Once you have done the Icesword could you try the following please - we now have several people working on this

I would suggest opening an elevated command prompt and have user paste in the following line.

copy c:\windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys C:\

Verify it returns 1 file copied.

Then paste in;

echo ren c:\windows\System32\drivers\atapi.sys atapi.sys.vir>C:\atapi.bat
echo copy c:\atapi.sys c:\windows\System32\drivers>>C:\atapi.bat

Do an F8 restart and select Repair your computer, or boot with Vista dvd and click Repair your computer at the Install screen, then select Command Prompt from the list of System Recovery tools.
At the X:\sources> prompt, type;

c:\atapi.bat

Again, it should return 1 file copied.
Type exit to restart.

When I run icesword it says inilization failed[1]

I did the command prompt thing.

Here is what appeared on normal:

Microsoft Windows [Version 6.0.6001]
Copyright © 2006 Microsoft Corporation. All rights reserved.

C:\Windows\system32>copy c:\windows\System32\DriverStore\FileRepository\mshdc.in
f_7f3e4ed9\atapi.sys C:\
1 file(s) copied.

C:\Windows\system32>echo ren c:\windows\System32\drivers\atapi.sys atapi.sys.vir
>C:\atapi.bat

C:\Windows\system32>echo copy c:\atapi.sys c:\windows\System32\drivers>>C:\atapi
.bat


Edit: It also said 1 file(s) copied when I did it under repair computer

C:\Windows\system32>
C:\Windows\system32>
C:\Windows\system32>


Edit: It also said 1 file(s) copied when I did it under repair computer

This post has been edited by onkaloonka: Nov 15 2009, 10:23 AM

Thank you. OK could you now re-run combofix

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:



3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt .

ComboFix 09-11-15.01 - Bluhm Bros 11/15/2009 12:18.7.2 - FAT32x86
Running from: c:\users\Bluhm Bros\Desktop\Gotcha.exe
Command switches used :: c:\users\Bluhm Bros\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))))
.

2009-11-15 17:34 . 2009-11-15 17:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-15 17:34 . 2009-11-15 17:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-15 17:34 . 2009-11-15 17:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-11-15 17:34 . 2009-11-15 17:34 -------- d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Local\temp
2009-11-15 16:09 . 2009-11-15 16:09 104 ----a-w- C:\atapi.bat
2009-11-15 16:09 . 2008-10-28 12:53 21560 ----a-w- C:\atapi.sys
2009-11-15 12:09 . 2009-11-15 17:37 4096 d-----w- c:\users\Bluhm Bros\AppData\Local\temp
2009-11-14 21:51 . 2009-11-14 21:51 -------- d-----w- c:\users\Bluhm Bros\OLD MEMORY VIDS
2009-11-14 18:30 . 2009-11-14 18:32 4096 d-----w- c:\users\Bluhm Bros\Fonts
2009-11-13 02:03 . 2003-03-16 04:15 90112 ----a-w- c:\windows\unvise32.exe
2009-11-13 02:03 . 2009-11-13 02:03 -------- d-----w- c:\program files\CycoreFX HD Files
2009-11-13 01:30 . 2009-11-13 01:30 -------- d-----w- c:\users\Public\resources
2009-11-13 01:30 . 2009-11-13 01:30 -------- d-----w- c:\users\Public\redist
2009-11-13 01:29 . 2009-11-13 01:30 -------- d-----w- c:\users\Public\payloads
2009-11-13 01:29 . 2009-11-13 01:29 -------- d-----w- c:\users\Public\deployment
2009-11-13 01:26 . 2009-11-13 01:26 4096 d-----w- c:\program files\MagicISO
2009-11-12 00:59 . 2009-11-12 00:59 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\Publish Providers
2009-11-12 00:56 . 2009-11-12 00:58 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\Sony
2009-11-12 00:42 . 2009-11-12 00:42 -------- d-----w- c:\programdata\Sony
2009-11-12 00:42 . 2009-11-12 00:42 -------- d-----w- c:\program files\Sony
2009-11-11 17:55 . 2009-11-11 17:55 -------- d-----w- c:\users\Public\_bichogothic - Copy
2009-11-11 04:43 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 04:43 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-10 00:39 . 2009-11-10 00:39 -------- d-----w- c:\users\Bluhm Bros\.jagex_cache_32
2009-11-10 00:14 . 2009-11-10 00:15 24153328 ----a-w- C:\sp39535.exe
2009-11-08 15:05 . 2009-11-14 17:36 82171936 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-08 14:47 . 2009-11-08 14:47 -------- d-----w- c:\programdata\is-E1QGD
2009-11-08 14:21 . 2009-11-08 14:21 -------- d-----w- c:\programdata\is-QU5LL
2009-11-08 14:01 . 2009-11-08 14:01 -------- d-----w- c:\programdata\is-0H2RB
2009-11-08 12:51 . 2009-11-08 12:51 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\Malwarebytes
2009-11-08 12:03 . 2009-11-08 12:03 77312 ----a-w- C:\mbr.exe
2009-11-07 20:16 . 2009-11-07 20:16 -------- d-----w- C:\_OTL
2009-11-07 17:56 . 2009-11-07 17:56 4096 d-----w- c:\program files\PC Doc Pro v5
2009-11-07 17:56 . 2009-01-31 08:59 23552 ----a-w- c:\windows\system32\drivers\dfg.sys
2009-11-07 13:33 . 2009-11-15 14:36 63 ----a-w- c:\users\Bluhm Bros\jagex_runescape_preferences2.dat
2009-11-07 13:31 . 2009-11-15 15:58 38 ----a-w- c:\users\Bluhm Bros\jagex_runescape_preferences.dat
2009-11-07 13:31 . 2009-11-07 13:34 -------- d-----w- C:\.jagex_cache_32
2009-11-07 13:19 . 2009-11-07 13:19 -------- d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\Malwarebytes
2009-11-07 13:19 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 13:19 . 2009-11-08 12:51 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 13:19 . 2009-11-07 13:19 -------- d-----w- c:\programdata\Malwarebytes
2009-11-07 13:19 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 22:07 . 2009-11-05 22:18 37176 ----a-w- c:\users\Bluhm Bros\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-06 21:11 . 2009-11-06 21:11 4096 d-----w- c:\program files\Adobe Media Player
2009-11-06 21:09 . 2009-11-06 21:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-05 08:38 . 2009-11-05 08:38 4096 d-----w- c:\program files\LogMeIn Hamachi
2009-11-01 13:24 . 2009-11-01 13:24 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\TortoiseSVN
2009-10-31 19:25 . 2009-10-31 19:25 -------- d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\AVG8
2009-10-31 19:21 . 2009-10-31 19:21 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\Simply Super Software
2009-10-31 19:15 . 2009-11-07 12:48 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\SEGA
2009-10-31 19:09 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-31 19:09 . 2009-10-31 19:09 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-31 19:09 . 2009-10-31 19:09 93360 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-31 19:09 . 2009-10-31 19:09 554280 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-31 19:09 . 2009-10-31 19:09 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-10-31 19:09 . 2009-10-31 19:09 212480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-31 19:09 . 2009-10-31 19:09 283944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-31 19:09 . 2009-10-31 19:09 1223976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-31 19:09 . 2009-10-31 19:09 242984 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-31 19:07 . 2009-10-31 19:07 4096 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-31 19:07 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-31 19:01 . 2009-10-31 19:01 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-10-29 19:36 . 2009-11-12 00:56 -------- d-----w- c:\users\Bluhm Bros\AppData\Local\Sony
2009-10-29 11:05 . 2009-10-29 11:05 -------- d-----w- c:\programdata\FLEXnet
2009-10-29 01:21 . 2009-10-29 01:21 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-10-29 00:45 . 2009-10-29 00:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-29 00:44 . 2009-10-31 19:05 -------- d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\DAEMON Tools Lite
2009-10-29 00:27 . 2009-10-29 00:31 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\Vso
2009-10-29 00:26 . 2009-10-29 00:26 94208 ----a-w- c:\windows\system32\drivers\ezplay.sys
2009-10-29 00:26 . 2009-10-29 00:26 94208 ----a-w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\ezplay.sys
2009-10-29 00:24 . 2009-10-29 00:27 -------- d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\Vso
2009-10-29 00:24 . 2009-10-29 00:24 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-10-29 00:24 . 2009-10-29 00:24 47360 ----a-w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\pcouffin.sys
2009-10-29 00:24 . 2009-10-29 00:24 -------- d-----w- c:\program files\VSO
2009-10-28 23:43 . 2008-07-10 17:56 107864 ----a-w- c:\windows\system32\tsccvid.dll
2009-10-28 23:43 . 2009-10-28 23:43 -------- d-----w- c:\windows\system32\QuickTime
2009-10-28 23:42 . 2009-10-28 23:42 -------- d-----w- c:\programdata\TechSmith
2009-10-28 23:41 . 2009-10-28 23:41 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-10-28 23:41 . 2009-10-28 23:41 -------- d-----w- c:\program files\TechSmith
2009-10-28 07:06 . 2009-10-28 07:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-10-27 20:20 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 20:20 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-26 19:44 . 2009-10-26 19:44 -------- d-----w- c:\program files\Microsoft
2009-10-26 19:44 . 2009-10-26 19:44 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-26 19:44 . 2009-10-26 19:44 -------- d-----w- c:\program files\Windows Live
2009-10-26 19:22 . 2009-10-26 19:22 -------- d-----w- c:\program files\Common Files\Windows Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 17:36 . 2009-03-14 01:27 720 ----a-w- c:\programdata\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-11-15 17:36 . 2009-10-11 15:42 350192 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-11-15 17:10 . 2009-06-11 17:36 4096 d-----w- c:\users\Bluhm Bros\AppData\Roaming\Skype
2009-11-15 17:10 . 2009-06-23 11:49 12288 d-----w- c:\users\Bluhm Bros\AppData\Roaming\skypePM
2009-11-15 17:10 . 2009-10-04 01:37 8192 d-----w- c:\users\Bluhm Bros\AppData\Roaming\uTorrent
2009-11-14 23:00 . 2009-04-01 11:28 8268 ----a-w- c:\users\Bluhm Bros\AppData\Local\d3d9caps.dat
2009-11-14 18:33 . 2009-03-06 20:31 82256 ----a-w- c:\users\Bluhm Bros\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-14 17:36 . 2009-11-08 15:05 965072 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-14 15:39 . 2009-10-14 19:31 3930773 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-11-14 01:22 . 2009-03-07 12:57 112700 ----a-w- c:\programdata\nvModes.dat
2009-11-11 17:51 . 2009-03-14 01:18 -------- d-----w- c:\programdata\Kodak
2009-11-11 17:50 . 2009-03-14 01:22 -------- d-----w- c:\program files\Kodak
2009-11-11 08:18 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 08:03 . 2008-10-28 13:35 8192 d-----w- c:\programdata\Microsoft Help
2009-11-10 00:16 . 2009-01-09 01:09 -------- d-----w- c:\programdata\NVIDIA
2009-11-07 20:16 . 2009-07-01 13:20 12288 d-----w- c:\program files\Common Files\Akamai
2009-11-07 17:56 . 2009-04-07 00:21 81448 ----a-w- c:\users\Administrator.BluhmBros-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-07 13:12 . 2008-10-28 12:09 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-06 22:00 . 2008-10-28 12:32 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-06 21:54 . 2009-07-07 12:53 12288 d-----w- c:\program files\Warcraft III
2009-11-06 21:13 . 2008-10-28 13:42 8192 d-----w- c:\program files\Common Files\Adobe
2009-11-06 12:30 . 2009-11-06 12:32 3547648 ----a-w- c:\windows\Internet Logs\xDBDF58.tmp
2009-11-06 12:30 . 2009-11-06 12:32 1533440 ----a-w- c:\windows\Internet Logs\xDBE091.tmp
2009-11-03 21:06 . 2008-10-28 13:43 4096 d-----w- c:\programdata\CyberLink
2009-11-03 20:42 . 2009-03-19 01:17 4096 d-----w- c:\users\Bluhm Bros\AppData\Roaming\CyberLink
2009-11-03 20:31 . 2008-10-28 13:43 4096 d-----w- c:\program files\CyberLink
2009-11-03 12:36 . 2008-10-28 13:47 36864 ----a-w- c:\programdata\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2009-11-03 01:42 . 2009-10-02 23:59 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 19:37 . 2009-04-03 01:07 -------- d-----w- c:\program files\Common Files\AOL
2009-10-31 19:09 . 2009-07-13 12:29 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-10-31 19:09 . 2009-07-06 12:24 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-10-31 19:09 . 2009-05-30 12:01 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-31 19:09 . 2009-07-06 12:24 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-10-31 19:09 . 2009-07-06 12:24 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-10-31 19:09 . 2009-07-06 12:24 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-10-31 19:09 . 2009-07-13 12:29 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-10-31 19:08 . 2009-07-06 12:24 5908024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-31 19:08 . 2009-07-13 12:29 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-10-31 19:08 . 2009-07-06 12:22 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-10-31 19:08 . 2009-07-06 12:22 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-10-31 19:08 . 2009-09-21 12:01 640608 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-10-31 19:08 . 2009-07-06 12:21 815760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-10-31 19:08 . 2009-07-06 12:21 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-10-31 19:08 . 2009-07-06 12:20 1638104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-31 19:08 . 2009-07-06 12:19 788368 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-10-31 19:08 . 2009-07-06 12:19 1179232 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-10-31 11:49 . 2009-10-31 12:02 1494528 ----a-w- c:\windows\Internet Logs\xDB5246.tmp
2009-10-29 00:52 . 2009-09-19 00:35 8192 d-----w- c:\users\Bluhm Bros\AppData\Roaming\FrostWire
2009-10-28 07:33 . 2008-10-28 13:55 4096 d-----w- c:\program files\Microsoft Silverlight
2009-10-28 07:32 . 2009-10-28 07:34 1494016 ----a-w- c:\windows\Internet Logs\xDB6684.tmp
2009-10-28 07:12 . 2008-10-28 13:23 28672 d-----w- c:\program files\Microsoft Works
2009-10-16 00:51 . 2009-10-16 00:51 0 ----a-w- c:\users\Bluhm Bros\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-10-14 19:05 . 2009-10-14 19:05 -------- d-----w- c:\program files\Linksys EasyLink Advisor
2009-10-14 19:05 . 2009-03-11 15:12 -------- d--ha-w- c:\programdata\Gtek
2009-10-13 01:32 . 2009-07-02 20:04 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\gtk-2.0
2009-10-13 01:24 . 2009-10-13 01:24 -------- d-----w- c:\program files\Conduit
2009-10-13 01:12 . 2009-10-13 01:12 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\AVS4YOU
2009-10-13 01:12 . 2009-10-13 01:12 -------- d-----w- c:\programdata\AVS4YOU
2009-10-13 01:11 . 2009-10-13 01:10 4096 d-----w- c:\program files\AVS4YOU
2009-10-13 01:11 . 2009-10-13 01:10 4096 d-----w- c:\program files\Common Files\AVSMedia
2009-10-12 19:40 . 2009-10-10 18:21 4096 d-----w- c:\users\Bluhm Bros\AppData\Roaming\DJJava
2009-10-11 15:47 . 2009-09-18 22:55 -------- d-----w- c:\program files\AskBarDis
2009-10-11 15:43 . 2009-10-11 15:43 -------- d-----w- c:\program files\Zone Labs
2009-10-11 15:41 . 2009-10-11 15:41 -------- d-----w- c:\programdata\CheckPoint
2009-10-10 23:27 . 2009-10-10 23:27 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\JGsoft
2009-10-10 23:27 . 2009-10-10 23:27 -------- d-----w- c:\program files\JGsoft
2009-10-10 23:18 . 2009-10-10 23:18 -------- d-----w- c:\program files\SIL
2009-10-10 23:18 . 2009-10-10 23:18 -------- d-----w- c:\program files\Common Files\SIL
2009-10-10 23:18 . 2009-10-10 23:18 -------- d-----w- c:\programdata\SIL
2009-10-10 17:56 . 2009-10-10 17:56 4096 d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\DJJava
2009-10-10 17:56 . 2009-10-10 17:55 -------- d-----w- c:\programdata\Protexis
2009-10-10 17:54 . 2009-10-10 17:54 4096 d-----w- c:\program files\decomp
2009-10-10 16:17 . 2009-10-10 16:17 -------- d-----w- c:\users\Bluhm Bros\AppData\Roaming\Wings3D
2009-10-04 13:22 . 2009-10-04 13:18 4096 d-----w- c:\program files\PFConfig
2009-10-04 01:37 . 2009-10-04 01:37 -------- d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\uTorrent
2009-10-04 01:37 . 2009-10-04 01:37 -------- d-----w- c:\program files\uTorrent
2009-10-04 00:51 . 2009-09-18 22:55 8192 d-----w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\FrostWire
2009-10-03 22:57 . 2009-10-03 22:55 -------- d-----w- c:\program files\Src
2009-09-23 14:41 . 2009-10-13 19:34 26176 ---ha-w- c:\windows\system32\hamachi.sys
2009-09-23 14:41 . 2009-09-23 14:41 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2009-09-21 12:01 . 2009-09-21 12:01 17632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-09-21 12:01 . 2009-03-07 13:01 68640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-09-21 12:01 . 2009-03-07 13:01 303976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-09-21 12:01 . 2009-07-06 12:20 640760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-09-20 17:13 . 2009-09-20 17:13 -------- d-----w- c:\program files\Unity
2009-09-18 23:20 . 2009-09-18 23:20 0 ----a-w- c:\users\Administrator.BluhmBros-PC\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-09-18 22:55 . 2009-09-18 22:55 24576 d-----w- c:\program files\FrostWire
2009-09-14 09:44 . 2009-10-14 21:18 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 17:30 . 2009-10-14 21:24 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 15:48 . 2009-09-20 00:34 93552 ----a-w- c:\windows\Help\OEM\scripts\RegRestore.exe
2009-09-10 15:48 . 2009-09-20 00:34 12288 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager1_5.dll
2009-09-10 15:48 . 2009-09-20 00:34 9728 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager.DLL
2009-09-04 12:24 . 2009-10-14 21:18 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 13:55 . 2009-10-14 21:23 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-08-31 13:55 . 2009-10-14 21:23 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-08-28 12:39 . 2009-09-02 20:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-02 20:40 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32 . 2009-10-14 21:24 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-14 21:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-14 21:24 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2008-10-28 12:53 . 2008-10-28 12:39 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot_2009-11-13_00.51.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-13 01:33 . 2009-11-13 01:33 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.163_none_43f0c1d77830fb9e\mfc80KOR.dll
+ 2009-11-13 01:33 . 2009-11-13 01:33 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.163_none_43f0c1d77830fb9e\mfc80JPN.dll
+ 2009-11-13 01:33 . 2009-11-13 01:33 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.163_none_43f0c1d77830fb9e\mfc80ITA.dll
+ 2009-11-13 01:33 . 2009-11-13 01:33 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.163_none_43f0c1d77830fb9e\mfc80FRA.dll
+ 2009-11-13 01:33 . 2009-11-13 01:33 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.163_none_43f0c1d77830fb9e\mfc80ESP.dll
+ 2009-11-13 01:33 . 2009-11-13 01:33 57344 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.163_none_43f0c1d77830fb9e\mfc80ENU.dll
+ 2009-11-13 01:33 . 2009-11-13 01:33 65536 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.163_none_43f0c1d77830fb9e\mfc80DEU.dll
+ 2009-11-13 01:33 . 2009-11-13 01:33 45056 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.163_none_43f0c1d77830fb9e\mfc80CHT.dll
+ 2009-11-13 01:33 . 2009-11-13 01:33 40960 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.163_none_43f0c1d77830fb9e\mfc80CHS.dll
+ 2009-11-13 01:33 . 2009-11-13 01:33 57856 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.163_none_0c187ef99ee1d25a\mfcm80u.dll
+ 2009-11-13 01:33 . 2009-11-13 01:33 69632 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.163_none_0c187ef99ee1d25a\mfcm80.dll
+ 2008-01-21 01:58 . 2009-11-15 17:38 59148 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-11-15 17:38 98714 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-06 20:30 . 2009-11-15 17:36 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-06 20:30 . 2009-11-12 22:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-06 20:30 . 2009-11-15 17:36 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-06 20:30 . 2009-11-12 22:37 98304 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-06 20:30 . 2009-11-15 17:36 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-06 20:30 . 2009-11-12 22:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-07 13:01 . 2009-11-12 22:13 2744 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-03-07 13:01 . 2009-11-15 04:10 2744 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-03-06 20:32 . 2009-11-15 17:38 8744 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-959817231-1204997069-661096803-1000_UserData.bin
+ 2009-11-15 17:36 . 2009-11-15 17:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-12 22:38 . 2009-11-12 22:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-15 17:36 . 2009-11-15 17:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-11-12 22:38 . 2009-11-12 22:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-01-09 16:44 . 2009-11-15 17:10 372396 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-11-12 22:44 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-15 17:12 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-15 17:12 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-11-12 22:44 101350 c:\windows\System32\perfc009.dat
+ 2009-11-13 01:33 . 2009-11-13 01:33 1080320 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.163_none_0c187ef99ee1d25a\mfc80u.dll
+ 2009-11-13 01:33 . 2009-11-13 01:33 1093632 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.163_none_0c187ef99ee1d25a\mfc80.dll
+ 2006-11-02 12:47 . 2009-11-15 04:12 2442992 c:\windows\System32\FNTCACHE.DAT
+ 2009-11-13 01:33 . 2009-11-13 01:33 2346496 c:\windows\Installer\9ed3d5.msi
+ 2009-11-13 01:32 . 2009-11-13 01:32 1758720 c:\windows\Installer\9ed3c7.msi
+ 2009-11-13 01:31 . 2009-11-13 01:31 1886208 c:\windows\Installer\9ed3c1.msi
+ 2009-11-13 01:31 . 2009-11-13 01:31 1774592 c:\windows\Installer\9ed3ba.msi
+ 2009-05-03 12:01 . 2009-11-13 01:33 190700356 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 02:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-04 289072]
"AdobeBridge"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

c:\users\Administrator.BluhmBros-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-3 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Bluhm Bros^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^is-0H2RB.lnk]
path=c:\users\Bluhm Bros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-0H2RB.lnk
backup=c:\windows\pss\is-0H2RB.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Bluhm Bros^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^is-E1QGD.lnk]
path=c:\users\Bluhm Bros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\is-E1QGD.lnk
backup=c:\windows\pss\is-E1QGD.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-21 1028432]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 dfg;dfg;c:\windows\system32\DRIVERS\dfg.sys [2009-01-31 23552]
R4 LMIRfsClientNP;LMIRfsClientNP; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-07-24 47640]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 VisualSVNServer;VisualSVN Server;c:\program files\VisualSVN Server\bin\VisualSVNServer.exe [2009-03-23 23840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-11-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 19:08]

2009-08-26 c:\windows\Tasks\HPCeeScheduleForAdministrator.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-28 18:34]

2009-11-08 c:\windows\Tasks\HPCeeScheduleForBluhm Bros.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-28 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crazickforums.com/index.php?sid=bf9eed5b80f5ab2587d5c925f0493b81
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Bluhm Bros\AppData\Roaming\Mozilla\Firefox\Profiles\ojoo30sg.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Bluhm Bros\AppData\Roaming\Mozilla\Firefox\Profiles\ojoo30sg.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-959817231-1204997069-661096803-1000\Software\SecuROM\License information*]
"datasecu"=hex:aa,6e,6b,3d,5f,0d,13,74,b4,88,41,5d,ab,00,ff,c7,ce,e1,9d,d3,8e,
c5,95,92,ce,0b,98,1c,f8,7b,3c,8e,cf,09,34,33,65,d6,b4,8c,69,98,57,e9,d3,d2,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3364)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Completion time: 2009-11-15 12:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-15 17:46
ComboFix2.txt 2009-11-15 12:09
ComboFix3.txt 2009-11-14 17:54
ComboFix4.txt 2009-11-13 00:59
ComboFix5.txt 2009-11-15 17:13

Pre-Run: 236,395,163,648 bytes free
Post-Run: 236,375,425,024 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,9
- - End Of File - - 1F615A2F278C56D898FA71151B92E09D

That looks as though that may have done it as the MBR warning is no longer present and there are no sigcheck errors

Have the redirects finished ?

Yep, no more redirects. Thanks you sooo much for your help, If I had a paypal I would donate. This has also inspired me to send an application to the Geek U.

Although my computer is still loud and has to work hard to complete tasks

Is there anything I need to clean off my computer?

This post has been edited by onkaloonka: Nov 15 2009, 03:25 PM

We need the help The course is hard but interesting

Right lets clear my tools and tidy you up

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..Run OTS and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep. For AVZ just delete the folders

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

• Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 17.
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u17-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u17-windows-i586-p.exe and select "Run as an Administrator.")

VISTA
To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
• Select Performance Information and Tools
• On the left select Open Disk Cleanup
• Select Files from all users and accept the warning if you get one
• In the drop down box select your main drive i.e. C
• For a few moments the system will make some calculations
• Select the More Options tab
• In the System Restore and Shadow Backups select Clean up
• Select Delete on the pop up
• Select OK
• Select Delete

You are now done

SPRING CLEAN

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download and run Auslogics Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SuperAntispyware Run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe

I was unable to find the tools button in my computer

?

..Run OTS and hit the cleanup button

Is that what you meant

Ah OK with you now - Go to control panel and select Appearance and Personalisation > Folder Options > Hide system files and folders

Ahh yes thats what I meant, thanks.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.