Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Bloodhound Exploit 196/Trojan Horse Problems [Solved]

Started by Sighte , May 08 2009 09:54 AM

  • This topic is locked This topic is locked

#1
Sighte
Posted 08 May 2009 - 09:54 AM

Sighte

    Member

  • Member
  • PipPip
  • 11 posts
I've been having some trouble with this Bloodhound Exploit. It pops up in Norton Antivirus very frequently, saying that it was successfully quarantined, yet it continues to pop up. I've had it pop up 60+ times in a minute before. After following different malware removal guides, I had thought I got rid of it a few times, only to have it pop up again a few days later. Occasionally Norton will have "Trojan Horse" in it's log as well, I assumed the two are related, but I don't know for sure.

"Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:23 AM, on 5/8/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dropbox\Dropbox.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Songbird\songbird.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec AntiVirus\DWHWIZRD.EXE
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe



Thanks!

Edit: Should've added what I've already tried- I went through the "read this first list": Malwarebyte, ERUNT, Rooter, and OTList2 are the ones I recall using.

Edited by Sighte, 08 May 2009 - 12:33 PM.

  • 0

Advertisements

#2
andrewuk
Posted 08 May 2009 - 02:58 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hello Sighte

welcome to geekstogo :)

Please go to this page here and start at Step Five: Rootkit Detection and post the Rooter.exe log and OTListIT logs here in reply.

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#3
Sighte
Posted 08 May 2009 - 09:28 PM

Sighte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Rooter:
Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1

C:\ [Fixed] - NTFS - (Total:145048 Mo/Free:585 Mo)
D:\ [Removable] (Total:0 Mo/Free:0 Mo)
E:\ [Removable] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
H:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Fri 05/08/2009|23:17

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\SYSTEM32\wininit.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\SYSTEM32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\nvvsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\rundll32.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\SYSTEM32\taskeng.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Windows\SYSTEM32\taskeng.exe
---------- C:\Windows\SYSTEM32\taskeng.exe
---------- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
---------- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Symantec AntiVirus\DefWatch.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
---------- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
---------- C:\Windows\system32\IoctlSvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Symantec AntiVirus\SavRoam.exe
---------- C:\Windows\system32\stacsv.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
---------- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
---------- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
---------- C:\Windows\system32\DRIVERS\xaudio.exe
---------- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
---------- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
---------- C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
---------- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
---------- C:\Program Files\Apoint\Apoint.exe
---------- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
---------- C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\Program Files\Symantec AntiVirus\VPTray.exe
---------- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
---------- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Windows\System32\rundll32.exe
---------- C:\Program Files\Windows Sidebar\sidebar.exe
---------- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
---------- C:\Program Files\Dropbox\Dropbox.exe
---------- C:\Program Files\Apoint\ApMsgFwd.exe
---------- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
---------- C:\Program Files\Windows Sidebar\sidebar.exe
---------- C:\Program Files\Apoint\Apntex.exe
---------- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
---------- C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
---------- C:\Program Files\Songbird\songbird.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Users\Kevin\Desktop\OTListIt2.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\Users\Kevin\Documents\Ableton\Library\Presets\Audio Effects\Vinyl Distortion\Crack.adv


1 - "C:\Rooter$\Rooter_1.txt" - Wed 05/06/2009|15:32
2 - "C:\Rooter$\Rooter_2.txt" - Fri 05/08/2009|23:18

----------------------\\ Scan completed at 23:18
  • 0

#4
Sighte
Posted 08 May 2009 - 09:29 PM

Sighte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTList2:
OTListIt logfile created on: 5/8/2009 11:20:02 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.53% Memory free
4.00 Gb Paging File | 2.56 Gb Available in Paging File | 64.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.65 Gb Total Space | 4.57 Gb Free Space | 3.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 298.02 Gb Total Space | 34.45 Gb Free Space | 11.56% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPPY290
Current User Name: Kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/01/29 16:12:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe
PRC - [2006/11/22 17:12:16 | 00,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/05/31 12:32:14 | 00,551,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/06/15 16:45:20 | 00,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/11/28 06:34:00 | 00,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2008/06/08 09:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2009/04/01 14:34:24 | 00,922,888 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
PRC - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\system32\IoctlSvc.exe
PRC - [2006/11/28 06:34:26 | 00,122,008 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/06/12 08:55:28 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\system32\stacsv.exe
PRC - [2006/11/28 06:34:18 | 01,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/07/24 22:26:38 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/06/28 11:52:48 | 00,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/07/24 22:26:38 | 00,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/07/03 07:11:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.exe
PRC - [2007/06/28 11:53:00 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/06/28 11:53:02 | 00,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2009/04/01 14:34:24 | 00,066,824 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
PRC - [2007/06/14 11:40:46 | 00,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/06/08 08:35:43 | 00,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/06/11 21:27:14 | 00,317,560 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/07/12 14:31:34 | 00,045,056 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
PRC - [2006/11/22 17:12:36 | 00,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/28 06:34:38 | 00,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/02/05 19:52:10 | 00,849,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2007/03/11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/01/19 03:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2007/06/22 13:55:32 | 00,739,880 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/03/11 21:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/09/26 03:18:12 | 24,096,981 | ---- | M] () -- C:\Program Files\Dropbox\Dropbox.exe
PRC - [2007/06/08 08:35:39 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/06/22 13:55:32 | 01,767,976 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
PRC - [2008/01/19 03:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2007/06/08 08:35:43 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2007/03/11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2008/04/02 15:11:58 | 01,884,880 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
PRC - [2009/02/19 21:20:16 | 00,988,160 | ---- | M] (POTI, Inc.) -- C:\Program Files\Songbird\songbird.exe
PRC - [2009/04/28 00:16:08 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/06 15:31:03 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTListIt2.exe
PRC - [2008/01/19 03:33:16 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedssync.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006/11/22 17:12:16 | 00,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2006/11/22 17:12:16 | 00,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/11/22 17:12:16 | 00,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Stopped])
SRV - [2006/11/28 06:34:00 | 00,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/01/19 03:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/06/04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/06/04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/10/31 10:32:09 | 02,541,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2006/12/14 05:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2008/06/08 09:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/06/24 16:05:56 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2009/01/29 16:12:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2006/10/26 23:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 18:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/12/14 04:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2009/04/01 14:34:24 | 00,922,888 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent [Auto | Running])
SRV - [2009/04/01 14:34:26 | 01,025,288 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine [On_Demand | Stopped])
SRV - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
SRV - [2006/11/28 06:34:26 | 00,122,008 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])
SRV - [2006/12/14 05:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2007/06/12 08:55:28 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\system32\stacsv.exe -- (STacSV [Auto | Running])
SRV - [2006/11/28 06:34:18 | 01,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2007/06/28 11:53:04 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped])
SRV - [2007/07/24 22:26:38 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service [Auto | Running])
SRV - [2007/06/20 19:35:06 | 02,523,136 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer [On_Demand | Stopped])
SRV - [2007/06/20 19:34:50 | 00,397,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP [On_Demand | Stopped])
SRV - [2007/06/20 19:34:50 | 01,089,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP [On_Demand | Stopped])
SRV - [2007/06/20 19:34:52 | 00,499,712 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped])
SRV - [2007/01/10 20:51:06 | 00,745,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer [On_Demand | Stopped])
SRV - [2007/06/20 19:34:50 | 00,397,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP [On_Demand | Stopped])
SRV - [2007/06/20 19:34:50 | 01,089,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP [On_Demand | Stopped])
SRV - [2007/07/13 13:55:56 | 00,292,152 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr [On_Demand | Stopped])
SRV - [2007/07/05 20:43:04 | 00,079,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper [On_Demand | Stopped])
SRV - [2007/06/28 11:52:48 | 00,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw [On_Demand | Running])
SRV - [2007/06/28 11:53:00 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc [Auto | Running])
SRV - [2007/06/28 11:53:02 | 00,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw [Auto | Running])
SRV - [2008/01/19 03:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/07/03 07:11:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 05:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2007/06/08 08:35:43 | 00,140,800 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2007/07/02 10:10:43 | 00,080,936 | ---- | M] (Broadcom Corporation.) -- C:\Windows\system32\drivers\btwaudio.sys -- (btwaudio [On_Demand | Stopped])
DRV - [2007/07/02 10:10:43 | 00,098,608 | ---- | M] (Broadcom Corporation.) -- C:\Windows\system32\drivers\btwavdt.sys -- (btwavdt [On_Demand | Stopped])
DRV - [2007/07/02 10:09:35 | 00,028,464 | ---- | M] (Broadcom Corporation.) -- C:\Windows\system32\DRIVERS\btwl2cap.sys -- (btwl2cap [On_Demand | Stopped])
DRV - [2007/07/02 10:10:46 | 00,017,712 | ---- | M] (Broadcom Corporation.) -- C:\Windows\system32\DRIVERS\btwrchid.sys -- (btwrchid [On_Demand | Stopped])
DRV - [2007/06/14 15:02:13 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2006/11/02 05:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2009/01/09 10:49:06 | 00,071,184 | ---- | M] (Raxco Software, Inc.) -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS [Auto | Running])
DRV - [2007/06/27 22:29:58 | 00,010,216 | ---- | M] (Sony Corporation) -- C:\Windows\system32\DRIVERS\DMICall.sys -- (DMICall [System | Running])
DRV - [2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2009/02/06 15:26:05 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2009/02/26 05:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 03:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
DRV - [2008/07/03 07:11:50 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2008/07/03 07:11:46 | 00,209,408 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2007/02/28 08:05:36 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastor.sys -- (iaStor [Boot | Running])
DRV - [2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Boot | Running])
DRV - [2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2004/04/05 11:44:42 | 00,024,720 | ---- | M] (Jeff Hurchalla and Marble Sound) -- C:\Windows\System32\drivers\mapledxp.SYS -- (mapledxp [System | Running])
DRV - [2007/08/01 13:54:18 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2009/02/12 19:04:35 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090508.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/02/12 19:04:42 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090508.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2007/09/26 13:12:22 | 02,251,776 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\NETw4v32.sys -- (NETw4v32 [On_Demand | Running])
DRV - [2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2007/01/15 17:18:30 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Running])
DRV - [2009/01/29 16:12:00 | 07,544,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2007/06/02 15:59:42 | 00,008,192 | ---- | M] () -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter [On_Demand | Stopped])
DRV - [2006/11/08 03:02:40 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\point32k.sys -- (Point32 [On_Demand | Running])
DRV - [2007/06/14 15:02:13 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2007/06/27 08:13:22 | 00,075,008 | ---- | M] (Ricoh) -- C:\Windows\System32\Drivers\R5U870FLx86.sys -- (R5U870FLx86 [On_Demand | Running])
DRV - [2007/06/27 08:13:22 | 00,043,904 | ---- | M] (Ricoh) -- C:\Windows\System32\Drivers\R5U870FUx86.sys -- (R5U870FUx86 [On_Demand | Running])
DRV - [2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/06 03:09:26 | 00,027,520 | ---- | M] (Sony Corporation) -- C:\Windows\System32\Drivers\SonyNC.sys -- (SNC [On_Demand | Running])
DRV - [2007/04/05 09:06:32 | 00,031,104 | ---- | M] (Sony Corporation) -- C:\Windows\system32\DRIVERS\SonyImgF.sys -- (SonyImgF [On_Demand | Running])
DRV - [2006/10/06 14:26:16 | 00,406,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2008/08/18 22:09:57 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/11/22 16:17:06 | 00,247,144 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2006/11/22 16:17:06 | 00,274,328 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2006/11/22 16:17:06 | 00,025,448 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2007/06/12 08:55:39 | 00,326,656 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\system32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2008/08/14 15:05:21 | 00,109,744 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2006/10/26 12:01:34 | 00,026,384 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2006/10/26 12:01:34 | 00,185,744 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2007/06/05 08:17:29 | 00,812,544 | ---- | M] (Texas Instruments) -- C:\Windows\system32\drivers\ti21sony.sys -- (ti21sony [On_Demand | Running])
DRV - [2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/10/01 13:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2007/04/09 10:53:24 | 00,012,672 | ---- | M] (LG Electronics Inc.) -- C:\Windows\system32\DRIVERS\lgusbbus.sys -- (usbbus [On_Demand | Stopped])
DRV - [2007/04/09 10:56:22 | 00,021,248 | ---- | M] (LG Electronics Inc.) -- C:\Windows\system32\DRIVERS\lgusbdiag.sys -- (UsbDiag [On_Demand | Stopped])
DRV - [2007/04/09 10:55:08 | 00,022,912 | ---- | M] (LG Electronics Inc.) -- C:\Windows\system32\DRIVERS\lgusbmodem.sys -- (USBModem [On_Demand | Stopped])
DRV - [2006/11/02 05:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007/05/24 20:36:21 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\wimfltr.sys -- (WimFltr [On_Demand | Stopped])
DRV - [2008/07/03 07:11:46 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2008/07/03 07:11:58 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])
DRV - [2007/05/18 09:19:23 | 00,240,128 | ---- | M] (Marvell) -- C:\Windows\system32\DRIVERS\yk60x86.sys -- (yukonwlh [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://maddox.xmission.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/03 16:53:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/05 14:50:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/05 14:50:42 | 00,000,000 | ---D | M]

[2009/04/24 15:52:48 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions
[2008/08/14 12:00:52 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/24 15:52:48 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/05/07 18:31:57 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\vtyebn7m.default\extensions
[2009/02/17 22:30:41 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\vtyebn7m.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/04/24 15:11:04 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\vtyebn7m.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/05/05 14:10:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 00:16:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/29 14:00:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/08/14 15:09:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/02 18:17:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/25 12:35:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/28 00:16:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 00:16:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/07 17:38:31 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/07 17:38:31 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/21 12:12:56 | 00,002,216 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2009/03/07 17:38:31 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/07 17:38:31 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/07 17:38:31 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/07 17:38:31 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/07 17:38:31 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (305853 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 10531 more lines...
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" (Sony Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1 (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" (Sony Electronics, Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe ()
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SYSTEM32\VESWinlogon.dll (Sony Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/12/21 14:56:46 | 00,000,069 | -H-- | M] () - G:\autorun.in_2.org -- [ FAT32 ]
O32 - AutoRun File - [2007/12/23 21:31:06 | 00,000,053 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0121a6b8-b4fb-11dd-b0cd-001e3d00e556}\Shell - "" = AutoRun
O33 - MountPoints2\{0121a6b8-b4fb-11dd-b0cd-001e3d00e556}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0121a6c2-b4fb-11dd-b0cd-001e3d00e556}\Shell - "" = AutoRun
O33 - MountPoints2\{0121a6c2-b4fb-11dd-b0cd-001e3d00e556}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6e1dc49a-6a32-11dd-9b75-001e3d00e556}\Shell\AutoRun\command - "" = G:\wdsync.exe -- [2007/12/18 13:03:22 | 04,574,208 | ---- | M] ()
O33 - MountPoints2\{a9fa6edf-0425-11de-ac49-001e3d00e556}\Shell - "" = AutoRun
O33 - MountPoints2\{a9fa6edf-0425-11de-ac49-001e3d00e556}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\wdsync.exe -- [2007/12/18 13:03:22 | 04,574,208 | ---- | M] ()
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\SYSTEM32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/05/06 22:00:19 | 00,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Sonic Solutions
[2009/05/06 15:38:01 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/06 15:31:09 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/06 15:30:13 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTListIt2.exe
[2009/05/06 15:29:59 | 00,267,612 | ---- | C] () -- C:\Users\Kevin\Desktop\Rooter.exe
[2009/05/06 15:05:02 | 00,000,670 | ---- | C] () -- C:\Users\Kevin\Desktop\Python IDLE.lnk
[2009/05/06 14:30:10 | 00,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2009/05/06 14:30:03 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/06 14:30:03 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/06 14:29:59 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/06 14:29:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/05/06 14:29:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/06 14:28:58 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/05/06 14:28:24 | 00,000,714 | ---- | C] () -- C:\Users\Kevin\Desktop\ERUNT.lnk
[2009/05/06 14:28:19 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/05 21:07:23 | 00,000,000 | ---D | C] -- C:\Python
[2009/05/05 19:36:03 | 00,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Sighte
[2009/05/05 19:22:38 | 00,001,874 | ---- | C] () -- C:\Users\Kevin\Desktop\HijackThis.lnk
[2009/05/05 16:00:47 | 21,458,37056 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/05 15:55:17 | 00,000,000 | ---D | C] -- C:\ProgramData\sentinel
[2009/05/05 15:47:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Backup
[2009/05/05 15:41:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Software
[2009/05/05 14:50:32 | 00,000,000 | ---D | C] -- C:\Program Files\QT Lite
[2009/05/05 13:53:02 | 00,000,828 | ---- | C] () -- C:\Users\Kevin\Desktop\WinDirStat.lnk
[2009/05/05 13:53:01 | 00,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2009/05/05 13:40:07 | 00,001,670 | ---- | C] () -- C:\Users\Kevin\Desktop\CCleaner.lnk
[2009/05/05 13:40:05 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/05 13:39:54 | 00,001,744 | ---- | C] () -- C:\Users\Kevin\Desktop\Trillian.lnk
[2009/05/05 13:39:36 | 00,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Participatory Culture Foundation
[2009/05/05 13:38:53 | 00,000,000 | ---D | C] -- C:\Program Files\Trillian
[2009/05/05 13:38:44 | 00,000,000 | ---D | C] -- C:\Program Files\Participatory Culture Foundation
[2009/05/04 23:43:16 | 16,742,799 | ---- | C] () -- C:\ProgramData\vlc-0.9.9-win32.exe
[2009/05/03 22:12:22 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/03 21:16:34 | 00,000,442 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2009/05/03 21:14:45 | 00,465,952 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/05/03 21:14:45 | 00,007,316 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/05/03 21:00:13 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009/05/03 21:00:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/05/03 20:55:47 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/05/01 18:12:16 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2009/05/01 18:12:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Axara
[2009/05/01 15:51:59 | 00,034,820 | ---- | C] () -- C:\Windows\System32\ffdshow.reg
[2009/05/01 15:51:58 | 02,174,976 | ---- | C] () -- C:\Windows\System32\ffdshow.ax
[2009/05/01 15:51:58 | 00,404,480 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/05/01 15:51:58 | 00,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/05/01 15:51:58 | 00,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/05/01 15:51:57 | 03,049,984 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/05/01 15:51:57 | 00,372,736 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2009/05/01 15:51:57 | 00,098,304 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\L3CODECX.AX
[2009/04/29 16:10:34 | 00,062,989 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/29 16:10:23 | 00,062,989 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/04/29 16:10:19 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2009/04/29 14:17:58 | 00,795,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe
[2009/04/29 14:17:51 | 00,009,277 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2009/04/29 14:17:48 | 00,202,019 | ---- | C] () -- C:\Windows\System32\nvapps.xml
[2009/04/29 14:17:48 | 00,039,583 | ---- | C] () -- C:\Windows\System32\nvwsapps.xml
[2009/04/29 12:24:02 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009/04/29 01:35:59 | 00,000,000 | ---D | C] -- C:\Users\Kevin\Documents\My Drivers
[2009/04/29 01:28:46 | 01,686,016 | ---- | C] (Clever Components) -- C:\Windows\System32\clinetsuitex6.ocx
[2009/04/29 01:28:46 | 00,427,864 | ---- | C] (Xceed Software Inc (450) 442-2626 [email protected] www.xceedsoft.com) -- C:\Windows\System32\XceedZip.dll
[2009/04/29 01:19:02 | 00,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2009/04/29 01:03:30 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters
[2009/04/29 00:43:29 | 00,002,018 | ---- | C] () -- C:\Users\Public\Desktop\PerfectDisk 10.lnk
[2009/04/29 00:43:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Raxco
[2009/04/29 00:41:43 | 00,000,000 | ---D | C] -- C:\Program Files\Raxco
[2009/04/28 21:18:02 | 00,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\IObit
[2009/04/28 21:18:00 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/04/26 23:45:48 | 00,000,932 | ---- | C] () -- C:\Users\Kevin\Desktop\FL Studio 7.lnk
[2009/04/26 23:39:46 | 00,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2009/04/24 21:35:05 | 00,000,816 | ---- | C] () -- C:\Users\Kevin\Desktop\Virtual DJ.lnk
[2009/04/24 21:34:53 | 00,000,000 | ---D | C] -- C:\Users\Kevin\Documents\VirtualDJ
[2009/04/24 21:34:53 | 00,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2009/04/24 15:52:30 | 00,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Songbird2
[2009/04/24 15:52:11 | 00,001,682 | ---- | C] () -- C:\Users\Public\Desktop\Songbird.lnk
[2009/04/24 15:51:44 | 00,000,000 | ---D | C] -- C:\Program Files\Songbird
[2009/04/24 14:41:44 | 00,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2009/04/24 14:35:43 | 00,000,000 | ---D | C] -- C:\Program Files\Outsim
[2009/04/16 13:31:29 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/16 13:31:27 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/16 13:31:26 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/16 13:31:10 | 00,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/04/16 13:31:08 | 03,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/04/16 13:31:08 | 03,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/04/16 13:31:05 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/16 13:31:04 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/16 13:31:04 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/16 13:31:04 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/16 13:31:04 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/16 13:31:04 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/16 13:31:03 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/16 13:30:57 | 01,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/16 13:30:56 | 00,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/16 13:30:54 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/16 13:30:53 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/16 13:30:52 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/16 13:30:44 | 03,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/16 13:30:41 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/16 13:30:38 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/16 13:30:37 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/16 13:30:36 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/16 13:30:35 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/16 13:30:34 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/16 13:30:33 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/16 13:30:32 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/16 13:30:31 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/16 13:30:31 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/16 13:30:30 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/16 13:30:27 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/16 13:30:23 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/16 13:30:21 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/14 22:42:06 | 02,134,016 | ---- | C] (Python Software Foundation) -- C:\Windows\System32\python26.dll
[2009/04/13 15:26:05 | 00,029,184 | ---- | C] () -- C:\Users\Kevin\Documents\Paranoia Rules.doc
[2009/04/09 15:35:27 | 00,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Paranoia
[2009/03/25 12:10:24 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/03/15 21:46:37 | 00,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/01/02 15:59:40 | 00,049,152 | ---- | C] ( ) -- C:\Windows\System32\mapleapi.dll
[2008/12/01 18:46:01 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/08/19 02:14:44 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/08/19 02:14:44 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/08/19 02:14:44 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/08/18 22:09:57 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/07/23 12:50:52 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/23 12:47:34 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/07/23 12:47:34 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/07/23 12:46:38 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/03/07 21:21:51 | 00,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/08/01 22:07:31 | 00,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/06/22 13:34:44 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 06:23:31 | 00,000,201 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 16:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[2009/05/08 23:25:00 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F2BE1CE1-470E-4484-A433-A0DDA4C83508}.job
[2009/05/08 23:08:59 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/08 23:08:59 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/08 21:09:35 | 00,062,989 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/05/08 21:09:35 | 00,062,989 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/05/08 21:08:55 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/06 17:36:27 | 00,001,744 | ---- | M] () -- C:\Users\Kevin\Desktop\Trillian.lnk
[2009/05/06 15:31:03 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTListIt2.exe
[2009/05/06 15:30:13 | 00,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/06 15:30:13 | 00,604,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/06 15:30:13 | 00,105,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/06 15:30:06 | 00,267,612 | ---- | M] () -- C:\Users\Kevin\Desktop\Rooter.exe
[2009/05/06 15:22:07 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/06 15:21:50 | 21,458,37056 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/06 15:20:19 | 00,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/05/06 15:05:02 | 00,000,670 | ---- | M] () -- C:\Users\Kevin\Desktop\Python IDLE.lnk
[2009/05/06 14:30:03 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/06 14:28:24 | 00,000,714 | ---- | M] () -- C:\Users\Kevin\Desktop\ERUNT.lnk
[2009/05/05 19:22:38 | 00,001,874 | ---- | M] () -- C:\Users\Kevin\Desktop\HijackThis.lnk
[2009/05/05 18:00:00 | 00,000,442 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2009/05/05 16:12:18 | 00,137,694 | ---- | M] () -- C:\Windows\HPHins15.dat
[2009/05/05 16:02:46 | 00,000,201 | ---- | M] () -- C:\Windows\win.ini
[2009/05/05 13:53:02 | 00,000,828 | ---- | M] () -- C:\Users\Kevin\Desktop\WinDirStat.lnk
[2009/05/05 13:40:07 | 00,001,670 | ---- | M] () -- C:\Users\Kevin\Desktop\CCleaner.lnk
[2009/05/04 23:44:20 | 16,742,799 | ---- | M] () -- C:\ProgramData\vlc-0.9.9-win32.exe
[2009/05/03 22:19:52 | 00,465,952 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/05/03 22:19:52 | 00,007,316 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/05/03 18:32:25 | 00,305,853 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/05/03 18:07:28 | 00,002,018 | ---- | M] () -- C:\Users\Public\Desktop\PerfectDisk 10.lnk
[2009/05/02 15:59:00 | 00,000,270 | ---- | M] () -- C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job
[2009/04/30 22:22:54 | 00,002,627 | ---- | M] () -- C:\Users\Kevin\Desktop\Microsoft Office Word 2007.lnk
[2009/04/29 14:24:01 | 00,066,387 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\nvModes.001
[2009/04/28 15:50:25 | 00,066,387 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\nvModes.dat
[2009/04/26 23:45:48 | 00,000,932 | ---- | M] () -- C:\Users\Kevin\Desktop\FL Studio 7.lnk
[2009/04/24 21:47:16 | 00,321,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/04/24 21:39:43 | 00,000,816 | ---- | M] () -- C:\Users\Kevin\Desktop\Virtual DJ.lnk
[2009/04/24 15:52:11 | 00,001,682 | ---- | M] () -- C:\Users\Public\Desktop\Songbird.lnk
[2009/04/14 22:42:06 | 02,134,016 | ---- | M] (Python Software Foundation) -- C:\Windows\System32\python26.dll
[2009/04/13 17:33:37 | 00,029,184 | ---- | M] () -- C:\Users\Kevin\Documents\Paranoia Rules.doc
< End of report >

I realize I should've posted these earlier, my apologies.
  • 0

#5
andrewuk
Posted 09 May 2009 - 04:34 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


also:

We will run OTListIt , but go for a shortened log.
  • Close all windows and open it by double clicking on the icon
  • we are targetting a selective output, hence:
    • on the left hand side, in the box titled "Processes" select none
    • on the left hand side, in the box titled "Drivers" select none
    • on the left hand side, in the box titled "Extra Registry" select none
    • on the right hand side, in the box titled "Files created within" select none
    • on the right hand side, in the box titled "Files modified within" select none
    • tick both the boxes marked Purity check and Lop check
  • Click Run Scan and let the program run uninterrupted
  • It will produce one log for you called OTListIt.txt. Please post both that log here in reply.
  • You may need to use two posts to get it all on the forum
andrewuk
  • 0

#6
Sighte
Posted 09 May 2009 - 01:19 PM

Sighte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ComboFix 09-05-08.03 - Kevin 05/09/2009 12:00.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.926 [GMT -4:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
G:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-04-09 to 2009-05-09 )))))))))))))))))))))))))))))))
.

2009-05-08 03:38 . 2009-05-08 03:38 -------- d-----w c:\users\Kevin\AppData\Local\Blizzard Entertainment
2009-05-07 02:00 . 2009-05-07 02:00 -------- d-----w c:\users\Kevin\AppData\Roaming\Sonic Solutions
2009-05-06 19:38 . 2009-05-06 19:38 -------- d-----w C:\_OTListIt
2009-05-06 19:31 . 2009-05-09 03:18 -------- d-----w C:\Rooter$
2009-05-06 18:30 . 2009-05-06 18:30 -------- d-----w c:\users\Kevin\AppData\Roaming\Malwarebytes
2009-05-06 18:30 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 18:29 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 18:29 . 2009-05-06 18:29 -------- d-----w c:\programdata\Malwarebytes
2009-05-06 18:29 . 2009-05-06 18:29 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-06 18:29 . 2009-05-06 18:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-06 18:28 . 2009-05-06 18:28 -------- d-----w c:\program files\ERUNT
2009-05-06 18:22 . 2009-05-06 18:24 -------- d-----w c:\users\Kevin\.idlerc
2009-05-06 01:07 . 2009-05-06 18:24 -------- d-----w C:\Python
2009-05-05 20:03 . 2009-05-05 23:19 -------- d-----w c:\users\Kevin\AppData\Local\Panda Software
2009-05-05 19:55 . 2009-05-05 19:55 -------- d-----w c:\programdata\sentinel
2009-05-05 19:55 . 2009-05-05 19:55 -------- d-----w c:\users\All Users\sentinel
2009-05-05 19:47 . 2009-05-05 19:47 -------- d-----w c:\programdata\Backup
2009-05-05 19:47 . 2009-05-05 19:47 -------- d-----w c:\users\All Users\Backup
2009-05-05 19:41 . 2009-05-05 23:33 -------- d-----w c:\program files\Common Files\Panda Software
2009-05-05 18:50 . 2009-05-05 18:50 -------- d-----w c:\program files\QT Lite
2009-05-05 17:53 . 2009-05-05 17:53 -------- d-----w c:\program files\WinDirStat
2009-05-05 17:40 . 2009-05-05 17:40 -------- d-----w c:\program files\CCleaner
2009-05-05 17:39 . 2009-05-05 17:39 -------- d-----w c:\users\Kevin\AppData\Roaming\Participatory Culture Foundation
2009-05-05 17:38 . 2009-05-05 17:49 -------- d-----w c:\program files\Trillian
2009-05-05 17:38 . 2009-05-05 17:43 -------- d-----w c:\program files\Participatory Culture Foundation
2009-05-05 03:43 . 2009-05-05 03:44 16742799 ----a-w c:\programdata\vlc-0.9.9-win32.exe
2009-05-05 03:43 . 2009-05-05 03:44 16742799 ----a-w c:\users\All Users\vlc-0.9.9-win32.exe
2009-05-04 02:12 . 2009-05-04 02:12 -------- d-----w c:\program files\Trend Micro
2009-05-04 01:14 . 2009-05-04 02:19 465952 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-04 01:00 . 2009-05-04 02:08 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-05-04 01:00 . 2009-05-04 02:08 -------- d-----w c:\programdata\ParetoLogic
2009-05-04 01:00 . 2009-05-04 02:08 -------- d-----w c:\users\All Users\ParetoLogic
2009-05-04 00:55 . 2009-05-05 23:33 -------- d-----w c:\program files\Panda Security
2009-05-01 22:12 . 2009-05-01 22:20 -------- d-----w c:\program files\Common Files\Axara
2009-05-01 22:12 . 2003-05-22 02:50 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-05-01 19:51 . 2004-09-10 17:50 34820 ----a-w c:\windows\system32\ffdshow.reg
2009-05-01 19:51 . 2007-01-01 09:30 200704 ----a-w c:\windows\system32\TomsMoComp_ff.dll
2009-05-01 19:51 . 2007-03-25 04:51 404480 ----a-w c:\windows\system32\libmplayer.dll
2009-05-01 19:51 . 2007-03-25 04:51 114688 ----a-w c:\windows\system32\libmpeg2_ff.dll
2009-05-01 19:51 . 2007-03-25 04:51 3049984 ----a-w c:\windows\system32\libavcodec.dll
2009-04-29 20:10 . 2009-05-09 01:09 62989 ----a-w c:\programdata\nvModes.dat
2009-04-29 20:10 . 2009-05-09 01:09 62989 ----a-w c:\users\All Users\nvModes.dat
2009-04-29 20:10 . 2009-04-29 20:12 -------- d-----w c:\programdata\NVIDIA
2009-04-29 20:10 . 2009-04-29 20:12 -------- d-----w c:\users\All Users\NVIDIA
2009-04-29 18:17 . 2009-01-29 20:12 203296 ----a-w c:\windows\system32\nvvsvc.exe
2009-04-29 18:17 . 2009-01-29 20:12 453152 ----a-w c:\windows\system32\nvudisp.exe
2009-04-29 18:17 . 2009-01-29 20:12 795104 ----a-w c:\windows\system32\dpinst.exe
2009-04-29 16:24 . 2009-04-29 16:24 -------- d-----w C:\NVIDIA
2009-04-29 13:42 . 2008-07-03 11:11 8704 ----a-w c:\windows\system32\drivers\XAudio.sys
2009-04-29 13:42 . 2008-07-03 11:11 229376 ----a-w c:\windows\system32\UCI32M27.dll
2009-04-29 13:42 . 2008-07-03 11:11 985600 ----a-w c:\windows\system32\drivers\HSX_DPV.sys
2009-04-29 13:42 . 2008-07-03 11:11 661504 ----a-w c:\windows\system32\drivers\HSX_CNXT.sys
2009-04-29 13:42 . 2008-07-03 11:11 209408 ----a-w c:\windows\system32\drivers\HSXHWAZL.sys
2009-04-29 05:35 . 2009-04-29 05:35 -------- d-----w c:\users\Kevin\AppData\Local\Innovative Solutions
2009-04-29 05:28 . 2004-06-14 18:56 427864 ----a-w c:\windows\system32\XceedZip.dll
2009-04-29 05:19 . 2009-04-29 05:19 -------- d-----w c:\program files\PC Drivers HeadQuarters
2009-04-29 05:03 . 2009-04-29 05:03 -------- d-----w c:\programdata\PC Drivers HeadQuarters
2009-04-29 05:03 . 2009-04-29 05:03 -------- d-----w c:\users\All Users\PC Drivers HeadQuarters
2009-04-29 04:43 . 2009-04-29 04:43 -------- d-----w c:\programdata\Raxco
2009-04-29 04:43 . 2009-04-29 04:43 -------- d-----w c:\users\All Users\Raxco
2009-04-29 04:41 . 2009-04-29 04:43 -------- d-----w c:\program files\Raxco
2009-04-29 01:18 . 2009-04-29 04:46 -------- d-----w c:\users\Kevin\AppData\Roaming\IObit
2009-04-29 01:18 . 2009-04-29 01:18 -------- d-----w c:\program files\IObit
2009-04-27 03:39 . 2009-04-27 03:46 -------- d-----w c:\program files\Image-Line
2009-04-25 01:34 . 2009-04-25 01:39 -------- d-----w c:\program files\VirtualDJ
2009-04-24 19:52 . 2009-04-24 19:52 -------- d-----w c:\users\Kevin\AppData\Local\Songbird2
2009-04-24 19:52 . 2009-04-24 19:52 -------- d-----w c:\users\Kevin\AppData\Roaming\Songbird2
2009-04-24 19:51 . 2009-04-25 19:10 -------- d-----w c:\program files\Songbird
2009-04-24 18:41 . 2009-04-27 03:39 -------- d-----w c:\program files\VstPlugins
2009-04-24 18:35 . 2009-04-24 18:35 -------- d-----w c:\program files\Outsim
2009-04-16 22:12 . 2008-08-18 02:09 117760 ----a-w c:\windows\system32\hpzll64X.dll
2009-04-16 17:30 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-15 02:42 . 2009-04-15 02:42 2134016 ----a-w c:\windows\system32\python26.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 15:58 . 2008-03-08 01:28 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-09 15:58 . 2008-08-14 19:03 -------- d-----w c:\program files\Symantec
2009-05-09 15:57 . 2008-08-14 19:03 -------- d-----w c:\program files\Symantec AntiVirus
2009-05-08 16:04 . 2008-08-19 05:56 -------- d-----w c:\program files\Diablo II
2009-05-06 19:20 . 2007-08-02 01:03 1660 ----a-w c:\windows\bthservsdp.dat
2009-05-05 23:33 . 2007-08-02 01:32 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-05 20:12 . 2008-08-21 19:29 137694 ----a-w c:\windows\HPHins15.dat
2009-05-05 19:49 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infpub.dat
2009-05-05 19:49 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-05 19:49 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-05 18:05 . 2008-09-10 02:03 -------- d-----w c:\program files\QuickTime
2009-05-05 18:04 . 2008-08-14 19:35 -------- d-----w c:\program files\Common Files\Apple
2009-05-05 17:43 . 2008-03-08 01:00 -------- d-----w c:\program files\Common Files\AOL
2009-05-04 15:57 . 2008-08-15 19:59 -------- d-----w c:\program files\Uniblue
2009-05-04 02:19 . 2009-05-04 01:14 7316 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-04 00:54 . 2008-03-08 01:18 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-05-04 00:48 . 2007-08-02 01:46 -------- d-----w c:\program files\Sony
2009-04-29 13:44 . 2008-03-08 01:00 -------- d-----w c:\program files\CONEXANT
2009-04-28 19:50 . 2008-08-19 06:02 66387 ----a-w c:\users\Kevin\AppData\Roaming\nvModes.dat
2009-04-25 01:48 . 2008-08-14 15:49 78224 ----a-w c:\users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-24 18:46 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-01 18:34 . 2009-04-01 18:34 231176 ----a-w c:\windows\system32\PDBoot.exe
2009-04-01 00:30 . 2008-12-31 02:15 -------- d-----w c:\program files\PeerGuardian2
2009-03-27 12:14 . 2007-08-02 01:36 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-25 16:34 . 2007-08-02 01:51 -------- d-----w c:\program files\Java
2009-03-25 16:11 . 2009-03-25 16:10 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-24 18:50 . 2009-03-24 18:50 -------- d-----w c:\program files\Ableton
2009-03-23 01:40 . 2007-08-02 01:49 -------- d-----w c:\program files\Common Files\Adobe
2009-03-17 03:38 . 2009-04-16 17:30 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 17:30 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-16 01:46 . 2009-03-16 01:46 -------- d-----w c:\program files\Ventrilo
2009-03-16 01:42 . 2009-03-16 01:42 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-11 19:50 . 2009-03-11 19:50 -------- d-----w c:\program files\ImgBurn
2009-03-11 19:39 . 2009-03-11 19:39 -------- d-----w c:\program files\Smart Projects
2009-03-09 09:19 . 2009-01-02 22:17 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-16 17:31 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 17:31 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 17:30 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 17:31 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 17:31 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 17:31 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 17:30 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 17:31 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 17:31 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 17:31 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 17:31 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 17:31 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 17:30 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-16 17:30 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-09 03:10 . 2009-03-11 08:58 2033152 ----a-w c:\windows\system32\win32k.sys
2008-09-23 23:40 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2007-08-02 01:57 . 2007-08-02 01:54 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w c:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 317560]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 53248]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 45056]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-29 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-29 92704]

c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\program files\Dropbox\Dropbox.exe [2008-9-26 24096981]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-6-22 739880]
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 02:26 98304 ----a-w c:\windows\System32\VESWinlogon.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"midi8"= mapledxp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D0A3F532-AD36-4BE6-ADDA-EB0A8327438D}"= UDP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{985CE9C9-EB77-449F-A6ED-F103D35C1B39}"= TCP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{8CEDA0E0-B9D1-4418-86C0-43C2D35CD6EB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E89F75D5-D2B9-40A5-9395-0428EA23BE49}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AA50AFF4-FB6F-4789-B23D-7D532BA44D81}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{CFDE309B-6830-4A72-A5F3-D5BB8FED22E9}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{829295B9-343B-4DEA-B282-1BDF67A8C638}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{9EA13495-652F-42D8-86FD-67A07A53036A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{B0A486CD-FC9B-4F87-818A-5D9EB595FA22}c:\\program files\\deusty\\mojo\\mojo.exe"= UDP:c:\program files\deusty\mojo\mojo.exe:Mojo
"UDP Query User{E5EBB115-18D3-402D-BB73-DF39727D2420}c:\\program files\\deusty\\mojo\\mojo.exe"= TCP:c:\program files\deusty\mojo\mojo.exe:Mojo
"TCP Query User{CD9E9C9A-CCCE-46DF-ACE9-52B47885C446}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{A567F42E-B199-4754-B0D2-CD79B1114367}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java™ Platform SE binary
"{0E77CA67-6B7C-4A9C-B612-821A86927C84}"= UDP:c:\program files\Diablo II\Diablo II.exe:Diablo II - Lord of Destruction
"{F609FF6A-6498-4388-BB63-A90C09B2FEDF}"= TCP:c:\program files\Diablo II\Diablo II.exe:Diablo II - Lord of Destruction
"{E287BCCB-1FC8-4071-9A79-F70D9C03EDBD}"= UDP:c:\program files\Uniblue\PowerSuite\PowerSuite.exe:PowerSuite
"{6B0E3AB4-1316-4E1D-A29C-9BE4204E62ED}"= TCP:c:\program files\Uniblue\PowerSuite\PowerSuite.exe:PowerSuite
"{9B2DBAE2-618D-4EAC-B085-44FB1AA00074}"= UDP:c:\program files\Uniblue\SpyEraser\SpyEraser.exe:SpyEraser
"{24D5E23D-B3E8-44AB-991B-4C7155E7E307}"= TCP:c:\program files\Uniblue\SpyEraser\SpyEraser.exe:SpyEraser
"{4CC10D34-68C7-4133-858B-9A96549AA613}"= UDP:c:\program files\i2p\i2p.exe:Start I2P (no window)
"{6BC3589E-6DDA-43EA-AE93-D7921542973E}"= TCP:c:\program files\i2p\i2p.exe:Start I2P (no window)
"{4BB3A6FE-2DA4-46EF-906D-7F5763F156B1}"= UDP:c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe:SpeedUpMyPC 3
"{59F87675-8093-44A9-93C0-939C6996BD9E}"= TCP:c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe:SpeedUpMyPC 3
"{6616F0B3-DAED-465B-842F-EF9925AE6CFC}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{2F2A5982-CF86-4696-9EEB-3BF654523A12}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{17961E8F-A42C-4A9B-BD69-1F3BCBA86C00}"= UDP:c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe:RegistryBooster 2
"{0CEF7815-2DBC-4695-9923-2879D4A986FB}"= TCP:c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe:RegistryBooster 2
"TCP Query User{BC76FAAD-0C2F-428A-AE6D-0E71E34CBF51}c:\\program files\\vuze\\azureus.exe"= Disabled:UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{D48F074E-9EF9-48D4-A1B4-52C20BFBD7CD}c:\\program files\\vuze\\azureus.exe"= Disabled:TCP:c:\program files\vuze\azureus.exe:Azureus
"{601EF037-9DD8-41F0-88A7-96A7B5DD29DB}"= UDP:c:\program files\DC++\DCPlusPlus.exe:DC++
"{D5C7A546-22E9-4D3C-B938-6DAA0555EA58}"= TCP:c:\program files\DC++\DCPlusPlus.exe:DC++
"TCP Query User{C324ED01-3ADA-4DDA-8FE6-316CC641FB04}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{6F1BF4D7-770F-4C9C-8E27-737CB794EAF8}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{23D79993-DF54-4250-8384-86994D0307F9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0C5F57D9-38D2-4921-9151-0EE4067A2F17}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{41DEC0BF-CB26-45FB-96B4-D925A29DF796}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{594B051A-D1A3-489D-82D1-06DF6CE2C814}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{2AEC96D9-AD7A-49B0-80C7-422B0DBA29B3}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{3BE3AFF0-1175-4111-B995-45C81092803F}"= UDP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{13ADAE87-3CC2-45A6-BAE1-BA9E8A3A63BD}"= TCP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{BDB5AF0B-D499-4486-B7F9-FDFFC70FF072}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{5E61B5EA-5BD9-4443-A21A-96AF93D96613}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{610BF845-1EA1-4D60-B0BA-C52CB3BF2832}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{9781D41B-0D67-4E2B-9AC4-1554F0FEFDD5}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{96A7950A-4043-42EA-94B2-6DBAD4427685}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{0EEA5B44-4D66-40CA-8AC1-E70003C83A2F}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{F4CCE4AA-C9CB-46D2-8496-DA3177D5B498}c:\\program files\\orb networks\\orb\\bin\\orb.exe"= UDP:c:\program files\orb networks\orb\bin\orb.exe:Orb Application
"UDP Query User{4BD72DA0-AEAE-4A47-952C-DD9086EF877A}c:\\program files\\orb networks\\orb\\bin\\orb.exe"= TCP:c:\program files\orb networks\orb\bin\orb.exe:Orb Application
"TCP Query User{748E0FFE-25D9-4F63-B33A-8E2F58DCD01C}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{66B5407E-50A0-4451-BA86-AFDF02071AE5}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{65F9B9AD-011D-4F97-B076-1A143A38E952}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{CE4E7D2A-093F-42E3-A1B3-458D7FC8CC26}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
"TCP Query User{5CF5A750-F24F-4342-B229-82B79D1F81B2}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{235C4FC7-59D2-4C56-A39B-536223E23973}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{EBAFA8EB-8E07-4128-BEAA-00FE13FE500D}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{6BED4D87-8556-45DA-B195-0B51146AEC8A}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{A03E8A44-AB6D-4898-BD85-835A22B60E79}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{83439E39-A724-481E-94B8-CC00C4A913EA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DisableNotifications"= 1 (0x1)

R1 mapledxp;mapledxp;c:\windows\System32\drivers\mapledxp.sys [1/2/2009 3:59 PM 24720]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [8/1/2007 9:51 PM 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [8/1/2007 9:51 PM 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [8/1/2007 9:51 PM 31104]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [8/1/2007 9:51 PM 812544]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [8/1/2007 9:34 PM 28464]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [3/7/2008 9:22 PM 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [3/7/2008 9:22 PM 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [3/7/2008 9:22 PM 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [8/1/2007 9:59 PM 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [8/1/2007 10:00 PM 79736]

--- Other Services/Drivers In Memory ---

*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SPBBCDrv
*Deregistered* - SRTSPX
*Deregistered* - SymEvent
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0121a6b8-b4fb-11dd-b0cd-001e3d00e556}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0121a6c2-b4fb-11dd-b0cd-001e3d00e556}]
\shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e1dc49a-6a32-11dd-9b75-001e3d00e556}]
\shell\AutoRun\command - G:\wdsync.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9fa6edf-0425-11de-ac49-001e3d00e556}]
\shell\AutoRun\command - I:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-09 c:\windows\Tasks\User_Feed_Synchronization-{F2BE1CE1-470E-4484-A433-A0DDA4C83508}.job
- c:\windows\system32\msfeedssync.exe [2008-09-23 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\vtyebn7m.default\
FF - prefs.js: browser.startup.homepage - hxxp://maddox.xmission.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-09 12:07
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3136595455-374927726-2643928706-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CA64D3B2-3BB7-9DB8-2E4C-2CB22B3A707A}*]
"haiiacofcjjnmhha"=hex:6a,61,70,62,63,64,6a,6a,6c,6a,64,64,6c,67,6a,69,6e,6a,
63,69,00,00

[HKEY_USERS\S-1-5-21-3136595455-374927726-2643928706-1002\Software\SecuROM\License information*]
"datasecu"=hex:63,07,f0,d5,f4,f6,eb,2b,ad,f3,cb,e7,fc,c3,f9,b2,e5,18,80,7c,65,
ba,cb,8f,27,8c,19,5b,a4,2d,21,46,d5,87,53,1b,2e,86,6d,45,8f,79,73,73,77,15,\
"rkeysecu"=hex:35,69,63,20,9a,0d,42,63,70,ee,b8,fa,fe,86,65,d6

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-09 12:10
ComboFix-quarantined-files.txt 2009-05-09 16:10

Pre-Run: 4,441,210,880 bytes free
Post-Run: 4,627,914,752 bytes free

345 --- E O F --- 2009-05-05 00:40
  • 0

#7
Sighte
Posted 09 May 2009 - 01:20 PM

Sighte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTListIt logfile created on: 5/9/2009 3:18:33 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.31% Memory free
4.00 Gb Paging File | 2.80 Gb Available in Paging File | 69.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.65 Gb Total Space | 4.41 Gb Free Space | 3.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 298.02 Gb Total Space | 34.45 Gb Free Space | 11.56% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPPY290
Current User Name: Kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (CLTNetCnService [Auto | Stopped])
SRV - [2008/01/19 03:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/06/04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/06/04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/10/31 10:32:09 | 02,541,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2006/12/14 05:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2008/06/08 09:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/06/24 16:05:56 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2009/01/29 16:12:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2006/10/26 23:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 18:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/12/14 04:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2009/04/01 14:34:24 | 00,922,888 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent [Auto | Running])
SRV - [2009/04/01 14:34:26 | 01,025,288 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine [On_Demand | Stopped])
SRV - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
SRV - [2006/12/14 05:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2007/06/12 08:55:28 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\system32\stacsv.exe -- (STacSV [Auto | Running])
SRV - [2007/06/28 11:53:04 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped])
SRV - [2007/07/24 22:26:38 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service [Auto | Running])
SRV - [2007/06/20 19:35:06 | 02,523,136 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer [On_Demand | Stopped])
SRV - [2007/06/20 19:34:50 | 00,397,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP [On_Demand | Stopped])
SRV - [2007/06/20 19:34:50 | 01,089,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP [On_Demand | Stopped])
SRV - [2007/06/20 19:34:52 | 00,499,712 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped])
SRV - [2007/01/10 20:51:06 | 00,745,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer [On_Demand | Stopped])
SRV - [2007/06/20 19:34:50 | 00,397,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP [On_Demand | Stopped])
SRV - [2007/06/20 19:34:50 | 01,089,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP [On_Demand | Stopped])
SRV - [2007/07/13 13:55:56 | 00,292,152 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr [On_Demand | Stopped])
SRV - [2007/07/05 20:43:04 | 00,079,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper [On_Demand | Stopped])
SRV - [2007/06/28 11:52:48 | 00,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw [On_Demand | Running])
SRV - [2007/06/28 11:53:00 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc [Auto | Running])
SRV - [2007/06/28 11:53:02 | 00,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw [Auto | Running])
SRV - [2008/01/19 03:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/07/03 07:11:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://maddox.xmission.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/03 16:53:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/05 14:50:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/05 14:50:42 | 00,000,000 | ---D | M]

[2009/04/24 15:52:48 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions
[2008/08/14 12:00:52 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/24 15:52:48 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/05/07 18:31:57 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\vtyebn7m.default\extensions
[2009/02/17 22:30:41 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\vtyebn7m.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/04/24 15:11:04 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\vtyebn7m.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/05/05 14:10:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 00:16:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/29 14:00:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/08/14 15:09:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/02 18:17:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/25 12:35:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/28 00:16:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 00:16:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/07 17:38:31 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/07 17:38:31 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/21 12:12:56 | 00,002,216 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2009/03/07 17:38:31 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/07 17:38:31 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/07 17:38:31 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/07 17:38:31 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/07 17:38:31 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (305853 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 10531 more lines...
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" (Sony Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1 (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
O4 - HKLM..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" (Sony Electronics, Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe ()
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/12/21 14:56:46 | 00,000,069 | -H-- | M] () - G:\autorun.in_2.org -- [ FAT32 ]
O33 - MountPoints2\{0121a6b8-b4fb-11dd-b0cd-001e3d00e556}\Shell - "" = AutoRun
O33 - MountPoints2\{0121a6b8-b4fb-11dd-b0cd-001e3d00e556}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0121a6c2-b4fb-11dd-b0cd-001e3d00e556}\Shell - "" = AutoRun
O33 - MountPoints2\{0121a6c2-b4fb-11dd-b0cd-001e3d00e556}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6e1dc49a-6a32-11dd-9b75-001e3d00e556}\Shell\AutoRun\command - "" = G:\wdsync.exe -- [2007/12/18 13:03:22 | 04,574,208 | ---- | M] ()
O33 - MountPoints2\{a9fa6edf-0425-11de-ac49-001e3d00e556}\Shell - "" = AutoRun
O33 - MountPoints2\{a9fa6edf-0425-11de-ac49-001e3d00e556}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\wdsync.exe -- [2007/12/18 13:03:22 | 04,574,208 | ---- | M] ()
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\system32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== LOP Check ==========

[2009/05/06 22:00:19 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming
[2009/03/24 15:08:20 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Ableton
[2008/08/27 20:51:49 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\AccurateRip
[2008/10/04 14:21:52 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Adobe
[2009/03/10 22:50:34 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Apple Computer
[2009/05/05 20:01:33 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Audacity
[2008/08/17 11:54:28 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Azureus
[2008/09/01 07:17:29 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\CiscoCAA
[2008/10/04 14:21:55 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/13 17:11:58 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Corel
[2008/08/18 22:09:26 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DAEMON Tools
[2008/09/11 21:34:38 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\dBpoweramp
[2008/08/21 22:36:03 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Deusty
[2008/08/17 13:31:28 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DivX
[2009/05/06 15:24:38 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Dropbox
[2008/11/10 00:48:57 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Folding@home-x86
[2008/09/04 12:27:19 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Google
[2008/08/26 15:26:39 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\HP
[2008/08/21 15:39:22 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\HPAppData
[2008/08/14 11:49:36 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Identities
[2009/03/23 12:16:16 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ImgBurn
[2008/08/15 09:38:16 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\InterVideo
[2009/04/29 00:46:44 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\IObit
[2008/08/14 11:50:08 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Macromedia
[2009/05/06 14:30:10 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Media Center Programs
[2008/11/18 21:13:55 | 00,000,000 | --SD | M] -- C:\Users\Kevin\AppData\Roaming\Microsoft
[2008/08/14 12:00:52 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla
[2008/08/29 18:05:06 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Nero
[2008/09/23 17:32:42 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\NetMedia Providers
[2009/05/05 13:39:36 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Participatory Culture Foundation
[2008/12/31 02:03:14 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Propellerhead Software
[2008/09/23 17:32:42 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Publish Providers
[2008/08/19 00:08:47 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Roxio
[2008/09/07 19:20:12 | 00,000,000 | R--D | M] -- C:\Users\Kevin\AppData\Roaming\SecuROM
[2009/04/04 17:05:33 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Skype
[2009/04/04 16:07:55 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\skypePM
[2009/04/24 15:52:31 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Songbird2
[2009/05/06 22:00:19 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Sonic Solutions
[2008/12/01 20:33:40 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Sony
[2008/08/14 15:00:45 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Sony Corporation
[2008/11/18 18:56:28 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Template
[2009/05/04 11:58:12 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Uniblue
[2009/05/08 23:15:08 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\uTorrent
[2008/12/30 19:58:29 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\VistaAudio
[2008/12/30 20:28:38 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\vlc
[2008/08/15 15:58:38 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WinRAR
[2009/05/05 18:00:00 | 00,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2009/05/06 15:22:07 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/05/06 15:22:07 | 00,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/05/02 15:59:00 | 00,000,270 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/08/15 15:59:27 | 00,000,392 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpeedUpMyPC.job
[2008/08/17 22:47:56 | 00,000,338 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpyEraser.job
[2009/05/09 15:15:12 | 00,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F2BE1CE1-470E-4484-A433-A0DDA4C83508}.job

========== Purity Check ==========

< End of report >
  • 0

#8
andrewuk
Posted 09 May 2009 - 03:02 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

REGNULL::
[HKEY_USERS\S-1-5-21-3136595455-374927726-2643928706-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CA64D3B2-3BB7-9DB8-2E4C-2CB22B3A707A}*]

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0121a6b8-b4fb-11dd-b0cd-001e3d00e556}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0121a6c2-b4fb-11dd-b0cd-001e3d00e556}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e1dc49a-6a32-11dd-9b75-001e3d00e556}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9fa6edf-0425-11de-ac49-001e3d00e556}]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#9
Sighte
Posted 09 May 2009 - 07:58 PM

Sighte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ComboFix 09-05-08.03 - Kevin 05/09/2009 21:35.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.903 [GMT -4:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
Command switches used :: c:\users\Kevin\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-04-10 to 2009-05-10 )))))))))))))))))))))))))))))))
.

2009-05-08 03:38 . 2009-05-08 03:38 -------- d-----w c:\users\Kevin\AppData\Local\Blizzard Entertainment
2009-05-07 02:00 . 2009-05-07 02:00 -------- d-----w c:\users\Kevin\AppData\Roaming\Sonic Solutions
2009-05-06 19:38 . 2009-05-06 19:38 -------- d-----w C:\_OTListIt
2009-05-06 19:31 . 2009-05-09 03:18 -------- d-----w C:\Rooter$
2009-05-06 18:30 . 2009-05-06 18:30 -------- d-----w c:\users\Kevin\AppData\Roaming\Malwarebytes
2009-05-06 18:30 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 18:29 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 18:29 . 2009-05-06 18:29 -------- d-----w c:\programdata\Malwarebytes
2009-05-06 18:29 . 2009-05-06 18:29 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-06 18:29 . 2009-05-06 18:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-06 18:28 . 2009-05-06 18:28 -------- d-----w c:\program files\ERUNT
2009-05-06 18:22 . 2009-05-06 18:24 -------- d-----w c:\users\Kevin\.idlerc
2009-05-06 01:07 . 2009-05-06 18:24 -------- d-----w C:\Python
2009-05-05 20:03 . 2009-05-05 23:19 -------- d-----w c:\users\Kevin\AppData\Local\Panda Software
2009-05-05 19:55 . 2009-05-05 19:55 -------- d-----w c:\programdata\sentinel
2009-05-05 19:55 . 2009-05-05 19:55 -------- d-----w c:\users\All Users\sentinel
2009-05-05 19:47 . 2009-05-05 19:47 -------- d-----w c:\programdata\Backup
2009-05-05 19:47 . 2009-05-05 19:47 -------- d-----w c:\users\All Users\Backup
2009-05-05 19:41 . 2009-05-05 23:33 -------- d-----w c:\program files\Common Files\Panda Software
2009-05-05 18:50 . 2009-05-05 18:50 -------- d-----w c:\program files\QT Lite
2009-05-05 17:53 . 2009-05-05 17:53 -------- d-----w c:\program files\WinDirStat
2009-05-05 17:40 . 2009-05-05 17:40 -------- d-----w c:\program files\CCleaner
2009-05-05 17:39 . 2009-05-05 17:39 -------- d-----w c:\users\Kevin\AppData\Roaming\Participatory Culture Foundation
2009-05-05 17:38 . 2009-05-05 17:49 -------- d-----w c:\program files\Trillian
2009-05-05 17:38 . 2009-05-05 17:43 -------- d-----w c:\program files\Participatory Culture Foundation
2009-05-05 03:43 . 2009-05-05 03:44 16742799 ----a-w c:\programdata\vlc-0.9.9-win32.exe
2009-05-05 03:43 . 2009-05-05 03:44 16742799 ----a-w c:\users\All Users\vlc-0.9.9-win32.exe
2009-05-04 02:12 . 2009-05-04 02:12 -------- d-----w c:\program files\Trend Micro
2009-05-04 01:14 . 2009-05-04 02:19 465952 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-04 01:00 . 2009-05-04 02:08 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-05-04 01:00 . 2009-05-04 02:08 -------- d-----w c:\programdata\ParetoLogic
2009-05-04 01:00 . 2009-05-04 02:08 -------- d-----w c:\users\All Users\ParetoLogic
2009-05-04 00:55 . 2009-05-05 23:33 -------- d-----w c:\program files\Panda Security
2009-05-01 22:12 . 2009-05-01 22:20 -------- d-----w c:\program files\Common Files\Axara
2009-05-01 22:12 . 2003-05-22 02:50 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-05-01 19:51 . 2004-09-10 17:50 34820 ----a-w c:\windows\system32\ffdshow.reg
2009-05-01 19:51 . 2007-01-01 09:30 200704 ----a-w c:\windows\system32\TomsMoComp_ff.dll
2009-05-01 19:51 . 2007-03-25 04:51 404480 ----a-w c:\windows\system32\libmplayer.dll
2009-05-01 19:51 . 2007-03-25 04:51 114688 ----a-w c:\windows\system32\libmpeg2_ff.dll
2009-05-01 19:51 . 2007-03-25 04:51 3049984 ----a-w c:\windows\system32\libavcodec.dll
2009-04-29 20:10 . 2009-05-09 01:09 62989 ----a-w c:\programdata\nvModes.dat
2009-04-29 20:10 . 2009-05-09 01:09 62989 ----a-w c:\users\All Users\nvModes.dat
2009-04-29 20:10 . 2009-04-29 20:12 -------- d-----w c:\programdata\NVIDIA
2009-04-29 20:10 . 2009-04-29 20:12 -------- d-----w c:\users\All Users\NVIDIA
2009-04-29 18:17 . 2009-01-29 20:12 203296 ----a-w c:\windows\system32\nvvsvc.exe
2009-04-29 18:17 . 2009-01-29 20:12 453152 ----a-w c:\windows\system32\nvudisp.exe
2009-04-29 18:17 . 2009-01-29 20:12 795104 ----a-w c:\windows\system32\dpinst.exe
2009-04-29 16:24 . 2009-04-29 16:24 -------- d-----w C:\NVIDIA
2009-04-29 13:42 . 2008-07-03 11:11 8704 ----a-w c:\windows\system32\drivers\XAudio.sys
2009-04-29 13:42 . 2008-07-03 11:11 229376 ----a-w c:\windows\system32\UCI32M27.dll
2009-04-29 13:42 . 2008-07-03 11:11 985600 ----a-w c:\windows\system32\drivers\HSX_DPV.sys
2009-04-29 13:42 . 2008-07-03 11:11 661504 ----a-w c:\windows\system32\drivers\HSX_CNXT.sys
2009-04-29 13:42 . 2008-07-03 11:11 209408 ----a-w c:\windows\system32\drivers\HSXHWAZL.sys
2009-04-29 05:35 . 2009-04-29 05:35 -------- d-----w c:\users\Kevin\AppData\Local\Innovative Solutions
2009-04-29 05:28 . 2004-06-14 18:56 427864 ----a-w c:\windows\system32\XceedZip.dll
2009-04-29 05:19 . 2009-04-29 05:19 -------- d-----w c:\program files\PC Drivers HeadQuarters
2009-04-29 05:03 . 2009-04-29 05:03 -------- d-----w c:\programdata\PC Drivers HeadQuarters
2009-04-29 05:03 . 2009-04-29 05:03 -------- d-----w c:\users\All Users\PC Drivers HeadQuarters
2009-04-29 04:43 . 2009-04-29 04:43 -------- d-----w c:\programdata\Raxco
2009-04-29 04:43 . 2009-04-29 04:43 -------- d-----w c:\users\All Users\Raxco
2009-04-29 04:41 . 2009-04-29 04:43 -------- d-----w c:\program files\Raxco
2009-04-29 01:18 . 2009-04-29 04:46 -------- d-----w c:\users\Kevin\AppData\Roaming\IObit
2009-04-29 01:18 . 2009-04-29 01:18 -------- d-----w c:\program files\IObit
2009-04-27 03:39 . 2009-04-27 03:46 -------- d-----w c:\program files\Image-Line
2009-04-25 01:34 . 2009-04-25 01:39 -------- d-----w c:\program files\VirtualDJ
2009-04-24 19:52 . 2009-04-24 19:52 -------- d-----w c:\users\Kevin\AppData\Local\Songbird2
2009-04-24 19:52 . 2009-04-24 19:52 -------- d-----w c:\users\Kevin\AppData\Roaming\Songbird2
2009-04-24 19:51 . 2009-04-25 19:10 -------- d-----w c:\program files\Songbird
2009-04-24 18:41 . 2009-04-27 03:39 -------- d-----w c:\program files\VstPlugins
2009-04-24 18:35 . 2009-04-24 18:35 -------- d-----w c:\program files\Outsim
2009-04-16 22:12 . 2008-08-18 02:09 117760 ----a-w c:\windows\system32\hpzll64X.dll
2009-04-16 17:30 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-15 02:42 . 2009-04-15 02:42 2134016 ----a-w c:\windows\system32\python26.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 00:51 . 2008-03-08 01:28 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-10 00:51 . 2008-08-14 19:03 -------- d-----w c:\program files\Symantec
2009-05-10 00:51 . 2008-08-14 19:03 -------- d-----w c:\program files\Symantec AntiVirus
2009-05-08 16:04 . 2008-08-19 05:56 -------- d-----w c:\program files\Diablo II
2009-05-06 19:20 . 2007-08-02 01:03 1660 ----a-w c:\windows\bthservsdp.dat
2009-05-05 23:33 . 2007-08-02 01:32 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-05 20:12 . 2008-08-21 19:29 137694 ----a-w c:\windows\HPHins15.dat
2009-05-05 19:49 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infpub.dat
2009-05-05 19:49 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-05 19:49 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-05 18:05 . 2008-09-10 02:03 -------- d-----w c:\program files\QuickTime
2009-05-05 18:04 . 2008-08-14 19:35 -------- d-----w c:\program files\Common Files\Apple
2009-05-05 17:43 . 2008-03-08 01:00 -------- d-----w c:\program files\Common Files\AOL
2009-05-04 15:57 . 2008-08-15 19:59 -------- d-----w c:\program files\Uniblue
2009-05-04 02:19 . 2009-05-04 01:14 7316 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-04 00:54 . 2008-03-08 01:18 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-05-04 00:48 . 2007-08-02 01:46 -------- d-----w c:\program files\Sony
2009-04-29 13:44 . 2008-03-08 01:00 -------- d-----w c:\program files\CONEXANT
2009-04-28 19:50 . 2008-08-19 06:02 66387 ----a-w c:\users\Kevin\AppData\Roaming\nvModes.dat
2009-04-25 01:48 . 2008-08-14 15:49 78224 ----a-w c:\users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-24 18:46 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-01 18:34 . 2009-04-01 18:34 231176 ----a-w c:\windows\system32\PDBoot.exe
2009-04-01 00:30 . 2008-12-31 02:15 -------- d-----w c:\program files\PeerGuardian2
2009-03-27 12:14 . 2007-08-02 01:36 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-25 16:34 . 2007-08-02 01:51 -------- d-----w c:\program files\Java
2009-03-25 16:11 . 2009-03-25 16:10 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-24 18:50 . 2009-03-24 18:50 -------- d-----w c:\program files\Ableton
2009-03-23 01:40 . 2007-08-02 01:49 -------- d-----w c:\program files\Common Files\Adobe
2009-03-17 03:38 . 2009-04-16 17:30 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 17:30 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-16 01:46 . 2009-03-16 01:46 -------- d-----w c:\program files\Ventrilo
2009-03-16 01:42 . 2009-03-16 01:42 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-11 19:50 . 2009-03-11 19:50 -------- d-----w c:\program files\ImgBurn
2009-03-11 19:39 . 2009-03-11 19:39 -------- d-----w c:\program files\Smart Projects
2009-03-09 09:19 . 2009-01-02 22:17 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-16 17:31 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 17:31 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 17:30 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 17:31 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 17:31 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 17:31 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 17:30 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 17:31 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 17:31 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 17:31 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 17:31 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 17:31 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 17:30 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-16 17:30 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-09 03:10 . 2009-03-11 08:58 2033152 ----a-w c:\windows\system32\win32k.sys
2008-09-23 23:40 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2007-08-02 01:57 . 2007-08-02 01:54 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-05-09_16.07.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-26 02:44 . 2006-08-26 02:44 89600 c:\windows\System32\atl71.dll
+ 2008-09-23 23:35 . 2009-05-10 00:44 429998 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-07-11 22:35 . 2006-07-11 22:35 348160 c:\windows\System32\msvcr71.dll
- 2003-02-21 11:42 . 2003-02-21 11:42 348160 c:\windows\System32\msvcr71.dll
+ 2006-07-11 22:35 . 2006-07-11 22:35 503808 c:\windows\System32\msvcp71.dll
+ 2008-03-08 01:29 . 2007-08-12 00:05 511328 c:\windows\System32\capicom.dll
+ 2006-08-26 03:47 . 2006-08-26 03:47 1053184 c:\windows\System32\mfc71u.dll
- 2006-07-12 03:02 . 2006-07-12 03:02 1053184 c:\windows\System32\MFC71u.dll
+ 2006-08-26 03:23 . 2006-08-26 03:23 1060864 c:\windows\System32\mfc71.dll
- 2006-07-12 02:43 . 2006-07-12 02:43 1060864 c:\windows\System32\MFC71.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w c:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 317560]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 53248]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 45056]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-29 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-29 92704]

c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\program files\Dropbox\Dropbox.exe [2008-9-26 24096981]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-6-22 739880]
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 02:26 98304 ----a-w c:\windows\System32\VESWinlogon.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"midi8"= mapledxp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D0A3F532-AD36-4BE6-ADDA-EB0A8327438D}"= UDP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{985CE9C9-EB77-449F-A6ED-F103D35C1B39}"= TCP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{8CEDA0E0-B9D1-4418-86C0-43C2D35CD6EB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E89F75D5-D2B9-40A5-9395-0428EA23BE49}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AA50AFF4-FB6F-4789-B23D-7D532BA44D81}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{CFDE309B-6830-4A72-A5F3-D5BB8FED22E9}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{829295B9-343B-4DEA-B282-1BDF67A8C638}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{9EA13495-652F-42D8-86FD-67A07A53036A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{B0A486CD-FC9B-4F87-818A-5D9EB595FA22}c:\\program files\\deusty\\mojo\\mojo.exe"= UDP:c:\program files\deusty\mojo\mojo.exe:Mojo
"UDP Query User{E5EBB115-18D3-402D-BB73-DF39727D2420}c:\\program files\\deusty\\mojo\\mojo.exe"= TCP:c:\program files\deusty\mojo\mojo.exe:Mojo
"TCP Query User{CD9E9C9A-CCCE-46DF-ACE9-52B47885C446}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{A567F42E-B199-4754-B0D2-CD79B1114367}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java™ Platform SE binary
"{0E77CA67-6B7C-4A9C-B612-821A86927C84}"= UDP:c:\program files\Diablo II\Diablo II.exe:Diablo II - Lord of Destruction
"{F609FF6A-6498-4388-BB63-A90C09B2FEDF}"= TCP:c:\program files\Diablo II\Diablo II.exe:Diablo II - Lord of Destruction
"{E287BCCB-1FC8-4071-9A79-F70D9C03EDBD}"= UDP:c:\program files\Uniblue\PowerSuite\PowerSuite.exe:PowerSuite
"{6B0E3AB4-1316-4E1D-A29C-9BE4204E62ED}"= TCP:c:\program files\Uniblue\PowerSuite\PowerSuite.exe:PowerSuite
"{9B2DBAE2-618D-4EAC-B085-44FB1AA00074}"= UDP:c:\program files\Uniblue\SpyEraser\SpyEraser.exe:SpyEraser
"{24D5E23D-B3E8-44AB-991B-4C7155E7E307}"= TCP:c:\program files\Uniblue\SpyEraser\SpyEraser.exe:SpyEraser
"{4CC10D34-68C7-4133-858B-9A96549AA613}"= UDP:c:\program files\i2p\i2p.exe:Start I2P (no window)
"{6BC3589E-6DDA-43EA-AE93-D7921542973E}"= TCP:c:\program files\i2p\i2p.exe:Start I2P (no window)
"{4BB3A6FE-2DA4-46EF-906D-7F5763F156B1}"= UDP:c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe:SpeedUpMyPC 3
"{59F87675-8093-44A9-93C0-939C6996BD9E}"= TCP:c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe:SpeedUpMyPC 3
"{6616F0B3-DAED-465B-842F-EF9925AE6CFC}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{2F2A5982-CF86-4696-9EEB-3BF654523A12}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{17961E8F-A42C-4A9B-BD69-1F3BCBA86C00}"= UDP:c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe:RegistryBooster 2
"{0CEF7815-2DBC-4695-9923-2879D4A986FB}"= TCP:c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe:RegistryBooster 2
"TCP Query User{BC76FAAD-0C2F-428A-AE6D-0E71E34CBF51}c:\\program files\\vuze\\azureus.exe"= Disabled:UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{D48F074E-9EF9-48D4-A1B4-52C20BFBD7CD}c:\\program files\\vuze\\azureus.exe"= Disabled:TCP:c:\program files\vuze\azureus.exe:Azureus
"{601EF037-9DD8-41F0-88A7-96A7B5DD29DB}"= UDP:c:\program files\DC++\DCPlusPlus.exe:DC++
"{D5C7A546-22E9-4D3C-B938-6DAA0555EA58}"= TCP:c:\program files\DC++\DCPlusPlus.exe:DC++
"TCP Query User{C324ED01-3ADA-4DDA-8FE6-316CC641FB04}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{6F1BF4D7-770F-4C9C-8E27-737CB794EAF8}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{23D79993-DF54-4250-8384-86994D0307F9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0C5F57D9-38D2-4921-9151-0EE4067A2F17}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{41DEC0BF-CB26-45FB-96B4-D925A29DF796}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{594B051A-D1A3-489D-82D1-06DF6CE2C814}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{2AEC96D9-AD7A-49B0-80C7-422B0DBA29B3}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{3BE3AFF0-1175-4111-B995-45C81092803F}"= UDP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{13ADAE87-3CC2-45A6-BAE1-BA9E8A3A63BD}"= TCP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{BDB5AF0B-D499-4486-B7F9-FDFFC70FF072}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{5E61B5EA-5BD9-4443-A21A-96AF93D96613}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{610BF845-1EA1-4D60-B0BA-C52CB3BF2832}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{9781D41B-0D67-4E2B-9AC4-1554F0FEFDD5}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{96A7950A-4043-42EA-94B2-6DBAD4427685}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{0EEA5B44-4D66-40CA-8AC1-E70003C83A2F}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{F4CCE4AA-C9CB-46D2-8496-DA3177D5B498}c:\\program files\\orb networks\\orb\\bin\\orb.exe"= UDP:c:\program files\orb networks\orb\bin\orb.exe:Orb Application
"UDP Query User{4BD72DA0-AEAE-4A47-952C-DD9086EF877A}c:\\program files\\orb networks\\orb\\bin\\orb.exe"= TCP:c:\program files\orb networks\orb\bin\orb.exe:Orb Application
"TCP Query User{748E0FFE-25D9-4F63-B33A-8E2F58DCD01C}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{66B5407E-50A0-4451-BA86-AFDF02071AE5}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{65F9B9AD-011D-4F97-B076-1A143A38E952}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{CE4E7D2A-093F-42E3-A1B3-458D7FC8CC26}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
"TCP Query User{5CF5A750-F24F-4342-B229-82B79D1F81B2}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{235C4FC7-59D2-4C56-A39B-536223E23973}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{EBAFA8EB-8E07-4128-BEAA-00FE13FE500D}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{6BED4D87-8556-45DA-B195-0B51146AEC8A}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{A03E8A44-AB6D-4898-BD85-835A22B60E79}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{83439E39-A724-481E-94B8-CC00C4A913EA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DisableNotifications"= 1 (0x1)

R1 mapledxp;mapledxp;c:\windows\System32\drivers\mapledxp.sys [1/2/2009 3:59 PM 24720]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [8/1/2007 9:51 PM 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [8/1/2007 9:51 PM 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [8/1/2007 9:51 PM 31104]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [8/1/2007 9:51 PM 812544]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [8/1/2007 9:34 PM 28464]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [3/7/2008 9:22 PM 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [3/7/2008 9:22 PM 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [3/7/2008 9:22 PM 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [8/1/2007 9:59 PM 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [8/1/2007 10:00 PM 79736]

--- Other Services/Drivers In Memory ---

*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SRTSPX
*Deregistered* - SymEvent
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-10 c:\windows\Tasks\User_Feed_Synchronization-{F2BE1CE1-470E-4484-A433-A0DDA4C83508}.job
- c:\windows\system32\msfeedssync.exe [2008-09-23 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\vtyebn7m.default\
FF - prefs.js: browser.startup.homepage - hxxp://maddox.xmission.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-09 21:41
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3136595455-374927726-2643928706-1002\Software\SecuROM\License information*]
"datasecu"=hex:63,07,f0,d5,f4,f6,eb,2b,ad,f3,cb,e7,fc,c3,f9,b2,e5,18,80,7c,65,
ba,cb,8f,27,8c,19,5b,a4,2d,21,46,d5,87,53,1b,2e,86,6d,45,8f,79,73,73,77,15,\
"rkeysecu"=hex:35,69,63,20,9a,0d,42,63,70,ee,b8,fa,fe,86,65,d6

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3804)
c:\program files\Dropbox\DropboxExt.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
Completion time: 2009-05-10 21:44
ComboFix-quarantined-files.txt 2009-05-10 01:44
ComboFix2.txt 2009-05-10 01:04
ComboFix3.txt 2009-05-09 16:10

Pre-Run: 4,704,251,904 bytes free
Post-Run: 4,660,543,488 bytes free

346 --- E O F --- 2009-05-05 00:40
  • 0

#10
andrewuk
Posted 09 May 2009 - 08:06 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
in this post we will do some general scans to clear out the remnants and ensure nothing else sneaked onto your machine.

the scans will likely take 4 hours, quite possibly much longer. so just let them run.



====STEP 1====
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



====STEP 2====
we will update and re-run your malwarebytes:

double click the malwarebytes icon on your desktop to open the program
  • on the tabs at the top, select Update and then press the Check for Updates button on that page. If an update is found, it will download and install the latest version.
  • once complete (a new version of malwarebytes may download) select the tab Scanner
  • select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



====STEP 3====
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
====STEP 4====
Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post)

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")
In your next reply could i see:
1. the malwarebytes log
2. the superantispyware log
3. the kaspersky log
4. some idea of how your machine is running now

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

Advertisements

#11
Sighte
Posted 10 May 2009 - 01:56 PM

Sighte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
MBAM:
Malwarebytes' Anti-Malware 1.36
Database version: 2104
Windows 6.0.6001 Service Pack 1

5/10/2009 3:55:27 PM
mbam-log-2009-05-10 (15-55-27).txt

Scan type: Full Scan (C:\|)
Objects scanned: 209293
Time elapsed: 3 hour(s), 39 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edit: I'll let you know when I've finished all scans.

Edited by Sighte, 10 May 2009 - 01:56 PM.

  • 0

#12
Sighte
Posted 11 May 2009 - 01:26 PM

Sighte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Superantispyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/11/2009 at 10:28 AM

Application Version : 4.26.1002

Core Rules Database Version : 3885
Trace Rules Database Version: 1833

Scan type : Complete Scan
Total Scan Time : 18:26:36

Memory items scanned : 862
Memory threats detected : 0
Registry items scanned : 8779
Registry threats detected : 0
File items scanned : 1065745
File threats detected : 0

Kaspersky:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, May 11, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, May 11, 2009 17:08:56
Records in database: 2162183
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
H:\

Scan statistics:
Files scanned: 142420
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:40:38

No malware has been detected. The scan area is clean.

The selected area was scanned.


During the scans Norton continued to pop up with auto-protect results on "Trojan Horse". On the last scan, Kaspersky, I had 4 counts of it pop up when the scan was around 98% complete.
  • 0

#13
andrewuk
Posted 11 May 2009 - 02:01 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
there is a reasonable chance that the infections are now in the system restore points, which we clear at the end.

but, before we flush them:

run combofix again by double clicking the icon on your desktop and post the log here.

also, run OTListIT again and go for the shortened log and post the log back hee.

andrewuk
  • 0

#14
Sighte
Posted 11 May 2009 - 03:40 PM

Sighte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ComboFix 09-05-11.01 - Kevin 05/11/2009 17:19.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1013 [GMT -4:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.

2009-05-10 19:59 . 2009-05-10 19:59 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-05-10 19:59 . 2009-05-10 19:59 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com
2009-05-10 19:58 . 2009-05-10 19:58 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-10 19:58 . 2009-05-10 19:58 -------- d-----w c:\users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
2009-05-10 01:59 . 2009-05-10 02:00 -------- d-----w c:\users\Kevin\AppData\Local\Adobe
2009-05-08 03:38 . 2009-05-08 03:38 -------- d-----w c:\users\Kevin\AppData\Local\Blizzard Entertainment
2009-05-07 02:00 . 2009-05-07 02:00 -------- d-----w c:\users\Kevin\AppData\Roaming\Sonic Solutions
2009-05-06 19:38 . 2009-05-06 19:38 -------- d-----w C:\_OTListIt
2009-05-06 19:31 . 2009-05-09 03:18 -------- d-----w C:\Rooter$
2009-05-06 18:30 . 2009-05-06 18:30 -------- d-----w c:\users\Kevin\AppData\Roaming\Malwarebytes
2009-05-06 18:30 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 18:29 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 18:29 . 2009-05-06 18:29 -------- d-----w c:\programdata\Malwarebytes
2009-05-06 18:29 . 2009-05-06 18:29 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-06 18:29 . 2009-05-06 18:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-06 18:28 . 2009-05-06 18:28 -------- d-----w c:\program files\ERUNT
2009-05-06 18:22 . 2009-05-06 18:24 -------- d-----w c:\users\Kevin\.idlerc
2009-05-06 01:07 . 2009-05-06 18:24 -------- d-----w C:\Python
2009-05-05 20:03 . 2009-05-05 23:19 -------- d-----w c:\users\Kevin\AppData\Local\Panda Software
2009-05-05 19:55 . 2009-05-05 19:55 -------- d-----w c:\programdata\sentinel
2009-05-05 19:55 . 2009-05-05 19:55 -------- d-----w c:\users\All Users\sentinel
2009-05-05 19:47 . 2009-05-05 19:47 -------- d-----w c:\programdata\Backup
2009-05-05 19:47 . 2009-05-05 19:47 -------- d-----w c:\users\All Users\Backup
2009-05-05 19:41 . 2009-05-05 23:33 -------- d-----w c:\program files\Common Files\Panda Software
2009-05-05 18:50 . 2009-05-05 18:50 -------- d-----w c:\program files\QT Lite
2009-05-05 17:53 . 2009-05-05 17:53 -------- d-----w c:\program files\WinDirStat
2009-05-05 17:40 . 2009-05-05 17:40 -------- d-----w c:\program files\CCleaner
2009-05-05 17:39 . 2009-05-05 17:39 -------- d-----w c:\users\Kevin\AppData\Roaming\Participatory Culture Foundation
2009-05-05 17:38 . 2009-05-05 17:49 -------- d-----w c:\program files\Trillian
2009-05-05 17:38 . 2009-05-05 17:43 -------- d-----w c:\program files\Participatory Culture Foundation
2009-05-05 03:43 . 2009-05-05 03:44 16742799 ----a-w c:\programdata\vlc-0.9.9-win32.exe
2009-05-05 03:43 . 2009-05-05 03:44 16742799 ----a-w c:\users\All Users\vlc-0.9.9-win32.exe
2009-05-04 02:12 . 2009-05-04 02:12 -------- d-----w c:\program files\Trend Micro
2009-05-04 01:14 . 2009-05-04 02:19 465952 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-04 01:00 . 2009-05-04 02:08 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-05-04 01:00 . 2009-05-04 02:08 -------- d-----w c:\programdata\ParetoLogic
2009-05-04 01:00 . 2009-05-04 02:08 -------- d-----w c:\users\All Users\ParetoLogic
2009-05-04 00:55 . 2009-05-05 23:33 -------- d-----w c:\program files\Panda Security
2009-05-01 22:12 . 2009-05-01 22:20 -------- d-----w c:\program files\Common Files\Axara
2009-05-01 22:12 . 2003-05-22 02:50 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-05-01 19:51 . 2004-09-10 17:50 34820 ----a-w c:\windows\system32\ffdshow.reg
2009-05-01 19:51 . 2007-01-01 09:30 200704 ----a-w c:\windows\system32\TomsMoComp_ff.dll
2009-05-01 19:51 . 2007-03-25 04:51 404480 ----a-w c:\windows\system32\libmplayer.dll
2009-05-01 19:51 . 2007-03-25 04:51 114688 ----a-w c:\windows\system32\libmpeg2_ff.dll
2009-05-01 19:51 . 2007-03-25 04:51 3049984 ----a-w c:\windows\system32\libavcodec.dll
2009-04-29 20:10 . 2009-05-10 15:13 62989 ----a-w c:\programdata\nvModes.dat
2009-04-29 20:10 . 2009-05-10 15:13 62989 ----a-w c:\users\All Users\nvModes.dat
2009-04-29 20:10 . 2009-04-29 20:12 -------- d-----w c:\programdata\NVIDIA
2009-04-29 20:10 . 2009-04-29 20:12 -------- d-----w c:\users\All Users\NVIDIA
2009-04-29 18:17 . 2009-01-29 20:12 203296 ----a-w c:\windows\system32\nvvsvc.exe
2009-04-29 18:17 . 2009-01-29 20:12 453152 ----a-w c:\windows\system32\nvudisp.exe
2009-04-29 18:17 . 2009-01-29 20:12 795104 ----a-w c:\windows\system32\dpinst.exe
2009-04-29 16:24 . 2009-04-29 16:24 -------- d-----w C:\NVIDIA
2009-04-29 13:42 . 2008-07-03 11:11 8704 ----a-w c:\windows\system32\drivers\XAudio.sys
2009-04-29 13:42 . 2008-07-03 11:11 229376 ----a-w c:\windows\system32\UCI32M27.dll
2009-04-29 13:42 . 2008-07-03 11:11 985600 ----a-w c:\windows\system32\drivers\HSX_DPV.sys
2009-04-29 13:42 . 2008-07-03 11:11 661504 ----a-w c:\windows\system32\drivers\HSX_CNXT.sys
2009-04-29 13:42 . 2008-07-03 11:11 209408 ----a-w c:\windows\system32\drivers\HSXHWAZL.sys
2009-04-29 05:35 . 2009-04-29 05:35 -------- d-----w c:\users\Kevin\AppData\Local\Innovative Solutions
2009-04-29 05:28 . 2004-06-14 18:56 427864 ----a-w c:\windows\system32\XceedZip.dll
2009-04-29 05:19 . 2009-04-29 05:19 -------- d-----w c:\program files\PC Drivers HeadQuarters
2009-04-29 05:03 . 2009-04-29 05:03 -------- d-----w c:\programdata\PC Drivers HeadQuarters
2009-04-29 05:03 . 2009-04-29 05:03 -------- d-----w c:\users\All Users\PC Drivers HeadQuarters
2009-04-29 04:43 . 2009-04-29 04:43 -------- d-----w c:\programdata\Raxco
2009-04-29 04:43 . 2009-04-29 04:43 -------- d-----w c:\users\All Users\Raxco
2009-04-29 04:41 . 2009-04-29 04:43 -------- d-----w c:\program files\Raxco
2009-04-29 01:18 . 2009-04-29 04:46 -------- d-----w c:\users\Kevin\AppData\Roaming\IObit
2009-04-29 01:18 . 2009-04-29 01:18 -------- d-----w c:\program files\IObit
2009-04-27 03:39 . 2009-04-27 03:46 -------- d-----w c:\program files\Image-Line
2009-04-25 01:34 . 2009-04-25 01:39 -------- d-----w c:\program files\VirtualDJ
2009-04-24 19:52 . 2009-04-24 19:52 -------- d-----w c:\users\Kevin\AppData\Local\Songbird2
2009-04-24 19:52 . 2009-04-24 19:52 -------- d-----w c:\users\Kevin\AppData\Roaming\Songbird2
2009-04-24 19:51 . 2009-04-25 19:10 -------- d-----w c:\program files\Songbird
2009-04-24 18:41 . 2009-04-27 03:39 -------- d-----w c:\program files\VstPlugins
2009-04-24 18:35 . 2009-04-24 18:35 -------- d-----w c:\program files\Outsim
2009-04-16 22:12 . 2008-08-18 02:09 117760 ----a-w c:\windows\system32\hpzll64X.dll
2009-04-16 17:30 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-15 02:42 . 2009-04-15 02:42 2134016 ----a-w c:\windows\system32\python26.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 21:15 . 2008-03-08 01:28 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-11 21:15 . 2008-08-14 19:03 -------- d-----w c:\program files\Symantec
2009-05-11 21:14 . 2008-08-14 19:03 -------- d-----w c:\program files\Symantec AntiVirus
2009-05-10 19:57 . 2009-03-16 01:42 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-10 01:52 . 2007-08-02 01:03 1660 ----a-w c:\windows\bthservsdp.dat
2009-05-08 16:04 . 2008-08-19 05:56 -------- d-----w c:\program files\Diablo II
2009-05-05 23:33 . 2007-08-02 01:32 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-05 20:12 . 2008-08-21 19:29 137694 ----a-w c:\windows\HPHins15.dat
2009-05-05 19:49 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infpub.dat
2009-05-05 19:49 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-05 19:49 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-05 18:05 . 2008-09-10 02:03 -------- d-----w c:\program files\QuickTime
2009-05-05 18:04 . 2008-08-14 19:35 -------- d-----w c:\program files\Common Files\Apple
2009-05-05 17:43 . 2008-03-08 01:00 -------- d-----w c:\program files\Common Files\AOL
2009-05-04 15:57 . 2008-08-15 19:59 -------- d-----w c:\program files\Uniblue
2009-05-04 02:19 . 2009-05-04 01:14 7316 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-04 00:54 . 2008-03-08 01:18 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-05-04 00:48 . 2007-08-02 01:46 -------- d-----w c:\program files\Sony
2009-04-29 13:44 . 2008-03-08 01:00 -------- d-----w c:\program files\CONEXANT
2009-04-28 19:50 . 2008-08-19 06:02 66387 ----a-w c:\users\Kevin\AppData\Roaming\nvModes.dat
2009-04-25 01:48 . 2008-08-14 15:49 78224 ----a-w c:\users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-24 18:46 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-01 18:34 . 2009-04-01 18:34 231176 ----a-w c:\windows\system32\PDBoot.exe
2009-04-01 00:30 . 2008-12-31 02:15 -------- d-----w c:\program files\PeerGuardian2
2009-03-27 12:14 . 2007-08-02 01:36 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-25 16:34 . 2007-08-02 01:51 -------- d-----w c:\program files\Java
2009-03-25 16:11 . 2009-03-25 16:10 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-24 18:50 . 2009-03-24 18:50 -------- d-----w c:\program files\Ableton
2009-03-23 01:40 . 2007-08-02 01:49 -------- d-----w c:\program files\Common Files\Adobe
2009-03-17 03:38 . 2009-04-16 17:30 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 17:30 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-16 01:46 . 2009-03-16 01:46 -------- d-----w c:\program files\Ventrilo
2009-03-09 09:19 . 2009-01-02 22:17 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-16 17:31 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 17:31 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 17:30 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 17:31 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 17:31 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 17:31 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 17:30 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 17:31 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 17:31 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 17:31 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 17:31 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 17:31 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 17:30 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-13 08:49 . 2009-04-16 17:30 72704 ----a-w c:\windows\system32\secur32.dll
2008-09-23 23:40 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2007-08-02 01:57 . 2007-08-02 01:54 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-05-09_16.07.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2009-05-10 01:57 89672 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-08 00:59 . 2009-05-11 17:34 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-03-08 00:59 . 2009-05-09 15:50 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-08 00:59 . 2009-05-11 17:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-08 00:59 . 2009-05-09 15:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-08 00:59 . 2009-05-11 17:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-08 00:59 . 2009-05-09 15:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-08-26 02:44 . 2006-08-26 02:44 89600 c:\windows\System32\atl71.dll
+ 2009-05-10 19:58 . 2009-05-10 19:58 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2009-05-10 19:58 . 2009-05-10 19:58 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-10-08 04:45 . 2009-05-10 01:52 3978 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-10-08 04:45 . 2009-05-05 20:13 3978 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-08-14 15:47 . 2009-05-10 01:57 7708 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3136595455-374927726-2643928706-1002_UserData.bin
- 2008-08-14 15:47 . 2009-05-06 19:24 7708 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3136595455-374927726-2643928706-1002_UserData.bin
- 2009-05-06 19:21 . 2009-05-06 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-10 01:53 . 2009-05-10 01:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-10 01:53 . 2009-05-10 01:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-06 19:21 . 2009-05-06 19:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-09-23 23:35 . 2009-05-10 15:13 431372 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-05-06 19:30 604012 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-10 02:01 604012 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-06 19:30 105040 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-10 02:01 105040 c:\windows\System32\perfc009.dat
+ 2006-07-11 22:35 . 2006-07-11 22:35 348160 c:\windows\System32\msvcr71.dll
- 2003-02-21 11:42 . 2003-02-21 11:42 348160 c:\windows\System32\msvcr71.dll
+ 2006-07-11 22:35 . 2006-07-11 22:35 503808 c:\windows\System32\msvcp71.dll
+ 2008-03-08 01:29 . 2007-08-12 00:05 511328 c:\windows\System32\capicom.dll
- 2006-07-12 03:02 . 2006-07-12 03:02 1053184 c:\windows\System32\MFC71u.dll
+ 2006-08-26 03:47 . 2006-08-26 03:47 1053184 c:\windows\System32\mfc71u.dll
+ 2006-08-26 03:23 . 2006-08-26 03:23 1060864 c:\windows\System32\mfc71.dll
- 2006-07-12 02:43 . 2006-07-12 02:43 1060864 c:\windows\System32\MFC71.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 07:20 143360 ----a-w c:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 317560]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 53248]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 45056]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-29 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-29 92704]

c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\program files\Dropbox\Dropbox.exe [2008-9-26 24096981]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-6-22 739880]
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 02:26 98304 ----a-w c:\windows\System32\VESWinlogon.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"midi8"= mapledxp.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D0A3F532-AD36-4BE6-ADDA-EB0A8327438D}"= UDP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{985CE9C9-EB77-449F-A6ED-F103D35C1B39}"= TCP:c:\program files\Sony\LocationFreePlayer\LFPC3\LFPC3.exe:LocationFree Player
"{8CEDA0E0-B9D1-4418-86C0-43C2D35CD6EB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E89F75D5-D2B9-40A5-9395-0428EA23BE49}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AA50AFF4-FB6F-4789-B23D-7D532BA44D81}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{CFDE309B-6830-4A72-A5F3-D5BB8FED22E9}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{829295B9-343B-4DEA-B282-1BDF67A8C638}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{9EA13495-652F-42D8-86FD-67A07A53036A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{B0A486CD-FC9B-4F87-818A-5D9EB595FA22}c:\\program files\\deusty\\mojo\\mojo.exe"= UDP:c:\program files\deusty\mojo\mojo.exe:Mojo
"UDP Query User{E5EBB115-18D3-402D-BB73-DF39727D2420}c:\\program files\\deusty\\mojo\\mojo.exe"= TCP:c:\program files\deusty\mojo\mojo.exe:Mojo
"TCP Query User{CD9E9C9A-CCCE-46DF-ACE9-52B47885C446}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{A567F42E-B199-4754-B0D2-CD79B1114367}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java™ Platform SE binary
"{0E77CA67-6B7C-4A9C-B612-821A86927C84}"= UDP:c:\program files\Diablo II\Diablo II.exe:Diablo II - Lord of Destruction
"{F609FF6A-6498-4388-BB63-A90C09B2FEDF}"= TCP:c:\program files\Diablo II\Diablo II.exe:Diablo II - Lord of Destruction
"{E287BCCB-1FC8-4071-9A79-F70D9C03EDBD}"= UDP:c:\program files\Uniblue\PowerSuite\PowerSuite.exe:PowerSuite
"{6B0E3AB4-1316-4E1D-A29C-9BE4204E62ED}"= TCP:c:\program files\Uniblue\PowerSuite\PowerSuite.exe:PowerSuite
"{9B2DBAE2-618D-4EAC-B085-44FB1AA00074}"= UDP:c:\program files\Uniblue\SpyEraser\SpyEraser.exe:SpyEraser
"{24D5E23D-B3E8-44AB-991B-4C7155E7E307}"= TCP:c:\program files\Uniblue\SpyEraser\SpyEraser.exe:SpyEraser
"{4CC10D34-68C7-4133-858B-9A96549AA613}"= UDP:c:\program files\i2p\i2p.exe:Start I2P (no window)
"{6BC3589E-6DDA-43EA-AE93-D7921542973E}"= TCP:c:\program files\i2p\i2p.exe:Start I2P (no window)
"{4BB3A6FE-2DA4-46EF-906D-7F5763F156B1}"= UDP:c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe:SpeedUpMyPC 3
"{59F87675-8093-44A9-93C0-939C6996BD9E}"= TCP:c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe:SpeedUpMyPC 3
"{6616F0B3-DAED-465B-842F-EF9925AE6CFC}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{2F2A5982-CF86-4696-9EEB-3BF654523A12}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{17961E8F-A42C-4A9B-BD69-1F3BCBA86C00}"= UDP:c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe:RegistryBooster 2
"{0CEF7815-2DBC-4695-9923-2879D4A986FB}"= TCP:c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe:RegistryBooster 2
"TCP Query User{BC76FAAD-0C2F-428A-AE6D-0E71E34CBF51}c:\\program files\\vuze\\azureus.exe"= Disabled:UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{D48F074E-9EF9-48D4-A1B4-52C20BFBD7CD}c:\\program files\\vuze\\azureus.exe"= Disabled:TCP:c:\program files\vuze\azureus.exe:Azureus
"{601EF037-9DD8-41F0-88A7-96A7B5DD29DB}"= UDP:c:\program files\DC++\DCPlusPlus.exe:DC++
"{D5C7A546-22E9-4D3C-B938-6DAA0555EA58}"= TCP:c:\program files\DC++\DCPlusPlus.exe:DC++
"TCP Query User{C324ED01-3ADA-4DDA-8FE6-316CC641FB04}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{6F1BF4D7-770F-4C9C-8E27-737CB794EAF8}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{23D79993-DF54-4250-8384-86994D0307F9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0C5F57D9-38D2-4921-9151-0EE4067A2F17}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{41DEC0BF-CB26-45FB-96B4-D925A29DF796}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{594B051A-D1A3-489D-82D1-06DF6CE2C814}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{2AEC96D9-AD7A-49B0-80C7-422B0DBA29B3}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{3BE3AFF0-1175-4111-B995-45C81092803F}"= UDP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{13ADAE87-3CC2-45A6-BAE1-BA9E8A3A63BD}"= TCP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{BDB5AF0B-D499-4486-B7F9-FDFFC70FF072}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{5E61B5EA-5BD9-4443-A21A-96AF93D96613}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{610BF845-1EA1-4D60-B0BA-C52CB3BF2832}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{9781D41B-0D67-4E2B-9AC4-1554F0FEFDD5}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{96A7950A-4043-42EA-94B2-6DBAD4427685}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{0EEA5B44-4D66-40CA-8AC1-E70003C83A2F}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{F4CCE4AA-C9CB-46D2-8496-DA3177D5B498}c:\\program files\\orb networks\\orb\\bin\\orb.exe"= UDP:c:\program files\orb networks\orb\bin\orb.exe:Orb Application
"UDP Query User{4BD72DA0-AEAE-4A47-952C-DD9086EF877A}c:\\program files\\orb networks\\orb\\bin\\orb.exe"= TCP:c:\program files\orb networks\orb\bin\orb.exe:Orb Application
"TCP Query User{748E0FFE-25D9-4F63-B33A-8E2F58DCD01C}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{66B5407E-50A0-4451-BA86-AFDF02071AE5}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{65F9B9AD-011D-4F97-B076-1A143A38E952}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{CE4E7D2A-093F-42E3-A1B3-458D7FC8CC26}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
"TCP Query User{5CF5A750-F24F-4342-B229-82B79D1F81B2}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{235C4FC7-59D2-4C56-A39B-536223E23973}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{EBAFA8EB-8E07-4128-BEAA-00FE13FE500D}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{6BED4D87-8556-45DA-B195-0B51146AEC8A}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{A03E8A44-AB6D-4898-BD85-835A22B60E79}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{83439E39-A724-481E-94B8-CC00C4A913EA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DisableNotifications"= 1 (0x1)

R1 mapledxp;mapledxp;c:\windows\System32\drivers\mapledxp.sys [1/2/2009 3:59 PM 24720]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [8/1/2007 9:34 PM 28464]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [8/1/2007 9:51 PM 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [8/1/2007 9:51 PM 43904]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [8/1/2007 9:51 PM 31104]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [8/1/2007 9:51 PM 812544]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [3/7/2008 9:22 PM 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [3/7/2008 9:22 PM 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [3/7/2008 9:22 PM 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [8/1/2007 9:59 PM 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [8/1/2007 10:00 PM 79736]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - EECTRL
*NewlyCreated* - ERASERUTILDRV10741
*NewlyCreated* - ERASERUTILDRV10910
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - NAVENG
*NewlyCreated* - NAVEX15
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASENUM
*NewlyCreated* - SASKUTIL
*NewlyCreated* - SPBBCDRV
*NewlyCreated* - SRTSPX
*Deregistered* - EraserUtilDrv10741
*Deregistered* - EraserUtilDrv10910
*Deregistered* - MBAMSwissArmy
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SPBBCDrv
*Deregistered* - SRTSPX
*Deregistered* - SymEvent
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-11 c:\windows\Tasks\User_Feed_Synchronization-{F2BE1CE1-470E-4484-A433-A0DDA4C83508}.job
- c:\windows\system32\msfeedssync.exe [2008-09-23 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\vtyebn7m.default\
FF - prefs.js: browser.startup.homepage - hxxp://maddox.xmission.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 17:24
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3136595455-374927726-2643928706-1002\Software\SecuROM\License information*]
"datasecu"=hex:63,07,f0,d5,f4,f6,eb,2b,ad,f3,cb,e7,fc,c3,f9,b2,e5,18,80,7c,65,
ba,cb,8f,27,8c,19,5b,a4,2d,21,46,d5,87,53,1b,2e,86,6d,45,8f,79,73,73,77,15,\
"rkeysecu"=hex:35,69,63,20,9a,0d,42,63,70,ee,b8,fa,fe,86,65,d6

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2400)
c:\program files\Dropbox\DropboxExt.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
Completion time: 2009-05-11 17:27
ComboFix-quarantined-files.txt 2009-05-11 21:27
ComboFix2.txt 2009-05-10 01:44
ComboFix3.txt 2009-05-10 01:04
ComboFix4.txt 2009-05-09 16:10

Pre-Run: 3,017,175,040 bytes free
Post-Run: 5,059,936,256 bytes free

397 --- E O F --- 2009-05-05 00:40
  • 0

#15
Sighte
Posted 11 May 2009 - 03:41 PM

Sighte

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTListIt logfile created on: 5/11/2009 5:36:37 PM - Run 5
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.74% Memory free
4.00 Gb Paging File | 3.05 Gb Available in Paging File | 76.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.65 Gb Total Space | 4.13 Gb Free Space | 2.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPPY290
Current User Name: Kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/02/01 01:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Stopped])
SRV - [2008/01/19 03:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 08:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/06/04 22:14:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/06/04 22:14:50 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 21:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/08/11 20:05:27 | 03,093,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2006/12/14 05:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2008/06/08 09:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/06/24 16:05:56 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2009/01/29 16:12:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2006/10/26 23:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 18:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/12/14 04:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2009/04/01 14:34:24 | 00,922,888 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent [Auto | Running])
SRV - [2009/04/01 14:34:26 | 01,025,288 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine [On_Demand | Stopped])
SRV - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
SRV - [2006/12/14 05:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2007/06/12 08:55:28 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\system32\stacsv.exe -- (STacSV [Auto | Running])
SRV - [2007/06/28 11:53:04 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped])
SRV - [2007/07/24 22:26:38 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service [Auto | Running])
SRV - [2007/06/20 19:35:06 | 02,523,136 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer [On_Demand | Stopped])
SRV - [2007/06/20 19:34:50 | 00,397,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP [On_Demand | Stopped])
SRV - [2007/06/20 19:34:50 | 01,089,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP [On_Demand | Stopped])
SRV - [2007/06/20 19:34:52 | 00,499,712 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped])
SRV - [2007/01/10 20:51:06 | 00,745,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer [On_Demand | Stopped])
SRV - [2007/06/20 19:34:50 | 00,397,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP [On_Demand | Stopped])
SRV - [2007/06/20 19:34:50 | 01,089,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP [On_Demand | Stopped])
SRV - [2007/07/13 13:55:56 | 00,292,152 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr [On_Demand | Stopped])
SRV - [2007/07/05 20:43:04 | 00,079,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper [On_Demand | Stopped])
SRV - [2007/06/28 11:52:48 | 00,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw [On_Demand | Running])
SRV - [2007/06/28 11:53:00 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc [Auto | Running])
SRV - [2007/06/28 11:53:02 | 00,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw [Auto | Running])
SRV - [2008/01/19 03:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/07/03 07:11:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])
SRV - [2008/02/01 01:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2008/02/01 01:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/04/03 12:33:06 | 00,031,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/04/03 12:33:24 | 00,121,744 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])
SRV - [2008/04/03 12:33:18 | 01,956,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://maddox.xmission.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/03 16:53:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/05 14:50:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/05 14:50:42 | 00,000,000 | ---D | M]

[2009/04/24 15:52:48 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions
[2008/08/14 12:00:52 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/24 15:52:48 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/05/11 11:01:19 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\vtyebn7m.default\extensions
[2009/02/17 22:30:41 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\vtyebn7m.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2009/04/24 15:11:04 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\vtyebn7m.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/05/05 14:10:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 00:16:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/29 14:00:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/08/14 15:09:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/02 18:17:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/25 12:35:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/28 00:16:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 00:16:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/07 17:38:31 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/07 17:38:31 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/21 12:12:56 | 00,002,216 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\askcom.xml
[2009/03/07 17:38:31 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/07 17:38:31 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/07 17:38:31 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/07 17:38:31 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/07 17:38:31 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (305853 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 10531 more lines...
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" (Sony Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1 (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" (Sony Electronics, Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe ()
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe (Cisco Systems, Inc.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [Bluetooth Namespace] - C:\Windows\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\Windows\system32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== LOP Check ==========

[2009/05/10 15:58:32 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming
[2009/03/24 15:08:20 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Ableton
[2008/08/27 20:51:49 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\AccurateRip
[2008/10/04 14:21:52 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Adobe
[2009/03/10 22:50:34 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Apple Computer
[2009/05/05 20:01:33 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Audacity
[2008/08/17 11:54:28 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Azureus
[2008/09/01 07:17:29 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\CiscoCAA
[2008/10/04 14:21:55 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/04/13 17:11:58 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Corel
[2008/08/18 22:09:26 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DAEMON Tools
[2008/09/11 21:34:38 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\dBpoweramp
[2008/08/21 22:36:03 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Deusty
[2008/08/17 13:31:28 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\DivX
[2009/05/09 21:56:13 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Dropbox
[2008/11/10 00:48:57 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Folding@home-x86
[2008/09/04 12:27:19 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Google
[2008/08/26 15:26:39 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\HP
[2008/08/21 15:39:22 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\HPAppData
[2008/08/14 11:49:36 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Identities
[2009/03/23 12:16:16 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\ImgBurn
[2008/08/15 09:38:16 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\InterVideo
[2009/04/29 00:46:44 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\IObit
[2008/08/14 11:50:08 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Macromedia
[2009/05/06 14:30:10 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Media Center Programs
[2008/11/18 21:13:55 | 00,000,000 | --SD | M] -- C:\Users\Kevin\AppData\Roaming\Microsoft
[2008/08/14 12:00:52 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Mozilla
[2008/08/29 18:05:06 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Nero
[2008/09/23 17:32:42 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\NetMedia Providers
[2009/05/05 13:39:36 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Participatory Culture Foundation
[2008/12/31 02:03:14 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Propellerhead Software
[2008/09/23 17:32:42 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Publish Providers
[2008/08/19 00:08:47 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Roxio
[2008/09/07 19:20:12 | 00,000,000 | R--D | M] -- C:\Users\Kevin\AppData\Roaming\SecuROM
[2009/04/04 17:05:33 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Skype
[2009/04/04 16:07:55 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\skypePM
[2009/04/24 15:52:31 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Songbird2
[2009/05/06 22:00:19 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Sonic Solutions
[2008/12/01 20:33:40 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Sony
[2008/08/14 15:00:45 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Sony Corporation
[2009/05/10 15:58:33 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
[2008/11/18 18:56:28 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Template
[2009/05/04 11:58:12 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\Uniblue
[2009/05/08 23:15:08 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\uTorrent
[2008/12/30 19:58:29 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\VistaAudio
[2008/12/30 20:28:38 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\vlc
[2008/08/15 15:58:38 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\WinRAR
[2009/05/10 18:00:00 | 00,000,442 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2009/05/09 21:53:58 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/05/09 21:52:22 | 00,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/05/02 15:59:00 | 00,000,270 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/08/15 15:59:27 | 00,000,392 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpeedUpMyPC.job
[2008/08/17 22:47:56 | 00,000,338 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpyEraser.job
[2009/05/11 17:35:17 | 00,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F2BE1CE1-470E-4484-A433-A0DDA4C83508}.job

========== Purity Check ==========

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP