Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Skynet Google redirect [Solved]

Started by Advent317 , Aug 04 2009 08:21 PM

This topic is locked

#1
Advent317

Posted 04 August 2009 - 08:21 PM

New Member

Member
6 posts

I got this virus about a month and a half ago. I ordered Windows Vista reformat discs but ultimately decided that I'd really rather not use them. McAfee finds 2 Skynet(insert random letters here).dll files in my system32 folder, but it's not able to remove them. I've tried manually deleting them in safe mode, but that doesn't work either. After recently running MBAM, I get multiple errors on start up, and whenever a new .exe is started. I've included a picture of the error I get, I get a similar one for every different program ran.

Posted Image

Here are my logs.

Malwarebytes' Anti-Malware 1.40
Database version: 2561
Windows 6.0.6001 Service Pack 1

8/4/2009 6:34:23 PM
mbam-log-2009-08-04 (18-34-23).txt

Scan type: Quick Scan
Objects scanned: 87646
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\System32\SKYNETnevwytqc.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\System32\SKYNETnevwytqc.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Windows\System32\SKYNETnevwytqc.dll (Trojan.TDSS) -> Delete on reboot.
C:\Windows\System32\SKYNETnuwtifya.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\SKYNETvrqyeqxs.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\SKYNETporptqmk.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\drivers\SKYNETvldobbnc.sys (Trojan.Agent) -> Quarantined and deleted successfully.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/04 18:57
Program Version: Version 1.3.3.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8D11B000 Size: 753664 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x981D0000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SKYNETvldobbnc.sys
Image Path: C:\Windows\system32\drivers\SKYNETvldobbnc.sys
Address: 0x8B659000 Size: 163840 File Visible: - Signed: -
Status: Hidden from the Windows API!

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1160 Status: Locked to the Windows API!

Hidden Services
-------------------
Service Name: SKYNETdwemtxxj
Image Path: C:\Windows\system32\drivers\SKYNETvldobbnc.sys

==EOF==

OTL logfile created on: 8/4/2009 6:59:36 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Users\mike\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.86% Memory free
4.00 Gb Paging File | 3.45 Gb Available in Paging File | 86.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.82 Gb Total Space | 224.88 Gb Free Space | 77.06% Space Free | Partition Type: NTFS
Drive D: | 6.27 Gb Total Space | 0.59 Gb Free Space | 9.34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKES-PC
Current User Name: mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/05/01 00:07:52 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/05/01 00:07:52 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2006/09/03 11:32:28 | 00,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/09/29 13:38:50 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
PRC - [2006/10/19 14:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/02/27 16:06:27 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdpcoms.exe
PRC - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe
PRC - [2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2008/01/19 00:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2007/10/18 08:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/01 18:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2008/10/28 23:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2006/09/28 06:42:24 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2005/02/02 08:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [2006/09/29 13:39:20 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/09 03:57:52 | 03,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2005/02/17 00:11:42 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/04/14 18:40:53 | 00,185,784 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/11/10 13:23:40 | 00,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2008/03/27 08:15:23 | 00,656,040 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
PRC - [2008/03/27 08:15:26 | 00,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark Z2300 Series\ezprint.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2008/01/19 00:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 00:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008/01/19 00:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/08/03 17:36:32 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2008/07/27 11:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/03/02 19:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009/08/04 18:58:58 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/03/23 00:22:39 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2006/09/11 16:56:20 | 00,188,416 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService [On_Demand | Stopped])
SRV - [2008/07/27 11:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])
SRV - File not found -- -- (CLTNetCnService [Auto | Stopped])
SRV - [2006/09/03 11:32:28 | 00,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService [Auto | Running])
SRV - [2008/01/19 00:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/19 00:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/19 18:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2006/09/29 13:38:50 | 00,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe -- (IAANTMON [Auto | Running])
SRV - [2008/06/19 18:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/05/10 10:13:52 | 00,029,696 | R--- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf [Auto | Stopped])
SRV - [2006/09/11 16:56:32 | 00,075,264 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM [On_Demand | Stopped])
SRV - [2006/10/19 14:52:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2008/02/27 16:06:12 | 00,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\lxdpserv.exe -- (lxdpCATSCustConnectService [Auto | Stopped])
SRV - [2008/02/27 16:06:27 | 00,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdpcoms.exe -- (lxdp_device [Auto | Running])
SRV - [2006/09/01 00:47:56 | 00,026,624 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server [On_Demand | Stopped])
SRV - [2006/09/11 17:01:04 | 00,167,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL [On_Demand | Stopped])
SRV - [2008/01/09 15:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 01:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 09:35:40 | 00,378,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/08/15 12:36:04 | 00,359,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2007/07/24 12:02:14 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\McShield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 10:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2007/07/18 12:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - [2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2008/06/19 18:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/05/01 00:07:52 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2006/09/11 17:02:44 | 00,544,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service [On_Demand | Stopped])
SRV - [2008/05/21 16:57:50 | 00,092,792 | ---- | M] (CACE Technologies, Inc.) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - [2008/01/15 19:01:12 | 00,087,288 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
SRV - File not found -- -- (stllssvr [On_Demand | Stopped])
SRV - [2008/01/19 00:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV - [2008/01/19 00:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2007/10/18 08:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])
SRV - [2008/11/10 13:23:50 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/10 13:23:42 | 00,243,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/04 18:49:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/03 17:36:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/03 17:36:33 | 00,000,000 | ---D | M]

[2008/12/18 20:22:16 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\mozilla\Extensions
[2008/12/18 20:22:16 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/04 18:53:20 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\whi2eif5.default\extensions
[2009/08/04 18:53:20 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\whi2eif5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/05 01:53:00 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\whi2eif5.default\extensions\[email protected]
[2009/08/04 18:53:20 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\mozilla\Firefox\Profiles\whi2eif5.default\extensions\staged-xpis
[2009/08/04 16:41:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/03 17:36:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/11/27 17:30:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/04/02 13:50:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/03 17:36:32 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/03 17:36:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/11/06 09:33:48 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/12/10 17:33:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/03 17:36:32 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/04/14 18:40:58 | 00,144,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/07/10 04:21:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/10 04:21:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/10 04:21:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/10 04:21:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/10 04:21:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/10 04:21:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/10 04:21:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/14 18:41:03 | 00,024,621 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2007/04/14 18:40:56 | 00,081,967 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/12/02 01:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 01:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/02 01:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 01:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 01:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 01:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (734 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll (BitComet)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CCUTRAYICON] File not found
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Z2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/13 02:05:47 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/08/04 18:58:58 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe
[2009/08/04 18:55:00 | 00,000,000 | ---- | C] () -- C:\Users\mike\Desktop\settings.dat
[2009/08/04 18:54:38 | 00,470,528 | ---- | C] ( ) -- C:\Users\mike\Desktop\RootRepeal.exe
[2009/08/04 18:46:55 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/08/04 18:25:23 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/04 18:25:20 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/04 18:25:19 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/04 18:25:19 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/24 10:42:14 | 00,000,000 | ---D | C] -- C:\Users\mike\Desktop\D2NT

========== Files - Modified Within 14 Days ==========

[1 C:\Windows\*.tmp files]
[2009/08/04 18:58:58 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe
[2009/08/04 18:56:20 | 00,717,234 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/04 18:56:20 | 00,613,276 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/04 18:56:20 | 00,108,828 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/04 18:55:00 | 00,000,000 | ---- | M] () -- C:\Users\mike\Desktop\settings.dat
[2009/08/04 18:52:39 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/08/04 18:52:31 | 00,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/08/04 18:51:48 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/04 18:51:48 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/04 18:51:44 | 00,299,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/04 18:51:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/04 18:51:37 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/04 18:50:39 | 00,008,115 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/08/04 18:50:24 | 02,184,068 | -H-- | M] () -- C:\Users\mike\AppData\Local\IconCache.db
[2009/08/04 18:25:23 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/03 04:19:20 | 00,234,496 | ---- | M] () -- C:\Users\mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/01 01:00:08 | 00,000,330 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/07/30 15:45:38 | 00,470,528 | ---- | M] ( ) -- C:\Users\mike\Desktop\RootRepeal.exe

========== LOP Check ==========

[2009/07/20 16:48:43 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming
[2007/03/20 21:36:12 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Aim
[2009/06/09 22:30:15 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\CleanMyPC Software
[2009/01/20 16:36:53 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\dyyno-vlc
[2009/01/18 05:15:23 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\LimeWire
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Media Center Programs
[2009/06/06 07:09:16 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Octoshape
[2009/07/02 18:52:51 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Opera
[2007/05/20 17:03:08 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Publish Providers
[2007/05/20 17:51:59 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Sony
[2009/06/23 22:27:13 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Template
[2009/06/10 13:13:27 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Ventrilo
[2009/06/03 23:16:19 | 00,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Xfire
[2009/07/15 01:17:08 | 00,000,338 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2009/08/01 01:00:08 | 00,000,330 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/08/04 18:51:40 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/04 18:50:39 | 00,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
< End of report >

OTL Extras logfile created on: 8/4/2009 6:59:36 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Users\mike\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.86% Memory free
4.00 Gb Paging File | 3.45 Gb Available in Paging File | 86.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.82 Gb Total Space | 224.88 Gb Free Space | 77.06% Space Free | Partition Type: NTFS
Drive D: | 6.27 Gb Total Space | 0.59 Gb Free Space | 9.34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIKES-PC
Current User Name: mike
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13DF61D4-32EF-42E5-84ED-E9C40020FA87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C97539A-F0F6-44B2-A880-5474394903CD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D0F3CA3-810D-4548-B947-6B36DB745317}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{279A32B8-A5F6-443A-8397-8E04E4642395}" = lport=10243 | protocol=6 | dir=in | app=system |
"{28493F0D-1DFB-4022-883A-07FC700374DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DCF90E4-5A07-473B-AF40-B274289B4604}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2EC653A3-D57B-4E4D-9F6D-C3660B6737EF}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{3B251B6B-74DA-4F7D-9D46-659A84A30C05}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3C2F8DF3-1301-435B-B020-770F85C0243D}" = lport=15944 | protocol=6 | dir=in | name=bitcomet 15944 tcp |
"{43463EBA-F99E-4763-9BC4-9A97620A3D04}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4F4CBB98-0FD8-4A4E-BF3D-C1FB8F72B216}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{53F08733-FE3E-470F-AB3F-E73A3DE7FFC0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BAB0A3C-77E5-41DF-9DF2-BBE413409AD9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6AF67E51-70AE-4F13-8B38-F52C63313D64}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6CBA5E7A-FFBF-4E87-89CC-E59CFE7A4E5E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E774F62-D7A7-4B27-A3D3-33CE2E48A812}" = lport=15944 | protocol=17 | dir=in | name=bitcomet 15944 udp |
"{82A29BD2-1113-4928-A682-4EE6C04D6BE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{953788BE-964D-4E69-8FFC-84E51291BDA3}" = lport=15944 | protocol=17 | dir=in | name=bitcomet 15944 udp |
"{A74532B9-5D58-433D-80F7-5B8EBF01C3FC}" = lport=15944 | protocol=6 | dir=in | name=bitcomet 15944 tcp |
"{ABDE1266-7267-42B7-A015-0EF3E496FB3A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B59D297F-7D32-454E-AF52-E00939E0B17A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D26C4A82-9944-4890-BC6B-DE17FE21F061}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |
"{F0D17190-FF92-4BAA-AEF1-2533A5C22837}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0405E4FF-28B2-43C5-B3E8-5A57A491FBF0}" = protocol=17 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
"{07A50D74-0FA7-4AA9-85E4-7A2693463C34}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{0CB47B6F-15A6-48B8-963C-7EEFC73B4A91}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{0F215013-42D6-4D48-BB4B-82757AF9C2EC}" = protocol=6 | dir=out | app=system |
"{16326F32-2744-4746-8CC3-9FD8AFF162B7}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{1A344C15-957D-4553-8FD1-E465E4AEA080}" = protocol=17 | dir=in | app=c:\program files\lexmark z2300 series\lxdpmon.exe |
"{1A356935-5C9E-4C5B-AE44-064D62C9757C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{26533726-96EB-4629-AF99-BEF0CCDCC568}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{316EE2AB-2692-4777-A20B-A5CB5D2584FB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdpjswx.exe |
"{33958260-E65D-400B-B7E7-801CBED7E1AF}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{3DFCB5BA-185C-46D4-A6D2-209F3F3E921F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{43454CB3-E854-4992-8071-2B4A139B4994}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe |
"{4BCFCF93-5B1B-4E61-84DF-FDA39531591E}" = protocol=6 | dir=in | app=c:\windows\system32\lxdpcoms.exe |
"{4EA4BE56-8F98-455B-BF45-EE07D024F6D8}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{50BA087C-CCCA-450E-B7B4-21CD776FB9D5}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{51134040-1FE1-4BF2-A758-C01AE1F5167C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5FFBA407-C614-4B0B-9C36-F132ED069CFD}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6058827D-0F8C-4F86-99EB-A00F68027461}" = protocol=17 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{6621A446-A6D7-4747-9CF9-7DA022345AB3}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdpjswx.exe |
"{66D1B9B8-8BC2-47B1-8965-41F9D67A01D7}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe |
"{69CB2C4D-AB33-4BC4-A9F1-5C9AB142FDBB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6B8DD3B4-26F7-44FF-BD18-654AE143B603}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{6C68C27B-3CB0-4E51-9EB7-61F0E90ECF27}" = protocol=6 | dir=in | app=%programfiles%\zune\zunenss.exe |
"{6CE88AD0-CBEB-455E-8E6A-237C009C13B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6DF627C4-8D11-4E21-A762-DE2F80C88C2A}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{6DF9A3E3-28A8-4CFC-B4A5-EFA5011943D8}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{724291FA-1391-4CFF-BEC0-2315FA2A9F20}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{73051E9E-48C5-4094-BAC7-1625D0452781}" = protocol=6 | dir=in | app=c:\program files\lexmark z2300 series\lxdpmon.exe |
"{7383959F-227E-436F-AE27-ED5C503ACD62}" = protocol=6 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{871233F9-4955-4B71-BE1F-434F0DDF46CB}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8E44B1D7-61AE-4EA0-B4DF-E8BD2FB72BFE}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{958AB51E-0D90-4E4D-8A70-E481E1E39BA4}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdptime.exe |
"{9FF4F934-A680-4E5C-8E24-A1DFFF90B15D}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{A12A9D95-6C74-43DC-8B5A-977BE9ADA914}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BB189965-D8DB-48E1-AACD-8FF587565D64}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"{BD00015C-8497-4F54-BF32-31B21905CEF6}" = protocol=6 | dir=in | app=c:\program files\zune\zune.exe |
"{C345F47C-F25D-42EC-B166-ADD5E83163F9}" = protocol=6 | dir=in | app=c:\users\mike\appdata\local\dyyno receiver\dppm.exe |
"{CC3CFB39-55AE-48F8-A710-9D1555A8B34F}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{D08C2BA9-9117-4D84-A377-43A78597EDB1}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{D22076C2-225B-49F6-9367-2F1B4582FDB1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D7EAFD67-11CD-4C23-9036-BC2C57DFB99D}" = protocol=6 | dir=out | app=system |
"{DEB4D37E-BA2A-4C35-8FA5-65B466176DAE}" = protocol=17 | dir=out | app=%programfiles%\zune\zunenss.exe |
"{E2E1520F-6349-4DE5-9A87-2F77B796C391}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{E2F02031-5C8B-41D5-933B-C0CC19A8169A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdptime.exe |
"{EB49869E-D06C-468D-8678-1153574A55BB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{ED6F78FF-8396-4E80-B267-4B7DE7911E0D}" = protocol=17 | dir=in | app=c:\users\mike\appdata\local\dyyno receiver\dppm.exe |
"{F2F69701-FB4C-4F08-87D0-E8009CE9A487}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{F3EB1F4A-FD54-4928-AD91-0F37E790F0DB}" = protocol=17 | dir=in | app=c:\program files\zune\zune.exe |
"{FD0A806F-A5C3-4C92-A2A4-7638F75CBA15}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"TCP Query User{05489AA6-09E3-40D4-8BD0-A731BA9B055A}C:\program files\steam\steamapps\advent317\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\advent317\counter-strike source\hl2.exe |
"TCP Query User{055A898B-19C8-440B-9CAB-F001E7E4BC95}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"TCP Query User{608C887F-1509-413F-975C-E5A89754C878}C:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.10.6448-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.10.6448-enus-downloader.exe |
"TCP Query User{6AE7A773-F1E1-4DF9-9916-DA79110AC3B2}C:\program files\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"TCP Query User{7B0A3ED4-1E7A-4B5F-A51A-8B54569EF45E}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{88D27C42-E0E7-4D1F-8A64-D601B3F24E1E}C:\program files\world of warcraft\wow-2.0.10.6448-to-2.0.12.6546-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.0.10.6448-to-2.0.12.6546-enus-downloader.exe |
"TCP Query User{92E8C932-E3CE-4671-A0C7-3035ABF5535F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{BCE20CBD-2813-4A27-B251-2BD6E61F37CD}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"TCP Query User{DC918CFD-2383-4CFC-9DBF-70615AD8A49C}C:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe |
"UDP Query User{04E4C336-6076-4F34-ADBD-12F642B80428}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{20F66735-E323-4F19-8DA2-1950ACC567A9}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{47427664-CD1C-4079-9341-C5E13DB8DB25}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{605F0902-3D2F-41FB-935B-BBBDD0BDEBA0}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe |
"UDP Query User{61DA4CC9-5A3F-46AF-A1F3-03B3F7EA9F30}C:\program files\steam\steamapps\advent317\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\advent317\counter-strike source\hl2.exe |
"UDP Query User{62B34A79-37B1-4177-8778-14DDEFAD1B5F}C:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe |
"UDP Query User{646D8D43-6E88-43DC-86DC-AC33A35FD855}C:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.10.6448-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.10.6448-enus-downloader.exe |
"UDP Query User{99137096-65A7-4EDC-B9D5-52E28FE38DCA}C:\program files\world of warcraft\wow-2.0.10.6448-to-2.0.12.6546-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.0.10.6448-to-2.0.12.6546-enus-downloader.exe |
"UDP Query User{B6FAC60B-0EAE-49D7-BA41-7830943A3DC7}C:\program files\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{0373779B-A362-4B2E-B8E9-7442F19F9394}" = HP Total Care Advisor
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{251C3815-7A55-4607-A82D-C3B98F0FBAB8}" = Sony Vegas 7.0
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}" = Sony Media Manager 2.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{C3DC29BC-A8CF-4578-9DFC-37F049C44771}" = OcxSetup
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AOL Instant Messenger" = AOL Instant Messenger
"BitComet" = BitComet 0.85
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DyynoPlayer" = DyynoPlayer 0.8.6f.2
"Fraps" = Fraps (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"hon" = Heroes of Newerth
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"Intel® Configuration Center" = Intel® Viiv™ Software
"Lexmark Z2300 Series" = Lexmark Z2300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"RealPlayer 6.0" = RealPlayer
"ViewpointMediaPlayer" = Viewpoint Media Player
"Warcraft III" = Warcraft III
"Winamp" = Winamp (remove only)
"WinPcapInst" = WinPcap 4.1 beta4
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Steam App 240" = Counter-Strike: Source
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2009 4:30:42 AM | Computer Name = Mikes-PC | Source = System Restore | ID = 8193
Description =

Error - 6/30/2009 4:30:42 AM | Computer Name = Mikes-PC | Source = System Restore | ID = 8210
Description =

Error - 7/1/2009 3:24:30 AM | Computer Name = Mikes-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/1/2009 3:41:36 PM | Computer Name = Mikes-PC | Source = Application Error | ID = 1000
Description = Faulting application kbd.exe, version 1.0.2.2, time stamp 0x420165d6,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000005, fault offset 0x0006a786, process id 0x1bc, application start time
0x01c9fa83d94637da.

Error - 7/1/2009 7:17:04 PM | Computer Name = Mikes-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/2/2009 8:51:20 PM | Computer Name = Mikes-PC | Source = Application Error | ID = 1000
Description = Faulting application Bridge.exe, version 1.0.0.545, time stamp 0x42434fb1,
faulting module ScCore.dll, version 3.6.52.0, time stamp 0x42430737, exception
code 0xc0000005, fault offset 0x000298fe, process id 0xe50, application start time
0x01c9fb785a0ec7d6.

Error - 7/8/2009 7:55:08 AM | Computer Name = Mikes-PC | Source = Application Hang | ID = 1002
Description = The program ImageReady.exe version 9.0.0.196 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 3bb8 Start Time: 01c9ffc2bd9eae93 Termination Time: 28

Error - 7/13/2009 12:30:16 PM | Computer Name = Mikes-PC | Source = EventSystem | ID = 4609
Description =

Error - 7/13/2009 5:22:02 PM | Computer Name = Mikes-PC | Source = Application Error | ID = 1000
Description = Faulting application kbd.exe, version 1.0.2.2, time stamp 0x420165d6,
faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000005, fault offset 0x0006a786, process id 0x794, application start time
0x01ca03ffdd102556.

Error - 7/23/2009 6:59:30 AM | Computer Name = Mikes-PC | Source = Application Error | ID = 1000
Description = Faulting application RunDLL32.exe, version 6.0.6000.16386, time stamp
0x4549b0e1, faulting module lmpgspl.ax, version 4.0.0.157, time stamp 0x4497e991,
exception code 0xc0000005, fault offset 0x0000166a, process id 0xb40, application
start time 0x01ca0b84a6733c58.

[ System Events ]
Error - 8/4/2009 11:46:19 AM | Computer Name = Mikes-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/4/2009 11:46:19 AM | Computer Name = Mikes-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/4/2009 9:36:38 PM | Computer Name = Mikes-PC | Source = HTTP | ID = 15016
Description =

Error - 8/4/2009 9:38:24 PM | Computer Name = Mikes-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/4/2009 9:38:24 PM | Computer Name = Mikes-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/4/2009 9:38:24 PM | Computer Name = Mikes-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/4/2009 9:51:48 PM | Computer Name = Mikes-PC | Source = HTTP | ID = 15016
Description =

Error - 8/4/2009 9:53:12 PM | Computer Name = Mikes-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/4/2009 9:53:12 PM | Computer Name = Mikes-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 8/4/2009 9:53:12 PM | Computer Name = Mikes-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

#2
handhfan

Posted 05 August 2009 - 07:46 AM

Trusted Helper

Expert
13,659 posts

Hello, Advent317, and welcome to GeeksToGo!

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#3
Advent317

Posted 05 August 2009 - 06:51 PM

New Member

Topic Starter
Member
6 posts

After running ComboFix and the automatic restart that follows, I was unable to open any program. I would get an error saying the following: "Illegal operation attempted on a registry key that has been marked for deletion." Upon restarting manually I could open programs again, and my desktop background was changed to default if that matters at all. Here's my log.

ComboFix 09-08-04.04 - mike 08/05/2009 17:22.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.1331 [GMT -7:00]
Running from: c:\users\mike\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3670496320-3314583002-3242317712-500
c:\recycler\S-1-5-21-4849399835-8390233159-709158143-1971
c:\windows\system32\drivers\SKYNETvldobbnc.sys
c:\windows\system32\SKYNETnevwytqc.dll
c:\windows\system32\SKYNETporptqmk.dll
c:\windows\system32\SKYNETvrqyeqxs.dat

.
((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-06 00:30 . 2009-08-06 00:32 -------- d-----w- c:\users\mike\AppData\Local\temp
2009-08-06 00:30 . 2009-08-06 00:30 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2009-08-06 00:30 . 2009-08-06 00:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-05 01:25 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 01:25 . 2009-08-05 01:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 01:25 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-18 03:59 . 2008-10-10 11:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-07-18 03:59 . 2008-10-10 11:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-07-18 03:59 . 2008-10-10 11:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-07-18 03:59 . 2009-08-04 08:40 -------- d-----w- c:\program files\Heroes of Newerth
2009-07-13 15:44 . 2009-07-13 16:49 -------- d-----w- c:\programdata\13266814
2009-07-10 11:20 . 2009-07-10 11:21 -------- d-----w- c:\program files\QuickTime
2009-07-10 11:20 . 2009-07-10 11:20 -------- d-----w- c:\programdata\Apple Computer
2009-07-10 11:20 . 2009-07-10 11:20 -------- d-----w- c:\users\mike\AppData\Local\Apple
2009-07-10 11:19 . 2009-07-10 11:19 -------- d-----w- c:\program files\Apple Software Update
2009-07-10 11:19 . 2009-07-10 11:19 -------- d-----w- c:\programdata\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 00:32 . 2009-05-17 13:46 31776 ----a-w- c:\programdata\nvModes.dat
2009-08-05 14:40 . 2009-06-21 03:41 -------- d-----w- c:\program files\Diablo II
2009-08-05 01:50 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-21 21:52 . 2009-08-05 01:46 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-05 01:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-05 01:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-05 01:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-20 23:48 . 2009-06-24 05:27 716 ----a-w- c:\users\mike\AppData\Roaming\wklnhst.dat
2009-07-20 06:53 . 2009-06-02 04:51 -------- d-----w- c:\programdata\Lx_cats
2009-07-19 01:10 . 2007-03-21 05:13 -------- d-----w- c:\program files\World of Warcraft
2009-07-13 16:24 . 2007-03-21 05:13 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-09 13:03 . 2007-03-22 03:36 -------- d-----w- c:\program files\Warcraft III
2009-07-01 19:40 . 2009-07-01 05:56 -------- d-----w- c:\program files\McAfee
2009-07-01 05:58 . 2009-07-01 05:52 -------- d-----w- c:\programdata\McAfee
2009-07-01 05:56 . 2009-07-01 05:56 -------- d-----w- c:\program files\Common Files\McAfee
2009-07-01 05:56 . 2009-07-01 05:56 -------- d-----w- c:\program files\McAfee.com
2009-06-28 12:35 . 2006-12-13 09:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-28 06:47 . 2009-06-28 06:47 -------- d-----w- c:\users\mike\AppData\Roaming\Malwarebytes
2009-06-28 06:47 . 2009-06-28 06:47 -------- d-----w- c:\programdata\Malwarebytes
2009-06-28 03:14 . 2007-03-22 03:17 -------- d-----w- c:\program files\Java
2009-06-28 02:50 . 2009-06-28 02:50 -------- d-----w- c:\program files\Trend Micro
2009-06-24 05:27 . 2009-06-24 05:27 -------- d-----w- c:\users\mike\AppData\Roaming\Template
2009-06-18 09:36 . 2006-12-13 09:07 -------- d-----w- c:\program files\Microsoft Works
2009-06-15 15:24 . 2009-08-05 01:46 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-08-05 01:46 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-08-05 01:46 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-08-05 01:46 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-10 20:13 . 2007-03-22 03:03 -------- d-----w- c:\users\mike\AppData\Roaming\Winamp
2009-06-10 20:13 . 2007-03-21 04:48 -------- d-----w- c:\users\mike\AppData\Roaming\Ventrilo
2009-06-10 20:11 . 2007-04-02 15:28 -------- d-----w- c:\program files\Lavasoft
2009-06-10 19:30 . 2009-06-26 17:01 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-10 05:30 . 2009-06-10 05:30 -------- d-----w- c:\users\mike\AppData\Roaming\CleanMyPC Software
2009-06-10 05:29 . 2009-06-09 05:24 -------- d-----w- c:\programdata\Lavasoft
2009-06-09 05:11 . 2007-04-02 15:28 -------- d-----w- c:\users\mike\AppData\Roaming\Lavasoft
2009-05-21 22:51 . 2009-05-21 22:51 41808 ----a-w- c:\windows\system32\xfcodec.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-15 185784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-26 133656]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13781536]
"lxdpmon.exe"="c:\program files\Lexmark Z2300 Series\lxdpmon.exe" [2008-03-27 656040]
"EzPrint"="c:\program files\Lexmark Z2300 Series\ezprint.exe" [2008-03-27 107176]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8E44B1D7-61AE-4EA0-B4DF-E8BD2FB72BFE}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{D08C2BA9-9117-4D84-A377-43A78597EDB1}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{F2F69701-FB4C-4F08-87D0-E8009CE9A487}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{E2E1520F-6349-4DE5-9A87-2F77B796C391}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{4EA4BE56-8F98-455B-BF45-EE07D024F6D8}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{26533726-96EB-4629-AF99-BEF0CCDCC568}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{D26C4A82-9944-4890-BC6B-DE17FE21F061}"= TCP:9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{2EC653A3-D57B-4E4D-9F6D-C3660B6737EF}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{CC3CFB39-55AE-48F8-A710-9D1555A8B34F}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{9FF4F934-A680-4E5C-8E24-A1DFFF90B15D}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6DF627C4-8D11-4E21-A762-DE2F80C88C2A}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{0CB47B6F-15A6-48B8-963C-7EEFC73B4A91}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{50BA087C-CCCA-450E-B7B4-21CD776FB9D5}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{FD0A806F-A5C3-4C92-A2A4-7638F75CBA15}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{07A50D74-0FA7-4AA9-85E4-7A2693463C34}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{724291FA-1391-4CFF-BEC0-2315FA2A9F20}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{51134040-1FE1-4BF2-A758-C01AE1F5167C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5FFBA407-C614-4B0B-9C36-F132ED069CFD}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EB49869E-D06C-468D-8678-1153574A55BB}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{871233F9-4955-4B71-BE1F-434F0DDF46CB}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3DFCB5BA-185C-46D4-A6D2-209F3F3E921F}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{DC918CFD-2383-4CFC-9DBF-70615AD8A49C}c:\\program files\\world of warcraft\\wow-2.0.3-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe:Blizzard Downloader
"UDP Query User{62B34A79-37B1-4177-8778-14DDEFAD1B5F}c:\\program files\\world of warcraft\\wow-2.0.3-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.0.3-enus-downloader.exe:Blizzard Downloader
"TCP Query User{6AE7A773-F1E1-4DF9-9916-DA79110AC3B2}c:\\program files\\world of warcraft\\repair.exe"= UDP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{B6FAC60B-0EAE-49D7-BA41-7830943A3DC7}c:\\program files\\world of warcraft\\repair.exe"= TCP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"TCP Query User{608C887F-1509-413F-975C-E5A89754C878}c:\\program files\\world of warcraft\\wow-2.0.3.6299-to-2.0.10.6448-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.10.6448-enus-downloader.exe:Blizzard Downloader
"UDP Query User{646D8D43-6E88-43DC-86DC-AC33A35FD855}c:\\program files\\world of warcraft\\wow-2.0.3.6299-to-2.0.10.6448-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.0.3.6299-to-2.0.10.6448-enus-downloader.exe:Blizzard Downloader
"{A74532B9-5D58-433D-80F7-5B8EBF01C3FC}"= UDP:15944:BitComet 15944 TCP
"{7E774F62-D7A7-4B27-A3D3-33CE2E48A812}"= TCP:15944:BitComet 15944 UDP
"TCP Query User{055A898B-19C8-440B-9CAB-F001E7E4BC95}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{20F66735-E323-4F19-8DA2-1950ACC567A9}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{BCE20CBD-2813-4A27-B251-2BD6E61F37CD}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{605F0902-3D2F-41FB-935B-BBBDD0BDEBA0}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{6B8DD3B4-26F7-44FF-BD18-654AE143B603}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1A356935-5C9E-4C5B-AE44-064D62C9757C}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{88D27C42-E0E7-4D1F-8A64-D601B3F24E1E}c:\\program files\\world of warcraft\\wow-2.0.10.6448-to-2.0.12.6546-enus-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.0.10.6448-to-2.0.12.6546-enus-downloader.exe:Blizzard Downloader
"UDP Query User{99137096-65A7-4EDC-B9D5-52E28FE38DCA}c:\\program files\\world of warcraft\\wow-2.0.10.6448-to-2.0.12.6546-enus-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.0.10.6448-to-2.0.12.6546-enus-downloader.exe:Blizzard Downloader
"TCP Query User{05489AA6-09E3-40D4-8BD0-A731BA9B055A}c:\\program files\\steam\\steamapps\\advent317\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\advent317\counter-strike source\hl2.exe:hl2
"UDP Query User{61DA4CC9-5A3F-46AF-A1F3-03B3F7EA9F30}c:\\program files\\steam\\steamapps\\advent317\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\advent317\counter-strike source\hl2.exe:hl2
"TCP Query User{7B0A3ED4-1E7A-4B5F-A51A-8B54569EF45E}c:\\program files\\aim\\aim.exe"= UDP:c:\program files\aim\aim.exe:AOL Instant Messenger
"UDP Query User{47427664-CD1C-4079-9341-C5E13DB8DB25}c:\\program files\\aim\\aim.exe"= TCP:c:\program files\aim\aim.exe:AOL Instant Messenger
"TCP Query User{92E8C932-E3CE-4671-A0C7-3035ABF5535F}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{04E4C336-6076-4F34-ADBD-12F642B80428}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{16326F32-2744-4746-8CC3-9FD8AFF162B7}"= UDP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{BB189965-D8DB-48E1-AACD-8FF587565D64}"= TCP:c:\program files\World of Warcraft\BackgroundDownloader.exe:Blizzard Downloader
"{1D0F3CA3-810D-4548-B947-6B36DB745317}"= UDP:3724:Blizzard Downloader: 3724
"{BD00015C-8497-4F54-BF32-31B21905CEF6}"= UDP:c:\program files\Zune\Zune.exe:Zune
"{F3EB1F4A-FD54-4928-AD91-0F37E790F0DB}"= TCP:c:\program files\Zune\Zune.exe:Zune
"{3C2F8DF3-1301-435B-B020-770F85C0243D}"= UDP:15944:BitComet 15944 TCP
"{953788BE-964D-4E69-8FFC-84E51291BDA3}"= TCP:15944:BitComet 15944 UDP
"{C345F47C-F25D-42EC-B166-ADD5E83163F9}"= UDP:c:\users\mike\AppData\Local\Dyyno Receiver\DPPM.exe:Dyyno Plugin Receiver
"{ED6F78FF-8396-4E80-B267-4B7DE7911E0D}"= TCP:c:\users\mike\AppData\Local\Dyyno Receiver\DPPM.exe:Dyyno Plugin Receiver
"{4BCFCF93-5B1B-4E61-84DF-FDA39531591E}"= UDP:c:\windows\System32\lxdpcoms.exe:Lexmark Communications System
"{0405E4FF-28B2-43C5-B3E8-5A57A491FBF0}"= TCP:c:\windows\System32\lxdpcoms.exe:Lexmark Communications System
"{43454CB3-E854-4992-8071-2B4A139B4994}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdppswx.exe:Printer Status Window Interface
"{66D1B9B8-8BC2-47B1-8965-41F9D67A01D7}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdppswx.exe:Printer Status Window Interface
"{E2F02031-5C8B-41D5-933B-C0CC19A8169A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdptime.exe:Lexmark Connect Time Executable
"{958AB51E-0D90-4E4D-8A70-E481E1E39BA4}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdptime.exe:Lexmark Connect Time Executable
"{73051E9E-48C5-4094-BAC7-1625D0452781}"= UDP:c:\program files\Lexmark Z2300 Series\lxdpmon.exe:Printer Device Monitor
"{1A344C15-957D-4553-8FD1-E465E4AEA080}"= TCP:c:\program files\Lexmark Z2300 Series\lxdpmon.exe:Printer Device Monitor
"{6621A446-A6D7-4747-9CF9-7DA022345AB3}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdpjswx.exe:Job Status Window Interface
"{316EE2AB-2692-4777-A20B-A5CB5D2584FB}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdpjswx.exe:Job Status Window Interface
"{6DF9A3E3-28A8-4CFC-B4A5-EFA5011943D8}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [9/3/2006 11:32 AM 208896]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [5/10/2006 10:13 AM 29696]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdpserv.exe [2/27/2008 4:06 PM 98984]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [5/21/2008 4:57 PM 34576]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-01 20:32]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-01 20:32]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Steam - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
FF - ProfilePath - c:\users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\whi2eif5.default\
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\whi2eif5.default\extensions\[email protected]\plugins\npDyyno.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 17:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\nvvsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\lxdpcoms.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-08-06 17:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-06 00:37

Pre-Run: 241,216,172,032 bytes free
Post-Run: 240,940,441,600 bytes free

257 --- E O F --- 2009-08-05 01:50

#4
handhfan

Posted 05 August 2009 - 11:27 PM

Trusted Helper

Expert
13,659 posts

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 15.
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation (jre-6u15-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u15-windows-i586.exe and select "Run as an Administrator.")

Please do an online scan with Kaspersky WebScanner

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure the following is checked.
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply, along with a new OTL log.

Edited by handhfan, 05 August 2009 - 11:28 PM.

#5
Advent317

Posted 06 August 2009 - 12:24 AM

New Member

Topic Starter
Member
6 posts

Just removed the old Javas and updated with the one you linked, starting the Kaspersky scan right now, I'll post the log once it finishes. OTL seems to have been deleted from my computer, I think McAfee removed it, is that normal?

EDIT: Upon trying to re-download OTL, McAfee blocked it and said it detected something malicious. Tried turning the auto protection off and redownloading, but now I get an error from the OTL download link provided in the sticky thread, something with McAfee is still blocking that link. File not found is the error I get. Here is the Kaspersky log.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, August 6, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, August 06, 2009 08:09:53
Records in database: 2585984
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 118817
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:05:24

No malware has been detected. The scan area is clean.

The selected area was scanned.

Edited by Advent317, 06 August 2009 - 03:17 AM.

#6
handhfan

Posted 06 August 2009 - 08:39 AM

Trusted Helper

Expert
13,659 posts

Yeah, McAfee has been after OTL recently. Some of our tools are so powerful (or suspicious) that many of the antivirus companies think they are malicious (creating what we call a false positive). No matter, if your log didn't change since the last one, it's clean.

Is your computer running better now?

#7
Advent317

Posted 06 August 2009 - 08:52 AM

New Member

Topic Starter
Member
6 posts

So far it seems to be running like normal, you've been a great help. Any other things I should do?

#8
handhfan

Posted 06 August 2009 - 08:55 AM

Trusted Helper

Expert
13,659 posts

Your logs look clean. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. If you have any questions or other problems, please let me know. Other than that, and the steps below, you should be all set.

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Make sure you have an Internet Connection.
Download OTC to your desktop and run it
A list of tool components used in the Cleanup of malware will be downloaded.
If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
Click Yes to beging the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Please update Adobe Reader, by downloading and installing Adobe Reader 9.1.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

SpywareBlaster to help prevent spyware from installing in the first place.
SpywareGuard gives you realtime protection from spyware.
Super Antispyware OR Malwarebytes' Anti-Malware to help remove any spyware that may have gotten on your computer.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed.
Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see this article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

To keep your operating system up to date visit Microsoft Windows Update monthly. Remember to be aware of what emails you open and websites you visit.

Have a safe and happy computing day!

#9
Advent317

Posted 06 August 2009 - 10:38 AM

New Member

Topic Starter
Member
6 posts

Uninstalled ComboFix, ran OTC, and updated Adobe Reader. Anything else?

#10
handhfan

Posted 06 August 2009 - 12:02 PM

Trusted Helper

Expert
13,659 posts

That's all unless you have any other problems.

#11
Advent317

Posted 06 August 2009 - 12:25 PM

New Member

Topic Starter
Member
6 posts

Think that about covers it, I really appreciate all the help you've given me.

#12
handhfan

Posted 06 August 2009 - 12:34 PM

Trusted Helper

Expert
13,659 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.