8);c:\microsoft sql server\mssql10.ss2k8\mssql\binn\sqlservr.exe [2008-7-10 40999448]
R2 ReportServer$SS2K8;SQL Server Reporting Services (SS2K8);c:\microsoft sql server\msrs10.ss2k8\reporting services\reportserver\bin\ReportingServicesService.exe [2008-7-10 1106968]
R3 MSSQLFDLauncher$SS2K8;SQL Full-text Filter Daemon Launcher (SS2K8);c:\microsoft sql server\mssql10.ss2k8\mssql\binn\fdlauncher.exe [2008-7-10 31256]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-8-5 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-8-5 99472]
S3 SQLAgent$SS2K8;SQL Server Agent (SS2K8);c:\microsoft sql server\mssql10.ss2k8\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

=============== Created Last 30 ================

2009-09-06 09:31 <DIR> --d----- c:\program files\ESET
2009-09-05 17:09 <DIR> --d----- c:\windows\system32\Adobe
2009-09-05 17:04 <DIR> --d----- c:\users\master\appdata\roaming\Foxit
2009-09-05 17:04 <DIR> --d----- c:\program files\Foxit Software
2009-09-05 16:41 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-05 12:49 230,912 a------- c:\windows\PEV.exe
2009-09-01 20:56 <DIR> --d----- C:\9467e9abe9c02ab9d0bab1c6d4
2009-08-27 18:55 <DIR> --d----- C:\hijackthis_sfx
2009-08-22 12:15 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-08-22 12:14 <DIR> --d----- c:\program files\MSECache
2009-08-18 00:33 <DIR> --d----- c:\windows\system32\WinNTDlls
2009-08-18 00:33 <DIR> --d----- c:\windows\system32\Win98Dlls
2009-08-18 00:33 <DIR> --d----- c:\program files\Microsoft Press Training Kit Exam Prep
2009-08-16 13:55 <DIR> --d----- c:\users\master\.VirtualBox
2009-08-16 13:53 115,856 a------- c:\windows\system32\drivers\VBoxDrv.sys
2009-08-16 13:53 41,424 a------- c:\windows\system32\drivers\VBoxUSBMon.sys
2009-08-16 13:53 <DIR> --d----- c:\program files\Sun
2009-08-11 14:00 <DIR> --d----- c:\programdata\Tencent
2009-08-11 14:00 <DIR> --d----- c:\progra~2\Tencent
2009-08-11 14:00 <DIR> --d----- c:\users\master\appdata\roaming\Tencent
2009-08-11 14:00 <DIR> --d----- C:\Download
2009-08-11 14:00 <DIR> --d----- c:\program files\Tencent
2009-08-11 00:18 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-08-11 00:13 3,786,760 a------- c:\windows\system32\D3DX9_37.dll
2009-08-11 00:13 1,420,824 a------- c:\windows\system32\D3DCompiler_37.dll
2009-08-11 00:13 462,864 a------- c:\windows\system32\d3dx10_37.dll
2009-08-11 00:13 81,768 a------- c:\windows\system32\xinput1_3.dll
2009-08-11 00:12 <DIR> --d----- c:\windows\system32\xlive
2009-08-11 00:12 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-08-10 00:09 <DIR> --d----- c:\windows\system32\directx

==================== Find3M ====================

2009-09-06 10:14 55,302 a------- c:\programdata\nvModes.dat
2009-09-06 10:14 55,302 a------- c:\progra~2\nvModes.dat
2009-09-05 17:22 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-05 14:59 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-05 14:59 51,200 a------- c:\windows\inf\infpub.dat
2009-08-16 14:01 86,016 a------- c:\windows\inf\infstor.dat
2009-08-05 16:20 133,648 a------- c:\windows\system32\VBoxNetFltNotify.dll
2009-08-05 16:20 99,472 a------- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-08-05 16:20 91,472 a------- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-06-19 01:48 54,318 a------- c:\users\master\appdata\roaming\nvModes.dat
2009-06-16 08:46 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-23 21:53 56 a---h--- c:\programdata\ezsidmv.dat
2009-04-23 21:53 56 a---h--- c:\progra~2\ezsidmv.dat
2008-06-25 20:15 174 a--sh--- c:\program files\desktop.ini
2008-06-09 21:55 691 a------- c:\users\master\appdata\roaming\GetValue.vbs
2008-06-09 21:55 35 a------- c:\users\master\appdata\roaming\SetValue.bat
2008-06-05 18:24 47 a------- c:\users\master\readme.bat
2008-05-24 02:51 262,144 a------- c:\progra~2\ntuser.dat
2008-05-23 00:30 120 a------- c:\program files\Program Files.ini
2008-03-10 14:37 32 a------- c:\programdata\ezsid.dat
2008-03-10 14:37 32 a------- c:\progra~2\ezsid.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2006-03-04 18:47 262,144 a------- c:\program files\unst0_0.exe

============= FINISH: 11:03:46.58 ===============







UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/3/2008 3:43:06 PM
System Uptime: 9/5/2009 10:21:58 PM (13 hours ago)

Motherboard: Quanta | | 30D2
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1667/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 221 GiB total, 5.987 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP795: 9/5/2009 4:31:42 PM - ComboFix created restore point
RP796: 9/5/2009 5:05:33 PM - Removed Adobe Reader 8.1.2
RP797: 9/5/2009 5:10:55 PM - Removed Java(TM) 6 Update 2
RP798: 9/5/2009 5:11:47 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP799: 9/5/2009 5:12:24 PM - Removed Java(TM) 6 Update 7
RP800: 9/5/2009 5:21:53 PM - Installed Java(TM) 6 Update 16

==== Installed Programs ======================

µTorrent
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player
Adobe Shockwave Player 11.5
AdventureWorksDB
Aero SWF.max 1.5.840
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Cards_Calendar_OrderGift_DoMorePlugout
Choice Guard
Combined Community Codec Pack 2008-01-24
DAEMON Tools Toolbar
DivX Codec
Download Accelerator Plus (DAP)
ESET Online Scanner v3
ESU for Microsoft Vista
Foxit Reader
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential 2.5
HP Product Detection
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP Total Care Advisor
HP Update
HP User Guides 0087
HP Wireless Assistant
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
Intel® Matrix Storage Manager
IrfanView (remove only)
Java(TM) 6 Update 16
Junk Mail filter update
LightScribe System Software 1.10.13.1
LimeWire 4.18.8
LiveUpdate (Symantec Corporation)
Magic ISO Maker v5.4 (build 0256)
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Press Training Kit Exam Prep Suite 70-432
Microsoft Silverlight
Microsoft SQL Server 2000 Reporting Services Standard Edition
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Analysis Services
Microsoft SQL Server 2005 Backward compatibility
Microsoft SQL Server 2005 Books Online (English)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Integration Services
Microsoft SQL Server 2005 Notification Services
Microsoft SQL Server 2005 Tools
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Analysis Services
Microsoft SQL Server 2008 BI Development Studio
Microsoft SQL Server 2008 Books Online (August 2008)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Client Tools
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Full text search
Microsoft SQL Server 2008 Integration Services
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 Policies
Microsoft SQL Server 2008 Reporting Services
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft SQL Server Database Publishing Wizard 1.1
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 (x86)
Microsoft Sync Services for ADO.NET v2.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft XML Parser
MobileMe Control Panel
Motorola SM56 Speakerphone Modem
Move Networks Media Player for Internet Explorer
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.1
Nero 8 Trial
neroxml
NVIDIA Drivers
Oracle DBA Complete Video Course
Power2Go
PSSWCORE
QuickPlay SlingPlayer 0.4.4
QuickTime
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Service Pack 2 for SQL Server Analysis Services 2005 ENU (KB921896)
Service Pack 2 for SQL Server Database Services 2005 ENU (KB921896)
Service Pack 2 for SQL Server Integration Services 2005 ENU (KB921896)
Service Pack 2 for SQL Server Notification Services 2005 ENU (KB921896)
Service Pack 2 for SQL Server Tools and Workstation Components 2005 ENU (KB921896)
Slingbox Flash Tour
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SQLXML4
Starcraft
Stop Messenger Spam 1.0
Sun xVM VirtualBox
SupportSoft Assisted Service
Synaptics Pointing Device Driver
uCeritify M70-444 - Optimizing and Maintaing a Database Administration Solution Using Microsoft SQL Server 2005
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb970012)
VCRedistSetup
VideoToolkit01
Viewpoint Media Player
Visual CertExam Suite 1.9
VobSub v2.23 (Remove Only)
WeatherBug Gadget
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
Xvid 1.1.3 final uninstall

==== Event Viewer Messages From Past Week ========

9/6/2009 10:59:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect.
9/6/2009 1:30:13 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user master-PC\master SID (S-1-5-21-3741081481-2426508949-2978702852-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/6/2009 1:30:13 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {682159D9-C321-47CA-B3F1-30E36B2EC8B9} to the user master-PC\master SID (S-1-5-21-3741081481-2426508949-2978702852-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/5/2009 8:30:10 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.15.3 for the Network Card with network address 001B24F99180 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
9/5/2009 8:27:50 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001B24F99180 has been denied by the DHCP server 192.168.15.1 (The DHCP Server sent a DHCPNACK message).
9/5/2009 523 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
9/5/2009 523 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/5/2009 523 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/5/2009 4:39:51 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/5/2009 4:39:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PEVSystemStart service to connect.
9/5/2009 4:32:18 PM, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
9/5/2009 2:15:58 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
9/5/2009 10:41:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
9/5/2009 10:24:55 PM, Error: Service Control Manager [7001] - The QuickPlay Task Scheduler (QTS) service depends on the QuickPlay Background Capture Service (QBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
9/5/2009 10:24:54 PM, Error: Service Control Manager [7022] - The QuickPlay Background Capture Service (QBCS) service hung on starting.
9/5/2009 10:23:58 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/5/2009 1:38:13 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001DE0401989 has been denied by the DHCP server 169.254.122.188 (The DHCP Server sent a DHCPNACK message).
8/30/2009 10:31:07 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001DE0401989 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/30/2009 10:30:34 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001B24F99180. The following error occurred: Element not found.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

==== End Of File ===========================
escaleraroyal is offline  
Old 09-06-2009, 01:18 PM   #8
Security Team
Analyst
 
Join Date: Jun 2008
Location: Finland
Posts: 1,454
OS: Win7 64-bit, Win8.1 64-bit



Hi,

Show hidden files (Vista)
-----------------
1. Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
2. Click the View tab.
3. Under Advanced settings, click Show hidden files and folders, and then click OK.

Delete following files if found:
C:\Program Files\Morpheus\morpheustoolbar.exe
C:\Users\master\AppData\Local\VirtualStore\Windows\System32\phc5qtj0e7nr.bmp
C:\Users\master\AppData\Local\VirtualStore\Windows\System32\winvax32.rom

Quote:
Another issue is my internet search speed is slower now after I used Combofix.
That may be also cos of temporary item (browser cache included) cleaning there.

Your hard drive seems to be pretty full. Have you defragged it lately?
Blade81 is offline  
Old 09-06-2009, 02:35 PM   #9
Registered Member
 
Join Date: Nov 2007
Posts: 26
OS: p4



Yeah, my hd almost full and i have defragmented it a month ago. i have a 250gb one.
escaleraroyal is offline  
Old 09-07-2009, 12:05 AM   #10
Security Team
Analyst
 
Join Date: Jun 2008
Location: Finland
Posts: 1,454
OS: Win7 64-bit, Win8.1 64-bit



It's recommended to defrag the hard drive then. Still issues left?
Blade81 is offline  
Old 09-07-2009, 09:49 AM   #11
Registered Member
 
Join Date: Nov 2007
Posts: 26
OS: p4



OK i finished defragmenting. But it says my computer doesn't need to.

The IE is taking a longer to open that's the issue i'm still concerned. Do you think Combofix messed up my browser?
escaleraroyal is offline  
Old 09-07-2009, 10:39 AM   #12
Security Team
Analyst
 
Join Date: Jun 2008
Location: Finland
Posts: 1,454
OS: Win7 64-bit, Win8.1 64-bit



OK i finished defragmenting. But it says my computer doesn't need to.
Sometimes it's still recommended to defrag even if OS says it's not needed. Actually, for defragging I'd use 3rd party solution. Good commercial ones are PerfectDisk and Diskeeper. Of free options I recommend JkDefrag.

Quote:
The IE is taking a longer to open that's the issue i'm still concerned. Do you think Combofix messed up my browser?
No, I don't think ComboFix is responsible. Could you try to install IE 8 to see if it worked better? Also, fragmented drive can cause programs to open slower.
Blade81 is offline  
Old 09-08-2009, 05:59 PM   #13
Registered Member
 
Join Date: Nov 2007
Posts: 26
OS: p4



defragmented with jkdefrag. Pc seems to be good now. thank you so much blade81.
escaleraroyal is offline  
Old 09-08-2009, 10:56 PM   #14
Security Team
Analyst
 
Join Date: Jun 2008
Location: Finland
Posts: 1,454
OS: Win7 64-bit, Win8.1 64-bit



Good. Time for the final steps then :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.


B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.


Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTC and save it to desktop.
  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button (at the lower left hand corner of your screen)
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then double-click it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok
  • Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
    Antivir
    Avast!
    Good commercial ones are from:
    Kaspersky and
    ESET
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
    If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation "Install Comodo HopSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and install firewall ONLY!). Both providers have support forums that help with configuration related questions.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit https://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade
Blade81 is offline  
Old 09-11-2009, 07:14 PM   #15
Registered Member
 
Join Date: Nov 2007
Posts: 26
OS: p4



i got an error when i type this in Combofix /u. cant find the path.

i dont like to use firewall and antivirus. i dont like ie8 cause it crashes.

thanks. no problems so far.
escaleraroyal is offline  
Old 09-12-2009, 01:10 AM   #16
Security Team
Analyst
 
Join Date: Jun 2008
Location: Finland
Posts: 1,454
OS: Win7 64-bit, Win8.1 64-bit



Quote:
i got an error when i type this in Combofix /u. cant find the path.
Do you still have c:\qoobox or c:\ComboFix folder there after OTC run?

Quote:
i dont like to use firewall and antivirus.
If you don't install these then better not post here if system gets infected again. That's namely your own fault if you don't want to keep system more secure.
Blade81 is offline  
Old 09-12-2009, 10:23 PM   #17
Registered Member
 
Join Date: Nov 2007
Posts: 26
OS: p4



oK i just installed Avast antivirus. I dont install antivirus and firewall is because they slow down my pc. Thats the only reason.
escaleraroyal is offline  
Old 09-13-2009, 02:21 AM   #18
Security Team
Analyst
 
Join Date: Jun 2008
Location: Finland
Posts: 1,454
OS: Win7 64-bit, Win8.1 64-bit



Modern computing contains so many malware threats that system without up-to-date antivirus protection is like playing with fire. Avast is a good choice :)

So, guess we're ready here?
Blade81 is offline  
Old 09-13-2009, 11:23 PM   #19
Registered Member
 
Join Date: Nov 2007
Posts: 26
OS: p4



Yeah, thanks. Everything is OK now.
escaleraroyal is offline  
Old 09-14-2009, 03:38 AM   #20
Security Team
Analyst
 
Join Date: Jun 2008
Location: Finland
Posts: 1,454
OS: Win7 64-bit, Win8.1 64-bit



You're welcome :)
Blade81 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:08 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts