Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another google redirect thhread.

Started by Verdius , Apr 18 2010 07:19 PM

  • Please log in to reply

#1
Verdius
Posted 18 April 2010 - 07:19 PM

Verdius

    New Member

  • Member
  • Pip
  • 8 posts
Hey everyone.

I've been to these forums the past few days attempting to dislodge this nasty bug that's refused to be outed no matter what I've done.

My last hope before reformatting my harddrive is to come here so, let's see.

I've downloaded and ran the scans and have the logs suggested already such as Malwarebytes etc.

Before loading this down in information however I figured it would be best to start with just an introduction and let you tell me what should be done first.

Anyway just to say about the bug, after many attempts to get rid of I do think I got rid of some of my problems that came along with it, however there's still something in my computer redirecting google search. Running Hijack This there are two items that repeatly come up though it's always unsuccessful in getting rid of them.

Also if I enter Safemode my screen will go black after about 10 minutes despite my computer still going on, almost as if it went to sleep but I can't get it to come back up.

Anyway, thanks in advance for any assistance.
  • 0

Advertisements

#2
RKinner
Posted 18 April 2010 - 10:56 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
We need as many of the logs from http://www.geekstogo...uide-t2852.html as you can get. Copy and Paste them. Don't use attachments.

Ron
  • 0

#3
Verdius
Posted 18 April 2010 - 11:58 PM

Verdius

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for your reply. Here are my logs.

Malbytes -

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4005

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

4/18/2010 5:50:34 PM
mbam-log-2010-04-18 (17-50-34).txt

Scan type: Quick scan
Objects scanned: 135206
Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-18 20:10:47
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Verdius\AppData\Local\Temp\fwlyapow.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? C33BDA50
INT 0x62 ? C33BD550
INT 0x72 ? C33BD050
INT 0x82 ? C4F88A50
INT 0x92 ? C4F88CD0
INT 0xA2 ? C33BD7D0
INT 0xB1 ? C33BDCD0

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0xCCE04340, 0x3C9C37, 0xE8000020]
.rsrc C:\Windows\system32\DRIVERS\mouclass.sys entry point in ".rsrc" section [0xCD988014]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1032] ntdll.dll!NtProtectVirtualMemory 77B74D34 5 Bytes JMP 007E000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1032] ntdll.dll!NtWriteVirtualMemory 77B75674 5 Bytes JMP 0080000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1032] ntdll.dll!KiUserExceptionDispatcher 77B75DC8 5 Bytes JMP 007D000A
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtProtectVirtualMemory 77B74D34 5 Bytes JMP 0070000A
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtWriteVirtualMemory 77B75674 5 Bytes JMP 0071000A
.text C:\Windows\system32\svchost.exe[1216] ntdll.dll!KiUserExceptionDispatcher 77B75DC8 5 Bytes JMP 006F000A
.text C:\Windows\system32\svchost.exe[1216] ole32.dll!CoCreateInstance 77889EA6 5 Bytes JMP 0147000A
.text C:\Windows\system32\svchost.exe[1216] USER32.dll!GetCursorPos 766F0B88 5 Bytes JMP 0148000A
.text C:\Windows\Explorer.EXE[2264] ntdll.dll!NtProtectVirtualMemory 77B74D34 5 Bytes JMP 0022000A
.text C:\Windows\Explorer.EXE[2264] ntdll.dll!NtWriteVirtualMemory 77B75674 5 Bytes JMP 0023000A
.text C:\Windows\Explorer.EXE[2264] ntdll.dll!KiUserExceptionDispatcher 77B75DC8 5 Bytes JMP 0021000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\nvstor \Device\Harddisk0\DR0 C500BAC8

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0C87770-EEF6-772A-CCF4-3F5237EEC976}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0C87770-EEF6-772A-CCF4-3F5237EEC976}@hahljmcbalfgphip 0x6A 0x61 0x6F 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0C87770-EEF6-772A-CCF4-3F5237EEC976}@ianlhljdeccmgfgglk 0x6A 0x61 0x6F 0x69 ...

---- Files - GMER 1.0.15 ----

File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\09 On the Run.mp3 4605545 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\01 Dialogue 3-1.mp3 177269 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\02 Go Go Cactus (guitar version).mp3 1106723 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\03 Dialogue 3-2.mp3 270265 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\04 Too Good Too Bad.mp3 3098286 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\05 Dialogue 3-3.mp3 135473 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\06 Eyeball.mp3 1235224 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\07 Dialogue 3-4.mp3 245188 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\08 Yuenchi.mp3 4496873 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\10 Dialogue 3-5.mp3 495442 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\11 23 Wa.mp3 5838520 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\12 Dialogue 3-6.mp3 108307 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\13 Don't Bother None (long version).mp3 6046482 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\14 Dialogue 3-7.mp3 499099 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\15 W0 Qui Non Coin (Tada Ed Aoi).mp3 3116063 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\16 Kawaisouna Fei (Lip Cream).mp3 1278607 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\17 Call Me Call Me.mp3 5653061 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\18 Dialogue 3-8.mp3 502756 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\19 Memory.mp3 1828203 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\20 Adieu (long version).mp3 7459172 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\21 Dialogue 3-9.mp3 420732 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\22 See You Space Cowboys Not Final Mix Mountain Root.mp3 7113862 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\23 Dialogue 3-10.mp3 384684 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy Bebop Limited Edition Boxed Set - CD 03\24 Blue.mp3 6029213 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy Bebop Limited Edition Boxed Set - CD 04 0 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy Bebop Limited Edition Boxed Set - CD 04\01 Tank!.mp3 4823932 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy Bebop Limited Edition Boxed Set - CD 04\02 Rush.mp3 5052763 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy Bebop Limited Edition Boxed Set - CD 04\03 What Planet is This.mp3 5857872 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy Bebop Limited Edition Boxed Set - CD 04\04 Too Good Too Bad.mp3 3019926 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy Bebop Limited Edition Boxed Set - CD 04\05 Bad Dog No Biscuit.mp3 5419014 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy Bebop Limited Edition Boxed Set - CD 04\06 Call Me Call Me.mp3 6386586 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy Bebop Limited Edition Boxed Set - CD 04\07 Mushroom Hunting.mp3 4981200 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy Bebop Limited Edition Boxed Set - CD 04\08 The Real Folk Blues.mp3 7346329 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy Bebop Limited Edition Boxed Set - CD 04\09 Piano solo.mp3 9428279 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy Bebop Limited Edition Boxed Set - CD 04\10 Ask DNA.mp3 5837486 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy Bebop Limited Edition Boxed Set - CD 04\11 SF Game Center.mp3 1736268 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy Bebop Limited Edition Boxed Set - CD 04\12 Rouya.mp3 4363133 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy Bebop Limited Edition Boxed Set - CD 04\13 Old School Game.mp3 1289053 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_05 0 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_05\Cowboy Bebop Limited Edition Boxed Set - CD 05 0 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_05\Cowboy Bebop Limited Edition Boxed Set - CD 05\01 Sasurai no Cowboy (Tada Ed Aoi).mp3 3967656 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_05\Cowboy Bebop Limited Edition Boxed Set - CD 05\02 Miwaku no Horse Riding.mp3 3270191 bytes
File C:\Users\Verdius\Music\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_Scans\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_01\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_02\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_03\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_04\Cowboy_Bebop_Limited_Edition_Boxed_Set_-_CD_05\Cowboy Bebop Limited Edition Boxed Set - CD 05\03 Sasurai No Cowboy (Inu To Utau Karaoke).mp3 3984372 bytes
File C:\Windows\system32\DRIVERS\mouclass.sys suspicious modification
File C:\Windows\system32\drivers\nvstor.sys suspicious modification

---- EOF - GMER 1.0.15 ----


and the OLT ones

OTL logfile created on: 4/18/2010 8:58:56 PM - Run 1
OTL by OldTimer - Version 3.2.1.2 Folder = C:\Users\Verdius\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 136.53 Gb Free Space | 47.40% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.60 Gb Free Space | 96.04% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANNABELLE
Current User Name: Verdius
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/18 17:35:27 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Verdius\Desktop\OTL.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/11/26 12:52:10 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/24 15:25:34 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
PRC - [2009/11/24 15:25:34 | 001,823,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Wacom_TabletUser.exe
PRC - [2009/04/11 02:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009/04/11 02:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 17:53:30 | 000,708,608 | ---- | M] (Autodesk Inc) -- C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/19 03:33:12 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (SafeList) ==========

MOD - [2010/04/18 17:35:27 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Verdius\Desktop\OTL.exe
MOD - [2009/04/11 02:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 20:44:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/06 16:20:02 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/24 15:25:34 | 004,463,400 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: "http://community.daw...2.com/main.php"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 00:01:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/16 22:57:16 | 000,000,000 | ---D | M]

[2009/02/18 03:20:16 | 000,000,000 | ---D | M] -- C:\Users\Verdius\AppData\Roaming\Mozilla\Extensions
[2009/02/18 03:20:16 | 000,000,000 | ---D | M] -- C:\Users\Verdius\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/04/18 00:35:41 | 000,000,000 | ---D | M] -- C:\Users\Verdius\AppData\Roaming\Mozilla\Firefox\Profiles\oa0ysrq3.default\extensions
[2010/04/16 07:38:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Verdius\AppData\Roaming\Mozilla\Firefox\Profiles\oa0ysrq3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/09 02:42:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/07/18 15:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nptgeqplugin.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/04/16 21:58:23 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Verdius\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Verdius\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/11/01 11:21:30 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/06/23 17:37:55 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/04/18 17:47:23 | 000,000,000 | ---D | C] -- C:\Users\Verdius\Desktop\Only the BEst
[2010/04/18 17:40:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/18 17:40:10 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/18 17:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/18 17:35:21 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Users\Verdius\Desktop\OTL.exe
[2010/04/18 17:33:36 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Verdius\Desktop\erunt_setup.exe
[2010/04/18 16:58:19 | 000,000,000 | ---D | C] -- C:\Users\Verdius\Desktop\FIX
[2010/04/18 05:10:24 | 000,000,000 | ---D | C] -- C:\Users\Verdius\Desktop\Steampunk
[2010/04/17 02:06:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/17 02:06:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/04/16 22:05:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/04/16 22:05:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/04/16 22:05:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/04/16 22:05:43 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/04/16 22:04:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/04/16 22:04:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/04/16 22:04:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/16 21:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/04/16 21:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/04/16 18:51:04 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/04/16 17:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/04/16 17:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/04/16 17:20:45 | 005,650,240 | ---- | C] (SurfRight B.V.) -- C:\Users\Verdius\Desktop\HitmanPro35.exe
[2010/04/15 17:35:59 | 000,064,160 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/04/15 17:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/04/15 17:23:58 | 000,000,000 | ---D | C] -- C:\Users\Verdius\AppData\Roaming\Malwarebytes
[2010/04/15 17:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/14 07:43:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/13 18:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/04/08 20:56:10 | 000,000,000 | ---D | C] -- C:\Users\Verdius\Desktop\Sketchpro
[2010/04/05 16:40:31 | 000,000,000 | ---D | C] -- C:\Users\Verdius\AppData\Roaming\WTablet
[2010/04/05 16:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\TabletPlugins
[2010/04/05 16:39:56 | 007,892,776 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\WacomTablet.cpl
[2010/04/05 16:39:22 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacommousefilter.sys
[2010/04/05 16:38:59 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacomvhid.sys
[2010/04/05 16:38:47 | 000,016,168 | ---- | C] (Wacom Technology) -- C:\Windows\System32\drivers\wacmoumonitor.sys
[2010/04/05 16:38:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\WTablet
[2010/04/05 16:38:43 | 000,285,184 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wintab32.dll
[2010/04/05 16:38:42 | 004,463,400 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
[2010/04/05 16:38:42 | 000,412,456 | ---- | C] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.dll
[2010/04/05 16:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[1 C:\Users\Verdius\Desktop\*.tmp files -> C:\Users\Verdius\Desktop\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/04/18 20:59:06 | 003,932,160 | -HS- | M] () -- C:\Users\Verdius\ntuser.dat
[2010/04/18 19:59:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/18 19:39:02 | 000,004,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/18 19:39:02 | 000,004,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/18 18:00:03 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/04/18 17:54:56 | 000,014,336 | ---- | M] () -- C:\Users\Verdius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/18 17:43:39 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/18 17:43:39 | 000,598,350 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/18 17:43:39 | 000,101,988 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/18 17:39:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/18 17:38:14 | 000,524,288 | -HS- | M] () -- C:\Users\Verdius\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/04/18 17:38:14 | 000,065,536 | -HS- | M] () -- C:\Users\Verdius\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/18 17:37:46 | 002,332,090 | -H-- | M] () -- C:\Users\Verdius\AppData\Local\IconCache.db
[2010/04/18 17:35:27 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Users\Verdius\Desktop\OTL.exe
[2010/04/18 17:34:46 | 000,284,915 | ---- | M] () -- C:\Users\Verdius\Desktop\gmer.zip
[2010/04/18 17:33:48 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Verdius\Desktop\erunt_setup.exe
[2010/04/18 17:02:50 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/04/18 15:34:11 | 000,002,032 | ---- | M] () -- C:\Users\Verdius\AppData\Local\d3d9caps.dat
[2010/04/18 02:28:39 | 000,010,265 | ---- | M] () -- C:\Users\Verdius\Desktop\1271570873906.png
[2010/04/18 02:23:49 | 000,823,594 | ---- | M] () -- C:\Users\Verdius\Desktop\1271568985427.png
[2010/04/18 02:02:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\File Helper.job
[2010/04/18 01:13:52 | 010,757,449 | ---- | M] () -- C:\Users\Verdius\Desktop\page0001.jpg
[2010/04/16 21:58:23 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/16 21:00:19 | 000,534,264 | ---- | M] () -- C:\Users\Verdius\Desktop\a6afd82da269.jpg
[2010/04/16 18:51:04 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2010/04/16 17:21:10 | 005,650,240 | ---- | M] (SurfRight B.V.) -- C:\Users\Verdius\Desktop\HitmanPro35.exe
[2010/04/15 17:36:30 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/04/15 12:16:55 | 000,034,360 | ---- | M] () -- C:\Windows\System32\drivers\mouclass.sys83BA0E68
[2010/04/15 07:51:36 | 003,932,160 | -HS- | M] () -- C:\Users\Verdius\ntuser.dat_previous
[2010/04/13 23:29:43 | 000,056,943 | ---- | M] () -- C:\Users\Verdius\Desktop\1271214907987.jpg
[2010/04/13 22:38:51 | 022,115,922 | ---- | M] () -- C:\Users\Verdius\Desktop\Battle Scene.ai
[2010/04/13 19:37:56 | 000,122,492 | ---- | M] () -- C:\Users\Verdius\Desktop\1271201743849.jpg
[2010/04/13 19:26:37 | 000,080,989 | ---- | M] () -- C:\Users\Verdius\Desktop\1271199130593.gif
[2010/04/13 19:25:51 | 000,111,523 | ---- | M] () -- C:\Users\Verdius\Desktop\1271198751248.png
[2010/04/13 19:23:46 | 000,033,340 | ---- | M] () -- C:\Users\Verdius\Desktop\1271200854160.png
[2010/04/13 00:07:29 | 000,147,651 | ---- | M] () -- C:\Users\Verdius\Desktop\1271131562176.jpg
[2010/04/12 23:57:16 | 000,088,580 | ---- | M] () -- C:\Users\Verdius\Desktop\1271130686890.jpg
[2010/04/12 01:56:00 | 000,047,283 | ---- | M] () -- C:\Users\Verdius\Desktop\1271051127208.jpg
[2010/04/12 01:55:06 | 000,094,833 | ---- | M] () -- C:\Users\Verdius\Desktop\1271050577471.gif
[2010/04/12 00:55:21 | 000,069,749 | ---- | M] () -- C:\Users\Verdius\Desktop\1271047671354.jpg
[2010/04/12 00:53:09 | 000,066,203 | ---- | M] () -- C:\Users\Verdius\Desktop\1271047362046.gif
[2010/04/12 00:52:26 | 000,202,410 | ---- | M] () -- C:\Users\Verdius\Desktop\1271046727522.png
[2010/04/12 00:51:09 | 000,523,171 | ---- | M] () -- C:\Users\Verdius\Desktop\1271046613904.jpg
[2010/04/11 22:30:57 | 002,369,220 | ---- | M] () -- C:\Users\Verdius\Desktop\SPACE MARINE LIFE.tif
[2010/04/11 22:20:30 | 000,061,775 | ---- | M] () -- C:\Users\Verdius\Desktop\1271038358730.jpg
[2010/04/11 21:02:49 | 000,179,723 | ---- | M] () -- C:\Users\Verdius\Desktop\1271033227641.jpg
[2010/04/11 20:16:44 | 001,202,653 | ---- | M] () -- C:\Users\Verdius\Desktop\1271031213791.png
[2010/04/11 20:16:22 | 000,231,268 | ---- | M] () -- C:\Users\Verdius\Desktop\1271028371786.jpg
[2010/04/11 19:55:36 | 000,384,043 | ---- | M] () -- C:\Users\Verdius\Desktop\1271029603847.jpg
[2010/04/11 19:39:43 | 001,849,303 | ---- | M] () -- C:\Users\Verdius\Desktop\1271029019900.jpg
[2010/04/11 19:39:15 | 000,239,507 | ---- | M] () -- C:\Users\Verdius\Desktop\1271028580276.jpg
[2010/04/11 19:38:40 | 000,944,308 | ---- | M] () -- C:\Users\Verdius\Desktop\1271029047794.jpg
[2010/04/11 19:38:35 | 000,324,979 | ---- | M] () -- C:\Users\Verdius\Desktop\1271028142948.jpg
[2010/04/11 18:33:40 | 000,113,070 | ---- | M] () -- C:\Users\Verdius\Desktop\1271025057869.jpg
[2010/04/09 23:12:21 | 002,498,873 | ---- | M] () -- C:\Users\Verdius\Desktop\Kabandha The Golden1.jpg
[2010/04/09 22:55:29 | 000,778,595 | ---- | M] () -- C:\Users\Verdius\Desktop\kombat_unit_Urdeshi_armor_Ref_by_torture_device.jpg
[2010/04/09 16:55:40 | 000,559,714 | ---- | M] () -- C:\Users\Verdius\Desktop\eths.jpg
[1 C:\Users\Verdius\Desktop\*.tmp files -> C:\Users\Verdius\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/18 17:51:23 | 000,293,376 | ---- | C] () -- C:\Users\Verdius\Desktop\gmer.exe
[2010/04/18 17:34:45 | 000,284,915 | ---- | C] () -- C:\Users\Verdius\Desktop\gmer.zip
[2010/04/18 02:28:39 | 000,010,265 | ---- | C] () -- C:\Users\Verdius\Desktop\1271570873906.png
[2010/04/18 02:23:47 | 000,823,594 | ---- | C] () -- C:\Users\Verdius\Desktop\1271568985427.png
[2010/04/18 02:20:30 | 010,757,449 | ---- | C] () -- C:\Users\Verdius\Desktop\page0001.jpg
[2010/04/16 22:05:54 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/04/16 22:05:53 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/04/16 22:05:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/04/16 22:05:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/04/16 22:05:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/04/16 21:00:18 | 000,534,264 | ---- | C] () -- C:\Users\Verdius\Desktop\a6afd82da269.jpg
[2010/04/16 17:40:11 | 000,015,944 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/04/15 17:36:30 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/04/15 12:16:55 | 000,034,360 | ---- | C] () -- C:\Windows\System32\drivers\mouclass.sys83BA0E68
[2010/04/13 23:29:42 | 000,056,943 | ---- | C] () -- C:\Users\Verdius\Desktop\1271214907987.jpg
[2010/04/13 19:37:56 | 000,122,492 | ---- | C] () -- C:\Users\Verdius\Desktop\1271201743849.jpg
[2010/04/13 19:26:37 | 000,080,989 | ---- | C] () -- C:\Users\Verdius\Desktop\1271199130593.gif
[2010/04/13 19:25:51 | 000,111,523 | ---- | C] () -- C:\Users\Verdius\Desktop\1271198751248.png
[2010/04/13 19:23:45 | 000,033,340 | ---- | C] () -- C:\Users\Verdius\Desktop\1271200854160.png
[2010/04/13 00:07:29 | 000,147,651 | ---- | C] () -- C:\Users\Verdius\Desktop\1271131562176.jpg
[2010/04/12 23:57:15 | 000,088,580 | ---- | C] () -- C:\Users\Verdius\Desktop\1271130686890.jpg
[2010/04/12 01:56:00 | 000,047,283 | ---- | C] () -- C:\Users\Verdius\Desktop\1271051127208.jpg
[2010/04/12 01:55:06 | 000,094,833 | ---- | C] () -- C:\Users\Verdius\Desktop\1271050577471.gif
[2010/04/12 00:55:20 | 000,069,749 | ---- | C] () -- C:\Users\Verdius\Desktop\1271047671354.jpg
[2010/04/12 00:53:09 | 000,066,203 | ---- | C] () -- C:\Users\Verdius\Desktop\1271047362046.gif
[2010/04/12 00:52:26 | 000,202,410 | ---- | C] () -- C:\Users\Verdius\Desktop\1271046727522.png
[2010/04/12 00:51:07 | 000,523,171 | ---- | C] () -- C:\Users\Verdius\Desktop\1271046613904.jpg
[2010/04/11 22:30:56 | 002,369,220 | ---- | C] () -- C:\Users\Verdius\Desktop\SPACE MARINE LIFE.tif
[2010/04/11 22:20:30 | 000,061,775 | ---- | C] () -- C:\Users\Verdius\Desktop\1271038358730.jpg
[2010/04/11 21:02:48 | 000,179,723 | ---- | C] () -- C:\Users\Verdius\Desktop\1271033227641.jpg
[2010/04/11 20:16:44 | 001,202,653 | ---- | C] () -- C:\Users\Verdius\Desktop\1271031213791.png
[2010/04/11 20:16:21 | 000,231,268 | ---- | C] () -- C:\Users\Verdius\Desktop\1271028371786.jpg
[2010/04/11 19:55:35 | 000,384,043 | ---- | C] () -- C:\Users\Verdius\Desktop\1271029603847.jpg
[2010/04/11 19:39:42 | 001,849,303 | ---- | C] () -- C:\Users\Verdius\Desktop\1271029019900.jpg
[2010/04/11 19:39:14 | 000,239,507 | ---- | C] () -- C:\Users\Verdius\Desktop\1271028580276.jpg
[2010/04/11 19:38:39 | 000,944,308 | ---- | C] () -- C:\Users\Verdius\Desktop\1271029047794.jpg
[2010/04/11 19:38:35 | 000,324,979 | ---- | C] () -- C:\Users\Verdius\Desktop\1271028142948.jpg
[2010/04/11 18:33:40 | 000,113,070 | ---- | C] () -- C:\Users\Verdius\Desktop\1271025057869.jpg
[2010/04/09 23:12:09 | 002,498,873 | ---- | C] () -- C:\Users\Verdius\Desktop\Kabandha The Golden1.jpg
[2010/04/09 22:55:28 | 000,778,595 | ---- | C] () -- C:\Users\Verdius\Desktop\kombat_unit_Urdeshi_armor_Ref_by_torture_device.jpg
[2010/04/09 17:46:06 | 000,559,714 | ---- | C] () -- C:\Users\Verdius\Desktop\eths.jpg
[2010/04/05 16:40:03 | 001,653,980 | ---- | C] () -- C:\Windows\System32\WacomTablet.znc
[2010/04/05 16:38:33 | 000,000,112 | ---- | C] () -- C:\Windows\System32\WacomTabletUserDefaults.xml
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/09/18 07:53:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/16 16:30:35 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/01/22 09:48:04 | 000,002,032 | ---- | C] () -- C:\Users\Verdius\AppData\Local\d3d9caps.dat
[2009/01/10 16:52:19 | 000,006,793 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/03 22:51:05 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{bb4047e7-61a6-11dd-9155-00188b5fd067}.TMContainer00000000000000000002.regtrans-ms
[2008/08/03 22:51:05 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{bb4047e7-61a6-11dd-9155-00188b5fd067}.TMContainer00000000000000000001.regtrans-ms
[2008/08/03 22:51:05 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{bb4047e7-61a6-11dd-9155-00188b5fd067}.TM.blf
[2008/08/03 22:51:04 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{bb4047d4-61a6-11dd-9155-00188b5fd067}.TMContainer00000000000000000002.regtrans-ms
[2008/08/03 22:51:04 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{bb4047d4-61a6-11dd-9155-00188b5fd067}.TMContainer00000000000000000001.regtrans-ms
[2008/08/03 22:51:04 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{bb4047d4-61a6-11dd-9155-00188b5fd067}.TM.blf
[2008/08/03 22:51:03 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2008/08/03 22:51:03 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2008/08/03 22:51:03 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2008/07/03 14:32:04 | 000,262,144 | -H-- | C] () -- C:\Users\Verdius\NTUSER.DAT.COPY.TMP.LOG1
[2008/07/03 14:32:04 | 000,000,000 | -H-- | C] () -- C:\Users\Verdius\NTUSER.DAT.COPY.TMP.LOG2
[2008/06/25 03:39:58 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/06/23 05:43:50 | 000,014,336 | ---- | C] () -- C:\Users\Verdius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/23 00:21:25 | 000,000,020 | -HS- | C] () -- C:\Users\Verdius\ntuser.ini
[2008/06/23 00:21:24 | 003,932,160 | -HS- | C] () -- C:\Users\Verdius\ntuser.dat_previous
[2008/06/23 00:21:24 | 003,932,160 | -HS- | C] () -- C:\Users\Verdius\ntuser.dat
[2008/06/23 00:21:24 | 000,524,288 | -HS- | C] () -- C:\Users\Verdius\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008/06/23 00:21:24 | 000,524,288 | -HS- | C] () -- C:\Users\Verdius\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2008/06/23 00:21:24 | 000,262,144 | -H-- | C] () -- C:\Users\Verdius\ntuser.dat.LOG1
[2008/06/23 00:21:24 | 000,065,536 | -HS- | C] () -- C:\Users\Verdius\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2008/06/23 00:21:24 | 000,000,000 | -H-- | C] () -- C:\Users\Verdius\ntuser.dat.LOG2
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2008/06/23 01:08:02 | 000,000,000 | ---D | M] -- C:\Users\Verdius\AppData\Roaming\acccore
[2010/03/26 17:37:16 | 000,000,000 | ---D | M] -- C:\Users\Verdius\AppData\Roaming\Autodesk
[2010/04/15 07:51:04 | 000,000,000 | ---D | M] -- C:\Users\Verdius\AppData\Roaming\BitTorrent
[2008/12/16 15:27:34 | 000,000,000 | ---D | M] -- C:\Users\Verdius\AppData\Roaming\DelinvFile
[2009/10/25 20:32:34 | 000,000,000 | ---D | M] -- C:\Users\Verdius\AppData\Roaming\DNA
[2008/12/14 12:43:27 | 000,000,000 | ---D | M] -- C:\Users\Verdius\AppData\Roaming\FileZilla
[2008/08/10 22:58:00 | 000,000,000 | ---D | M] -- C:\Users\Verdius\AppData\Roaming\ICQ
[2009/04/15 09:37:40 | 000,000,000 | ---D | M] -- C:\Users\Verdius\AppData\Roaming\Kingston
[2009/11/08 20:56:31 | 000,000,000 | ---D | M] -- C:\Users\Verdius\AppData\Roaming\LimeWire
[2008/10/07 23:13:08 | 000,000,000 | ---D | M] -- C:\Users\Verdius\AppData\Roaming\MusicNet
[2010/04/15 17:36:30 | 000,000,458 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/04/18 02:02:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\File Helper.job
[2010/04/18 18:00:03 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2010/04/18 17:37:53 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\drivers\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/06/23 01:39:45 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/06/23 01:39:45 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/06/23 01:39:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008/01/19 03:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008/01/19 03:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2007/01/06 00:59:34 | 000,086,096 | ---- | M] (NVIDIA Corporation) MD5=6F785DB62A6D8F3FAFD3E5695277E849 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvraid.sys
[2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2007/01/06 01:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Drivers\system\r148912\nvstor.sys
[2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2007/01/06 00:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/18 17:02:50 | 000,015,944 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/02/20 16:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/15 12:16:55 | 000,034,360 | ---- | M] () -- C:\Windows\System32\drivers\mouclass.sys83BA0E68
[2010/04/15 12:39:52 | 000,034,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mouclass.sys
[2010/02/23 07:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 07:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 07:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/04/03 12:49:09 | 000,138,384 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/02/18 10:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 07:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 489 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:0CE7F3C9
< End of report >


OTL Extras logfile created on: 4/18/2010 8:58:56 PM - Run 1
OTL by OldTimer - Version 3.2.1.2 Folder = C:\Users\Verdius\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 136.53 Gb Free Space | 47.40% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 9.60 Gb Free Space | 96.04% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANNABELLE
Current User Name: Verdius
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BBAA54-C2E1-4BA6-859F-A32456E3039D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{13D0A9BE-16FF-4EC0-AABB-737E51A17CF6}" = lport=138 | protocol=17 | dir=in | app=system |
"{1981E740-6333-4AFA-A3E9-2C450147E7B8}" = rport=137 | protocol=17 | dir=out | app=system |
"{60548643-25ED-4181-9110-48F6CD30C60D}" = rport=138 | protocol=17 | dir=out | app=system |
"{68DD60DE-CC5E-44FE-BEC4-A1DDBC737BE6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7D884389-3A91-417C-93F2-5EE8117AAF63}" = rport=139 | protocol=6 | dir=out | app=system |
"{A006C9AB-E376-46B4-9760-A298B3D11FE1}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{A6C61689-203A-4834-BB6F-38F515D3ECDA}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{A7945DA5-7C86-455E-BA63-2354B8CEBDFD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BF217BDE-1292-4CC1-8A10-04DF0D9D9EE6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C2D9A8EF-A37C-4350-8776-4B13B9D76298}" = lport=137 | protocol=17 | dir=in | app=system |
"{CCA2D4C7-377C-45A5-BE33-BB23717F37C0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{CEFCCCA4-1ADE-400D-AF1E-4D68979ACB2D}" = lport=445 | protocol=6 | dir=in | app=system |
"{D401B27D-934E-4F38-A2CF-EE1281A81C19}" = lport=139 | protocol=6 | dir=in | app=system |
"{D41706B4-754C-42C6-8229-B55E9AEE88CD}" = rport=445 | protocol=6 | dir=out | app=system |
"{D74FC421-A116-47EF-8DDA-931D1C2FA99E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E68315CF-B213-479B-86B9-243116E2698A}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00217151-DBAA-44B9-A605-5B90E9467C8E}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{09278C3E-EDF4-4397-95A9-8411FB45F898}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{0A6C91B2-F3DF-41C0-89DB-4C6461ACF6BE}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{15317CD2-F4C3-4C65-938F-DFDA34E2A7CB}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{1815734A-BBB5-4BC7-8C9A-0D8E2178B7FB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{1C40101B-7CA2-4CD0-BCC4-6BEB881E47B8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{223F82CF-B6CF-4F87-B149-7785AB96AE7B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe |
"{22AA8D57-A79F-40B3-836E-D97C128B18B2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{27A13C1F-D3D8-48CF-9F09-D4D46E2B3F5A}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{2BA6D939-CCBE-4DCD-BC12-3C7C74CE9794}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{2CBFF054-4282-4707-9C8D-B90926983879}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{2D56A4AA-10E4-4C8E-B054-AFB3BD3788D2}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{39770461-E370-4C16-9C9C-FD723E093382}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{46190A88-F403-4BDC-9A99-9BCDEDDEFEF9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe |
"{5301C5D8-A5CE-43AD-BC9C-E88C2166E989}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{62C70B7D-1FD1-4CD9-947B-1B805E2F0D78}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{6664F95E-7C18-4F96-AE61-116A03D6C0FF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{755B9399-B5E2-44F5-B9AA-633AB285F106}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{768984F3-FFF9-4919-AFC4-E1627D7B8F1A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\dow2.exe |
"{8C33FD5D-9F3F-4356-BF87-9B49C4C003C8}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{8D73D9E5-C12C-4983-8DB6-82EEB432AC5E}" = protocol=1 | dir=in | [email protected],-28543 |
"{8E3855BB-724B-4C9F-9A66-AF1682115E57}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{92E1F87B-75CA-4E9D-A63A-B7D07BF14271}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{95F87ECB-F65E-4F21-BE16-750D7489E88D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{97E31C44-CAB4-4555-83B0-698D1875078C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{9824D77B-741F-450E-B8FB-BFFF6BA864E6}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{A191763E-11F8-458A-83A8-2BEF716409FF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp.exe |
"{A480CBBF-874D-4455-905A-92837C6D3472}" = protocol=1 | dir=out | [email protected],-28544 |
"{A5BD1DEE-48AF-46C4-8F00-68B54FC56CE9}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{A9BC3A37-EA1C-4365-A5AA-6D3BE01D0268}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B1F8D4C3-7FC1-462E-937F-ED14C0BF1DBE}" = protocol=6 | dir=in | app=c:\program files\thq\darkcrusade\darkcrusade.exe |
"{B9C291FE-0988-4CE0-8B35-62B50DB49869}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{C7524F54-2128-42A6-8152-36A97524AD40}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{D92014AD-0006-4B69-997C-9A65E5C8EDBE}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E4622B49-CC35-4F1B-9032-05B7E6BF280C}" = protocol=58 | dir=in | [email protected],-28545 |
"{E4653C64-7C3B-49F0-9079-2BFA098144D1}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{E5FE7C4D-19D9-4661-942F-2436CDFCD0F1}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{EE3930D0-5987-481C-A6D6-2E7EF05F1746}" = protocol=17 | dir=in | app=c:\program files\thq\darkcrusade\darkcrusade.exe |
"{EF7705EA-6C64-499D-9EAE-F0C2480517EB}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{F2CF2C2D-E6DB-4292-8536-A19D128C70A8}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{F31A40C3-8D85-40DA-A3E2-8069D74DA31F}" = protocol=58 | dir=out | [email protected],-28546 |
"{F3E3BD9A-9593-4DC0-9311-4D1640AF6609}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe |
"{F4927AE7-3689-4A57-AA6F-85A35A243A0F}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{FD6A887E-7D7C-43CA-9AC1-EDC18C0DEAFF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war soulstorm\soulstorm.exe |
"TCP Query User{312E9C21-4BA5-41EB-8C35-F726A20F7D21}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{396DB234-557E-45AB-8A70-C78DB2C98792}C:\users\verdius\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\verdius\program files\dna\btdna.exe |
"TCP Query User{3E8C00FD-4768-45FD-9D1E-18A017AFED70}C:\program files\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"TCP Query User{4F0C0363-0EFC-4A43-8331-2633094911E7}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{662BE50B-10DB-4E88-9700-9F75D7D297F3}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{ED89A479-09D8-4595-A0FC-469B8AB8791C}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{0209F233-F4B2-49EC-92C7-9BE2A67AA5A2}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{0F4A3467-55BD-49DB-8CFC-0739F458AEBC}C:\program files\steam\steamapps\common\dawn of war 2\dow2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"UDP Query User{351CBCA3-C361-4366-8D0A-B3B7C15C6E75}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{5573EE23-9131-4AA8-ACE4-8E79158D98E6}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"UDP Query User{BAB77C2B-F750-4797-AD69-D2B91A282F37}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{DECBC913-2848-45C7-ACF0-08A769123DB8}C:\users\verdius\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\verdius\program files\dna\btdna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32F27FAA-60D1-4EC3-8502-51AEC72BF50F}" = DarkCrusade
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8F99E711-CE74-4718-BE04-19D1A53A735C}" = Warhammer 40,000: Dawn Of War - Platinum Edition
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8236DB8-CF1E-476B-A718-0ADBDBD97863}" = Autodesk SketchBookPro 2010
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"AIM_6" = AIM 6
"AIMCustomEmoticons" = AIMCustomEmoticons
"AudioConverter Studio_is1" = AudioConverter Studio 5.9
"CamStudio" = CamStudio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dawn of Skirmish AI Project" = Dawn of Skirmish SS AI 3.2
"DelinvFile_is1" = DelinvFile - 3.03
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ExtractNow_is1" = ExtractNow
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"PROPLUSR" = Microsoft Office Professional Plus 2007
"PROR" = Microsoft Office Professional 2007 Trial
"RealPlayer 12.0" = RealPlayer
"Steam App 10680" = Aliens vs Predator
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 20570" = Warhammer 40,000: Dawn of War II - Chaos Rising
"Steam App 9450" = Dawn of War: Soulstorm
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/18/2010 4:50:16 PM | Computer Name = Annabelle | Source = SDWinSec.exe | ID = 0
Description =

Error - 4/18/2010 4:51:16 PM | Computer Name = Annabelle | Source = SDWinSec.exe | ID = 0
Description =

Error - 4/18/2010 4:52:16 PM | Computer Name = Annabelle | Source = SDWinSec.exe | ID = 0
Description =

Error - 4/18/2010 4:53:16 PM | Computer Name = Annabelle | Source = SDWinSec.exe | ID = 0
Description =

Error - 4/18/2010 4:54:16 PM | Computer Name = Annabelle | Source = SDWinSec.exe | ID = 0
Description =

Error - 4/18/2010 4:55:16 PM | Computer Name = Annabelle | Source = SDWinSec.exe | ID = 0
Description =

Error - 4/18/2010 4:56:16 PM | Computer Name = Annabelle | Source = SDWinSec.exe | ID = 0
Description =

Error - 4/18/2010 4:57:16 PM | Computer Name = Annabelle | Source = SDWinSec.exe | ID = 0
Description =

Error - 4/18/2010 4:58:17 PM | Computer Name = Annabelle | Source = SDWinSec.exe | ID = 0
Description =

Error - 4/18/2010 4:59:17 PM | Computer Name = Annabelle | Source = SDWinSec.exe | ID = 0
Description =

[ OSession Events ]
Error - 8/13/2009 10:56:39 PM | Computer Name = Annabelle | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/13/2009 10:56:41 PM | Computer Name = Annabelle | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/5/2009 11:46:32 PM | Computer Name = Annabelle | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/20/2009 3:29:20 AM | Computer Name = Annabelle | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/6/2009 3:09:10 AM | Computer Name = Annabelle | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/6/2009 8:52:05 PM | Computer Name = Annabelle | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/7/2009 11:35:34 PM | Computer Name = Annabelle | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/8/2009 9:48:48 PM | Computer Name = Annabelle | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/11/2009 2:30:06 AM | Computer Name = Annabelle | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/13/2009 12:25:02 AM | Computer Name = Annabelle | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/18/2010 5:24:47 PM | Computer Name = Annabelle | Source = HTTP | ID = 15021
Description =

Error - 4/18/2010 5:39:05 PM | Computer Name = Annabelle | Source = Schannel | ID = 36870
Description = A fatal error occurred when attempting to access the SSL server credential
private key. The error code returned from the cryptographic module is 0x80090011.

Error - 4/18/2010 5:39:05 PM | Computer Name = Annabelle | Source = Schannel | ID = 36870
Description = A fatal error occurred when attempting to access the SSL server credential
private key. The error code returned from the cryptographic module is 0x8009030d.

Error - 4/18/2010 5:39:05 PM | Computer Name = Annabelle | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 4/18/2010 5:39:05 PM | Computer Name = Annabelle | Source = HTTP | ID = 15021
Description =

Error - 4/18/2010 5:39:05 PM | Computer Name = Annabelle | Source = HTTP | ID = 15021
Description =

Error - 4/18/2010 5:39:05 PM | Computer Name = Annabelle | Source = HTTP | ID = 15021
Description =

Error - 4/18/2010 5:39:05 PM | Computer Name = Annabelle | Source = HTTP | ID = 15021
Description =

Error - 4/18/2010 5:39:05 PM | Computer Name = Annabelle | Source = HTTP | ID = 15021
Description =

Error - 4/18/2010 5:39:05 PM | Computer Name = Annabelle | Source = HTTP | ID = 15021
Description =


< End of report >


  • 0

#4
RKinner
Posted 19 April 2010 - 12:13 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Right click on george and Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply. Just Paste it in - don't use the quote feature.

Re-activate your protection programs at this time :!:

Ron
  • 0

#5
Verdius
Posted 19 April 2010 - 12:56 AM

Verdius

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here it is then, sans quotes.

ComboFix 10-04-17.07 - Verdius 04/19/2010 2:38.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1780 [GMT -4:00]
Running from: c:\users\Verdius\Desktop\Geroge.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Verdius\AppData\Roaming\Microsoft\Windows\Recent\-{SUMOTorrent.pif
c:\users\Verdius\AppData\Roaming\Microsoft\Windows\Recent\-=[SUMOTorrent.pif
c:\users\Verdius\AppData\Roaming\Microsoft\Windows\Recent\(SUMOTorrent.com)_Disgraced18_-_Faye_Reagan_(redhead_freckles_puffy_nipples).pif
c:\users\Verdius\AppData\Roaming\Microsoft\Windows\Recent\=[SUMOTorrent.com]=_Disgraced_18_-_Riley_Rey.pif
c:\users\Verdius\AppData\Roaming\Microsoft\Windows\Recent\=[SUMOTorrent.pif
c:\users\Verdius\AppData\Roaming\Microsoft\Windows\Recent\o{SUMOTorrent.pif
c:\windows\system32\AutoRun.inf
c:\windows\system32\reboot.txt

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
.
((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-19 06:46 . 2010-04-19 06:46 -------- d-----w- c:\users\tIM_2\AppData\Local\temp
2010-04-19 06:46 . 2010-04-19 06:46 -------- d-----w- c:\users\Tim\AppData\Local\temp
2010-04-19 06:46 . 2010-04-19 06:46 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-04-19 06:46 . 2010-04-19 06:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-19 06:46 . 2010-04-19 06:46 -------- d-----w- c:\users\Che\AppData\Local\temp
2010-04-19 06:17 . 2010-04-19 06:17 28880 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53F456AA-660D-4B28-BB28-054B6D3D8D4C}\MpKslf493949b.sys
2010-04-18 21:40 . 2010-04-18 21:40 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-18 21:40 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 21:40 . 2010-04-18 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 21:40 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 06:06 . 2010-04-17 06:06 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-17 02:04 . 2010-04-17 02:04 318976 ----a-w- c:\windows\system32\CF13612.exe
2010-04-17 01:24 . 2010-04-17 01:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-17 01:24 . 2010-04-17 01:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-16 22:51 . 2010-04-16 22:51 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-16 21:40 . 2010-04-18 21:02 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-16 21:21 . 2010-04-16 22:51 -------- d-----w- c:\programdata\Hitman Pro
2010-04-16 21:21 . 2010-04-16 21:21 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-15 21:35 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-15 21:33 . 2010-04-17 06:06 -------- d-----w- c:\programdata\Lavasoft
2010-04-15 21:23 . 2010-04-15 21:23 -------- d-----w- c:\users\Verdius\AppData\Roaming\Malwarebytes
2010-04-15 21:23 . 2010-04-15 21:23 -------- d-----w- c:\programdata\Malwarebytes
2010-04-15 21:19 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-15 21:19 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-15 21:18 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 21:18 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 21:18 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 21:18 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 21:18 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 21:18 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 21:18 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 21:18 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 21:18 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 11:43 . 2010-04-14 11:43 -------- d-----w- c:\windows\Sun
2010-04-13 22:53 . 2010-04-13 22:53 -------- d-----w- c:\program files\Adobe Media Player
2010-04-07 21:18 . 2010-04-07 21:18 -------- d-----w- c:\users\tIM_2\AppData\Roaming\WTablet
2010-04-05 20:40 . 2010-04-18 21:39 -------- d-----w- c:\users\Verdius\AppData\Roaming\WTablet
2010-04-05 20:40 . 2010-04-05 20:40 -------- d-----w- c:\program files\TabletPlugins
2010-04-05 20:39 . 2007-02-16 18:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-04-05 20:38 . 2009-05-20 18:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-04-05 20:38 . 2009-08-27 22:06 16168 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2010-04-05 20:38 . 2010-04-05 20:38 -------- d-----w- c:\windows\system32\WTablet
2010-04-05 20:38 . 2009-11-24 19:20 285184 ------w- c:\windows\system32\Wintab32.dll
2010-04-05 20:38 . 2009-11-24 19:25 4463400 ------w- c:\windows\system32\Wacom_Tablet.exe
2010-04-05 20:38 . 2009-11-24 19:25 412456 ------w- c:\windows\system32\Wacom_Tablet.dll
2010-04-05 20:38 . 2010-04-05 20:39 -------- d-----w- c:\program files\Tablet
2010-03-31 19:31 . 2010-03-31 19:31 -------- d-----w- c:\users\tIM_2\AppData\Roaming\Autodesk
2010-03-31 06:06 . 2010-04-15 11:51 -------- d-----w- c:\programdata\Yahoo! Companion
2010-03-31 06:06 . 2010-03-31 06:07 -------- d-----w- c:\users\Verdius\AppData\Roaming\Yahoo!
2010-03-31 06:05 . 2010-04-15 11:29 -------- d-----w- c:\programdata\Yahoo!
2010-03-31 06:05 . 2009-12-14 21:52 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2010-03-31 06:05 . 2010-04-15 11:52 -------- d-----w- c:\program files\Yahoo!
2010-03-31 02:36 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-31 02:36 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-28 19:12 . 2010-03-28 19:12 -------- d-----w- c:\users\Tim\AppData\Roaming\Autodesk
2010-03-28 07:17 . 2010-03-28 07:17 -------- d-----w- c:\users\Verdius\AppData\Local\Apps
2010-03-26 21:37 . 2010-03-26 21:37 -------- d-----w- c:\users\Verdius\AppData\Roaming\Autodesk
2010-03-26 21:37 . 2010-03-28 10:03 -------- d-----w- c:\programdata\Alias
2010-03-26 21:36 . 2010-03-26 21:36 -------- d-----w- c:\program files\Autodesk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 19:34 . 2009-01-22 13:48 2032 ----a-w- c:\users\Verdius\AppData\Local\d3d9caps.dat
2010-04-17 02:57 . 2008-08-18 00:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-16 03:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 03:08 . 2008-09-07 19:04 -------- d-----w- c:\programdata\Microsoft Help
2010-04-15 16:39 . 2008-06-23 20:58 34360 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-04-15 16:16 . 2010-04-15 16:16 34360 ------w- c:\windows\system32\drivers\mouclass.sys83BA0E68
2010-04-15 11:51 . 2010-03-20 02:54 -------- d-----w- c:\programdata\FLEXnet
2010-04-15 11:51 . 2008-09-30 15:16 -------- d-----w- c:\users\Verdius\AppData\Roaming\BitTorrent
2010-04-12 17:12 . 2009-01-15 22:01 -------- d-----w- c:\program files\Steam
2010-04-09 04:26 . 2010-03-07 19:26 439816 ----a-w- c:\users\Verdius\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-04-03 16:49 . 2008-06-25 07:39 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-03 16:48 . 2008-06-25 07:39 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-31 19:31 . 2009-11-02 22:33 375384 ----a-w- c:\users\tIM_2\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-26 21:35 . 2008-06-23 05:26 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-21 00:51 . 2008-07-12 19:19 375384 ----a-w- c:\users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-20 02:54 . 2008-06-23 04:22 375384 ----a-w- c:\users\Verdius\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-20 01:02 . 2010-03-20 01:02 -------- d-----w- c:\programdata\ALM
2010-03-20 00:50 . 2010-03-20 00:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-20 00:44 . 2010-03-20 00:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-15 18:08 . 2010-03-15 18:08 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-15 17:59 . 2008-06-23 04:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-08 22:26 . 2009-11-21 00:45 375384 ----a-w- c:\users\Che\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-08 03:26 . 2010-03-08 03:26 118784 ----a-w- c:\users\Verdius\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-06 21:58 . 2009-01-15 22:01 -------- d-----w- c:\program files\Common Files\Steam
2010-02-24 14:16 . 2010-01-29 22:26 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:06 . 2010-03-11 06:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 06:07 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 06:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 22:24 . 2010-02-19 22:24 1105920 ----a-w- c:\users\Verdius\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2010-01-25 12:00 . 2010-02-24 03:38 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 03:38 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 03:38 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 03:38 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 03:38 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 03:38 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 03:38 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 03:38 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 03:38 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 03:38 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-26 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-21 13576736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-21 92704]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-2-23 708608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-06 21:13 323392 ----a-w- c:\users\Verdius\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-26 16:52 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e0,35,1c,30,bc,3c,ca,01

R1 dqmqshem;dqmqshem;c:\windows\system32\drivers\dqmqshem.sys [x]
R1 ereuaokm;ereuaokm;c:\windows\system32\drivers\ereuaokm.sys [x]
R1 ghuerudh;ghuerudh;c:\windows\system32\drivers\ghuerudh.sys [x]
R1 hgrcnoaj;hgrcnoaj;c:\windows\system32\drivers\hgrcnoaj.sys [x]
R1 hufuwvhk;hufuwvhk;c:\windows\system32\drivers\hufuwvhk.sys [x]
R1 jjcljqim;jjcljqim;c:\windows\system32\drivers\jjcljqim.sys [x]
R1 MpKslafef8144;MpKslafef8144;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DD7F9161-8B74-463A-AD82-0F9D53061F2A}\MpKslafef8144.sys [x]
R1 ubkwsltt;ubkwsltt;c:\windows\system32\drivers\ubkwsltt.sys [x]
R1 xmzmpyae;xmzmpyae;c:\windows\system32\drivers\xmzmpyae.sys [x]
R1 ynezzbhl;ynezzbhl;c:\windows\system32\drivers\ynezzbhl.sys [x]
R1 ywfrwohr;ywfrwohr;c:\windows\system32\drivers\ywfrwohr.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S1 MpKslf493949b;MpKslf493949b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53F456AA-660D-4B28-BB28-054B6D3D8D4C}\MpKslf493949b.sys [2010-04-19 28880]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-11-24 4463400]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - FWLYAPOW
*NewlyCreated* - MPKSLF493949B
*Deregistered* - fwlyapow

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Verdius\AppData\Roaming\Mozilla\Firefox\Profiles\oa0ysrq3.default\
FF - prefs.js: browser.startup.homepage - hxxp://community.dawnofwar2.com/main.php
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Verdius\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 02:47
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0xC500BAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xc8d9dd24
\Driver\ACPI -> acpi.sys @ 0xc860ad68
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n*e*t*@*ãV0W»Y2*¯rU0Œ0_0JŒ€nŸqsY_0a0\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0C87770-EEF6-772A-CCF4-3F5237EEC976}*]
"hahljmcbalfgphip"=hex:6a,61,6f,69,69,6b,6b,66,66,67,61,62,69,6e,6a,62,69,68,
66,64,00,00
"ianlhljdeccmgfgglk"=hex:6a,61,6f,69,69,6b,6b,66,63,67,66,61,62,66,61,6e,69,64,
6a,68,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-19 02:51:59
ComboFix-quarantined-files.txt 2010-04-19 06:51

Pre-Run: 149,741,686,784 bytes free
Post-Run: 149,743,886,336 bytes free

- - End Of File - - A63D32DBEB9EBDEF9A326680C1EBF6E0
  • 0

#6
RKinner
Posted 19 April 2010 - 01:15 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
C:\Program Files\Common

File::
c:\windows\system32\drivers\dqmqshem.sys
c:\windows\system32\drivers\ereuaokm.sys
c:\windows\system32\drivers\ghuerudh.sys
c:\windows\system32\drivers\hgrcnoaj.sys
c:\windows\system32\drivers\hufuwvhk.sys
c:\windows\system32\drivers\jjcljqim.sys
c:\windows\system32\drivers\ubkwsltt.sys
c:\windows\system32\drivers\xmzmpyae.sys
c:\windows\system32\drivers\ynezzbhl.sys
c:\windows\system32\drivers\ywfrwohr.sys
c:\windows\system32\drivers\fwlyapow.sys


Driver::
dqmqshem
ereuaokm
ghuerudh
hgrcnoaj
hufuwvhk
jjcljqim
ubkwsltt
xmzmpyae
ynezzbhl
ywfrwohr
fwlyapow

RegNull::
[HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n*e*t*@*ãV0W»Y2*¯rU0Œ0_0JŒ€nŸqsY_0a0\OpenWithList]
[HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0C87770-EEF6-772A-CCF4-3F5237EEC976}*]


RegLock::
[HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.net@ãV0W»Y2¯rU0Œ0_0JŒ€nŸqsY_0a0\OpenWithList]
[HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0C87770-EEF6-772A-CCF4-3F5237EEC976}]

Registry::
[-HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.net@ãV0W»Y2¯rU0Œ0_0JŒ€nŸqsY_0a0\OpenWithList]
[-HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E0C87770-EEF6-772A-CCF4-3F5237EEC976}]


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.
Pause your anti-virus!
Drag it over to george and let it start as before.
After it finishes reenable your anti-virus.

Post the new log.

Ron
  • 0

#7
Verdius
Posted 19 April 2010 - 03:55 PM

Verdius

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ComboFix 10-04-18.04 - Verdius 04/19/2010 14:15:06.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2289 [GMT -4:00]
Running from: c:\users\Verdius\Desktop\Geroge.exe
Command switches used :: c:\users\Verdius\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\dqmqshem.sys"
"c:\windows\system32\drivers\ereuaokm.sys"
"c:\windows\system32\drivers\fwlyapow.sys"
"c:\windows\system32\drivers\ghuerudh.sys"
"c:\windows\system32\drivers\hgrcnoaj.sys"
"c:\windows\system32\drivers\hufuwvhk.sys"
"c:\windows\system32\drivers\jjcljqim.sys"
"c:\windows\system32\drivers\ubkwsltt.sys"
"c:\windows\system32\drivers\xmzmpyae.sys"
"c:\windows\system32\drivers\ynezzbhl.sys"
"c:\windows\system32\drivers\ywfrwohr.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FWLYAPOW
-------\Service_dqmqshem
-------\Service_ereuaokm
-------\Service_ghuerudh
-------\Service_hgrcnoaj
-------\Service_hufuwvhk
-------\Service_jjcljqim
-------\Service_ubkwsltt
-------\Service_xmzmpyae
-------\Service_ynezzbhl
-------\Service_ywfrwohr


((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-19 18:22 . 2010-04-19 18:22 -------- d-----w- c:\users\tIM_2\AppData\Local\temp
2010-04-19 18:22 . 2010-04-19 18:22 -------- d-----w- c:\users\Tim\AppData\Local\temp
2010-04-19 18:22 . 2010-04-19 18:22 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-04-19 18:22 . 2010-04-19 18:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-19 18:22 . 2010-04-19 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-19 18:22 . 2010-04-19 18:22 -------- d-----w- c:\users\Che\AppData\Local\temp
2010-04-18 21:40 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 21:40 . 2010-04-18 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 21:40 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 06:06 . 2010-04-17 06:06 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-17 02:04 . 2010-04-17 02:04 318976 ----a-w- c:\windows\system32\CF13612.exe
2010-04-17 01:24 . 2010-04-17 01:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-17 01:24 . 2010-04-17 01:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-16 22:51 . 2010-04-16 22:51 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-16 21:40 . 2010-04-18 21:02 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-16 21:21 . 2010-04-16 22:51 -------- d-----w- c:\programdata\Hitman Pro
2010-04-16 21:21 . 2010-04-16 21:21 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-15 21:35 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-15 21:33 . 2010-04-17 06:06 -------- d-----w- c:\programdata\Lavasoft
2010-04-15 21:23 . 2010-04-15 21:23 -------- d-----w- c:\users\Verdius\AppData\Roaming\Malwarebytes
2010-04-15 21:23 . 2010-04-15 21:23 -------- d-----w- c:\programdata\Malwarebytes
2010-04-15 21:19 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-15 21:19 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-15 21:18 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 21:18 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 21:18 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 21:18 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 21:18 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 21:18 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 21:18 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 21:18 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 21:18 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 11:43 . 2010-04-14 11:43 -------- d-----w- c:\windows\Sun
2010-04-13 22:53 . 2010-04-13 22:53 -------- d-----w- c:\program files\Adobe Media Player
2010-04-07 21:18 . 2010-04-07 21:18 -------- d-----w- c:\users\tIM_2\AppData\Roaming\WTablet
2010-04-05 20:40 . 2010-04-19 18:23 -------- d-----w- c:\users\Verdius\AppData\Roaming\WTablet
2010-04-05 20:40 . 2010-04-05 20:40 -------- d-----w- c:\program files\TabletPlugins
2010-04-05 20:39 . 2007-02-16 18:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-04-05 20:38 . 2009-05-20 18:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-04-05 20:38 . 2009-08-27 22:06 16168 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2010-04-05 20:38 . 2010-04-05 20:38 -------- d-----w- c:\windows\system32\WTablet
2010-04-05 20:38 . 2009-11-24 19:20 285184 ------w- c:\windows\system32\Wintab32.dll
2010-04-05 20:38 . 2009-11-24 19:25 4463400 ------w- c:\windows\system32\Wacom_Tablet.exe
2010-04-05 20:38 . 2009-11-24 19:25 412456 ------w- c:\windows\system32\Wacom_Tablet.dll
2010-04-05 20:38 . 2010-04-05 20:39 -------- d-----w- c:\program files\Tablet
2010-03-31 19:31 . 2010-03-31 19:31 -------- d-----w- c:\users\tIM_2\AppData\Roaming\Autodesk
2010-03-31 06:06 . 2010-04-15 11:51 -------- d-----w- c:\programdata\Yahoo! Companion
2010-03-31 06:06 . 2010-03-31 06:07 -------- d-----w- c:\users\Verdius\AppData\Roaming\Yahoo!
2010-03-31 06:05 . 2010-04-15 11:29 -------- d-----w- c:\programdata\Yahoo!
2010-03-31 06:05 . 2010-04-15 11:52 -------- d-----w- c:\program files\Yahoo!
2010-03-31 02:36 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-31 02:36 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-28 19:12 . 2010-03-28 19:12 -------- d-----w- c:\users\Tim\AppData\Roaming\Autodesk
2010-03-28 07:17 . 2010-03-28 07:17 -------- d-----w- c:\users\Verdius\AppData\Local\Apps
2010-03-26 21:37 . 2010-03-26 21:37 -------- d-----w- c:\users\Verdius\AppData\Roaming\Autodesk
2010-03-26 21:37 . 2010-03-28 10:03 -------- d-----w- c:\programdata\Alias
2010-03-26 21:36 . 2010-03-26 21:36 -------- d-----w- c:\program files\Autodesk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 21:40 . 2010-04-18 21:40 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-18 19:34 . 2009-01-22 13:48 2032 ----a-w- c:\users\Verdius\AppData\Local\d3d9caps.dat
2010-04-17 02:57 . 2008-08-18 00:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-16 03:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 03:08 . 2008-09-07 19:04 -------- d-----w- c:\programdata\Microsoft Help
2010-04-15 16:39 . 2008-06-23 20:58 34360 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-04-15 16:16 . 2010-04-15 16:16 34360 ------w- c:\windows\system32\drivers\mouclass.sys83BA0E68
2010-04-15 11:51 . 2010-03-20 02:54 -------- d-----w- c:\programdata\FLEXnet
2010-04-15 11:51 . 2008-09-30 15:16 -------- d-----w- c:\users\Verdius\AppData\Roaming\BitTorrent
2010-04-12 17:12 . 2009-01-15 22:01 -------- d-----w- c:\program files\Steam
2010-04-09 04:26 . 2010-03-07 19:26 439816 ----a-w- c:\users\Verdius\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-04-03 16:49 . 2008-06-25 07:39 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-03 16:48 . 2008-06-25 07:39 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-31 19:31 . 2009-11-02 22:33 375384 ----a-w- c:\users\tIM_2\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-26 21:35 . 2008-06-23 05:26 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-21 00:51 . 2008-07-12 19:19 375384 ----a-w- c:\users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-20 02:54 . 2008-06-23 04:22 375384 ----a-w- c:\users\Verdius\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-20 01:02 . 2010-03-20 01:02 -------- d-----w- c:\programdata\ALM
2010-03-20 00:50 . 2010-03-20 00:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-20 00:44 . 2010-03-20 00:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-15 18:08 . 2010-03-15 18:08 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-15 17:59 . 2008-06-23 04:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-08 22:26 . 2009-11-21 00:45 375384 ----a-w- c:\users\Che\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-08 03:26 . 2010-03-08 03:26 118784 ----a-w- c:\users\Verdius\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-06 21:58 . 2009-01-15 22:01 -------- d-----w- c:\program files\Common Files\Steam
2010-02-24 14:16 . 2010-01-29 22:26 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:06 . 2010-03-11 06:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 06:07 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 06:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 22:24 . 2010-02-19 22:24 1105920 ----a-w- c:\users\Verdius\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2010-01-25 12:00 . 2010-02-24 03:38 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 03:38 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 03:38 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 03:38 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 03:38 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 03:38 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 03:38 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 03:38 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 03:38 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 03:38 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Common ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-26 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-21 13576736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-21 92704]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-2-23 708608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-06 21:13 323392 ----a-w- c:\users\Verdius\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-26 16:52 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e0,35,1c,30,bc,3c,ca,01

R1 MpKslafef8144;MpKslafef8144;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DD7F9161-8B74-463A-AD82-0F9D53061F2A}\MpKslafef8144.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-11-24 4463400]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Verdius\AppData\Roaming\Mozilla\Firefox\Profiles\oa0ysrq3.default\
FF - prefs.js: browser.startup.homepage - hxxp://community.dawnofwar2.com/main.php
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Verdius\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 14:23
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Verdius\AppData\Local\Temp\CabA775.tmp 30313 bytes
c:\users\Verdius\AppData\Local\Temp\TarA776.tmp 78165 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n*e*t*@*ãV0W»Y2*¯rU0Œ0_0JŒ€nŸqsY_0a0\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-04-19 14:30:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-19 18:30
ComboFix2.txt 2010-04-19 06:52

Pre-Run: 150,062,518,272 bytes free
Post-Run: 149,893,152,768 bytes free

- - End Of File - - 8F4627063210F1088E2387D37DA4BC70
  • 0

#8
RKinner
Posted 19 April 2010 - 04:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Looking a lot better now. Are you still getting redirected?

This last combofix run left three items.

Two hidden files

c:\users\Verdius\AppData\Local\Temp\CabA775.tmp 30313 bytes
c:\users\Verdius\AppData\Local\Temp\TarA776.tmp 78165 bytes

and a LOCKED REGISTRY KEY

[HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n*e*t*@*ãV0W»Y2*¯rU0Œ0_0JŒ€nŸqsY_0a0\OpenWithList]
@Class="Shell"

You can try and delete them manually or we can try another CFScript with combofix.

*******************************************************

Killall:

File::
c:\users\Verdius\AppData\Local\Temp\CabA775.tmp
c:\users\Verdius\AppData\Local\Temp\TarA776.tmp

RegNull::
[HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n*e*t*@*ãV0W»Y2*¯rU0Œ0_0JŒ€nŸqsY_0a0

RegLock::
[HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.net@ãV0W»Y2¯rU0Œ0_0JŒ€nŸqsY_0a0

Registry::
[-HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.net@ãV0W»Y2¯rU0Œ0_0JŒ€nŸqsY_0a0

*************************************************************************************

Not really sure what the line does. I think it's only for one user and only if he right clicks on a .net file. May not hurt anything to leave it.

Ron
  • 0

#9
Verdius
Posted 19 April 2010 - 05:12 PM

Verdius

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
It's working perfectly fine now. Fantastic! Thank you so much for your help this far.

Would you recommended continuing with trying to remove those other items however?
  • 0

#10
RKinner
Posted 19 April 2010 - 06:40 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Please create the cfscript and drag it onto combofix(george). It's not a good idea to leave hidden files and this should remove them. If it doesn't get the registry entry this time we can let that stay.

Ron
  • 0

Advertisements

#11
Verdius
Posted 20 April 2010 - 05:52 AM

Verdius

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ComboFix 10-04-18.04 - Verdius 04/19/2010 14:15:06.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2289 [GMT -4:00]
Running from: c:\users\Verdius\Desktop\Geroge.exe
Command switches used :: c:\users\Verdius\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\dqmqshem.sys"
"c:\windows\system32\drivers\ereuaokm.sys"
"c:\windows\system32\drivers\fwlyapow.sys"
"c:\windows\system32\drivers\ghuerudh.sys"
"c:\windows\system32\drivers\hgrcnoaj.sys"
"c:\windows\system32\drivers\hufuwvhk.sys"
"c:\windows\system32\drivers\jjcljqim.sys"
"c:\windows\system32\drivers\ubkwsltt.sys"
"c:\windows\system32\drivers\xmzmpyae.sys"
"c:\windows\system32\drivers\ynezzbhl.sys"
"c:\windows\system32\drivers\ywfrwohr.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\drivers\mouclass.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FWLYAPOW
-------\Service_dqmqshem
-------\Service_ereuaokm
-------\Service_ghuerudh
-------\Service_hgrcnoaj
-------\Service_hufuwvhk
-------\Service_jjcljqim
-------\Service_ubkwsltt
-------\Service_xmzmpyae
-------\Service_ynezzbhl
-------\Service_ywfrwohr


((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-19 18:22 . 2010-04-19 18:22 -------- d-----w- c:\users\tIM_2\AppData\Local\temp
2010-04-19 18:22 . 2010-04-19 18:22 -------- d-----w- c:\users\Tim\AppData\Local\temp
2010-04-19 18:22 . 2010-04-19 18:22 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-04-19 18:22 . 2010-04-19 18:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-19 18:22 . 2010-04-19 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-19 18:22 . 2010-04-19 18:22 -------- d-----w- c:\users\Che\AppData\Local\temp
2010-04-18 21:40 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 21:40 . 2010-04-18 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 21:40 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 06:06 . 2010-04-17 06:06 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-17 02:04 . 2010-04-17 02:04 318976 ----a-w- c:\windows\system32\CF13612.exe
2010-04-17 01:24 . 2010-04-17 01:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-17 01:24 . 2010-04-17 01:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-16 22:51 . 2010-04-16 22:51 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-16 21:40 . 2010-04-18 21:02 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-16 21:21 . 2010-04-16 22:51 -------- d-----w- c:\programdata\Hitman Pro
2010-04-16 21:21 . 2010-04-16 21:21 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-15 21:35 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-15 21:33 . 2010-04-17 06:06 -------- d-----w- c:\programdata\Lavasoft
2010-04-15 21:23 . 2010-04-15 21:23 -------- d-----w- c:\users\Verdius\AppData\Roaming\Malwarebytes
2010-04-15 21:23 . 2010-04-15 21:23 -------- d-----w- c:\programdata\Malwarebytes
2010-04-15 21:19 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-15 21:19 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-15 21:18 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 21:18 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 21:18 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 21:18 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 21:18 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 21:18 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 21:18 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 21:18 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 21:18 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 11:43 . 2010-04-14 11:43 -------- d-----w- c:\windows\Sun
2010-04-13 22:53 . 2010-04-13 22:53 -------- d-----w- c:\program files\Adobe Media Player
2010-04-07 21:18 . 2010-04-07 21:18 -------- d-----w- c:\users\tIM_2\AppData\Roaming\WTablet
2010-04-05 20:40 . 2010-04-19 18:23 -------- d-----w- c:\users\Verdius\AppData\Roaming\WTablet
2010-04-05 20:40 . 2010-04-05 20:40 -------- d-----w- c:\program files\TabletPlugins
2010-04-05 20:39 . 2007-02-16 18:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-04-05 20:38 . 2009-05-20 18:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-04-05 20:38 . 2009-08-27 22:06 16168 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2010-04-05 20:38 . 2010-04-05 20:38 -------- d-----w- c:\windows\system32\WTablet
2010-04-05 20:38 . 2009-11-24 19:20 285184 ------w- c:\windows\system32\Wintab32.dll
2010-04-05 20:38 . 2009-11-24 19:25 4463400 ------w- c:\windows\system32\Wacom_Tablet.exe
2010-04-05 20:38 . 2009-11-24 19:25 412456 ------w- c:\windows\system32\Wacom_Tablet.dll
2010-04-05 20:38 . 2010-04-05 20:39 -------- d-----w- c:\program files\Tablet
2010-03-31 19:31 . 2010-03-31 19:31 -------- d-----w- c:\users\tIM_2\AppData\Roaming\Autodesk
2010-03-31 06:06 . 2010-04-15 11:51 -------- d-----w- c:\programdata\Yahoo! Companion
2010-03-31 06:06 . 2010-03-31 06:07 -------- d-----w- c:\users\Verdius\AppData\Roaming\Yahoo!
2010-03-31 06:05 . 2010-04-15 11:29 -------- d-----w- c:\programdata\Yahoo!
2010-03-31 06:05 . 2010-04-15 11:52 -------- d-----w- c:\program files\Yahoo!
2010-03-31 02:36 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-31 02:36 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-28 19:12 . 2010-03-28 19:12 -------- d-----w- c:\users\Tim\AppData\Roaming\Autodesk
2010-03-28 07:17 . 2010-03-28 07:17 -------- d-----w- c:\users\Verdius\AppData\Local\Apps
2010-03-26 21:37 . 2010-03-26 21:37 -------- d-----w- c:\users\Verdius\AppData\Roaming\Autodesk
2010-03-26 21:37 . 2010-03-28 10:03 -------- d-----w- c:\programdata\Alias
2010-03-26 21:36 . 2010-03-26 21:36 -------- d-----w- c:\program files\Autodesk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-18 21:40 . 2010-04-18 21:40 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-18 19:34 . 2009-01-22 13:48 2032 ----a-w- c:\users\Verdius\AppData\Local\d3d9caps.dat
2010-04-17 02:57 . 2008-08-18 00:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-16 03:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 03:08 . 2008-09-07 19:04 -------- d-----w- c:\programdata\Microsoft Help
2010-04-15 16:39 . 2008-06-23 20:58 34360 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-04-15 16:16 . 2010-04-15 16:16 34360 ------w- c:\windows\system32\drivers\mouclass.sys83BA0E68
2010-04-15 11:51 . 2010-03-20 02:54 -------- d-----w- c:\programdata\FLEXnet
2010-04-15 11:51 . 2008-09-30 15:16 -------- d-----w- c:\users\Verdius\AppData\Roaming\BitTorrent
2010-04-12 17:12 . 2009-01-15 22:01 -------- d-----w- c:\program files\Steam
2010-04-09 04:26 . 2010-03-07 19:26 439816 ----a-w- c:\users\Verdius\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-04-03 16:49 . 2008-06-25 07:39 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-03 16:48 . 2008-06-25 07:39 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-31 19:31 . 2009-11-02 22:33 375384 ----a-w- c:\users\tIM_2\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-26 21:35 . 2008-06-23 05:26 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-21 00:51 . 2008-07-12 19:19 375384 ----a-w- c:\users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-20 02:54 . 2008-06-23 04:22 375384 ----a-w- c:\users\Verdius\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-20 01:02 . 2010-03-20 01:02 -------- d-----w- c:\programdata\ALM
2010-03-20 00:50 . 2010-03-20 00:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-20 00:44 . 2010-03-20 00:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-15 18:08 . 2010-03-15 18:08 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-15 17:59 . 2008-06-23 04:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-08 22:26 . 2009-11-21 00:45 375384 ----a-w- c:\users\Che\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-08 03:26 . 2010-03-08 03:26 118784 ----a-w- c:\users\Verdius\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-06 21:58 . 2009-01-15 22:01 -------- d-----w- c:\program files\Common Files\Steam
2010-02-24 14:16 . 2010-01-29 22:26 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:06 . 2010-03-11 06:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 06:07 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 06:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 22:24 . 2010-02-19 22:24 1105920 ----a-w- c:\users\Verdius\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2010-01-25 12:00 . 2010-02-24 03:38 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 03:38 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 03:38 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 03:38 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 03:38 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 03:38 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 03:38 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 03:38 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 03:38 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 03:38 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Common ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-26 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-21 13576736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-21 92704]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-2-23 708608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-06 21:13 323392 ----a-w- c:\users\Verdius\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-26 16:52 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e0,35,1c,30,bc,3c,ca,01

R1 MpKslafef8144;MpKslafef8144;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DD7F9161-8B74-463A-AD82-0F9D53061F2A}\MpKslafef8144.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-11-24 4463400]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Verdius\AppData\Roaming\Mozilla\Firefox\Profiles\oa0ysrq3.default\
FF - prefs.js: browser.startup.homepage - hxxp://community.dawnofwar2.com/main.php
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Verdius\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 14:23
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Verdius\AppData\Local\Temp\CabA775.tmp 30313 bytes
c:\users\Verdius\AppData\Local\Temp\TarA776.tmp 78165 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n*e*t*@*ãV0W»Y2*¯rU0Œ0_0JŒ€nŸqsY_0a0\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-04-19 14:30:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-19 18:30
ComboFix2.txt 2010-04-19 06:52

Pre-Run: 150,062,518,272 bytes free
Post-Run: 149,893,152,768 bytes free

- - End Of File - - 8F4627063210F1088E2387D37DA4BC70
  • 0

#12
RKinner
Posted 20 April 2010 - 07:49 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
That was the old log. You should have gotten a new one.

Ron
  • 0

#13
Verdius
Posted 20 April 2010 - 06:59 PM

Verdius

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I was positive I had saved it, but now all I can find is that same one from on my desktop.
  • 0

#14
RKinner
Posted 20 April 2010 - 07:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Just run combofix again and post the new log.

Ron
  • 0

#15
Verdius
Posted 20 April 2010 - 07:44 PM

Verdius

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Also, I can no longer start up Windows Defender went to disable some start up programs) and I got this 0x800705b4 error. Not sure if it was worth mentioning or not.




ComboFix 10-04-19.08 - Verdius 04/20/2010 21:28:48.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2208 [GMT -4:00]
Running from: c:\users\Verdius\Desktop\Geroge.exe
Command switches used :: c:\users\Verdius\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Verdius\AppData\Local\Temp\CabA775.tmp"
"c:\users\Verdius\AppData\Local\Temp\TarA776.tmp"
.

((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-21 01:34 . 2010-04-21 01:35 -------- d-----w- c:\users\Verdius\AppData\Local\temp
2010-04-21 01:34 . 2010-04-21 01:34 -------- d-----w- c:\users\tIM_2\AppData\Local\temp
2010-04-21 01:34 . 2010-04-21 01:34 -------- d-----w- c:\users\Tim\AppData\Local\temp
2010-04-21 01:34 . 2010-04-21 01:34 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-04-21 01:34 . 2010-04-21 01:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-21 01:34 . 2010-04-21 01:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-21 01:34 . 2010-04-21 01:34 -------- d-----w- c:\users\Che\AppData\Local\temp
2010-04-21 01:09 . 2010-04-21 01:09 -------- d-----w- c:\program files\Ask.com
2010-04-18 21:40 . 2010-03-30 04:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-18 21:40 . 2010-04-18 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-18 21:40 . 2010-03-30 04:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 06:06 . 2010-04-17 06:06 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-17 02:04 . 2010-04-17 02:04 318976 ----a-w- c:\windows\system32\CF13612.exe
2010-04-17 01:24 . 2010-04-17 01:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-17 01:24 . 2010-04-17 01:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-16 22:51 . 2010-04-16 22:51 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-04-16 21:40 . 2010-04-18 21:02 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-16 21:21 . 2010-04-16 22:51 -------- d-----w- c:\programdata\Hitman Pro
2010-04-16 21:21 . 2010-04-16 21:21 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-15 21:35 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-15 21:33 . 2010-04-17 06:06 -------- d-----w- c:\programdata\Lavasoft
2010-04-15 21:23 . 2010-04-15 21:23 -------- d-----w- c:\users\Verdius\AppData\Roaming\Malwarebytes
2010-04-15 21:23 . 2010-04-15 21:23 -------- d-----w- c:\programdata\Malwarebytes
2010-04-15 21:19 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-15 21:19 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-15 21:18 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 21:18 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 21:18 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 21:18 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 21:18 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 21:18 . 2010-03-04 17:33 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 21:18 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 21:18 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-15 21:18 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 11:43 . 2010-04-14 11:43 -------- d-----w- c:\windows\Sun
2010-04-13 22:53 . 2010-04-13 22:53 -------- d-----w- c:\program files\Adobe Media Player
2010-04-07 21:18 . 2010-04-07 21:18 -------- d-----w- c:\users\tIM_2\AppData\Roaming\WTablet
2010-04-05 20:40 . 2010-04-21 01:35 -------- d-----w- c:\users\Verdius\AppData\Roaming\WTablet
2010-04-05 20:40 . 2010-04-05 20:40 -------- d-----w- c:\program files\TabletPlugins
2010-04-05 20:39 . 2007-02-16 18:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-04-05 20:38 . 2009-05-20 18:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-04-05 20:38 . 2009-08-27 22:06 16168 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2010-04-05 20:38 . 2010-04-05 20:38 -------- d-----w- c:\windows\system32\WTablet
2010-04-05 20:38 . 2009-11-24 19:20 285184 ------w- c:\windows\system32\Wintab32.dll
2010-04-05 20:38 . 2009-11-24 19:25 4463400 ------w- c:\windows\system32\Wacom_Tablet.exe
2010-04-05 20:38 . 2009-11-24 19:25 412456 ------w- c:\windows\system32\Wacom_Tablet.dll
2010-04-05 20:38 . 2010-04-05 20:39 -------- d-----w- c:\program files\Tablet
2010-03-31 19:31 . 2010-03-31 19:31 -------- d-----w- c:\users\tIM_2\AppData\Roaming\Autodesk
2010-03-31 06:06 . 2010-04-15 11:51 -------- d-----w- c:\programdata\Yahoo! Companion
2010-03-31 06:06 . 2010-03-31 06:07 -------- d-----w- c:\users\Verdius\AppData\Roaming\Yahoo!
2010-03-31 06:05 . 2010-04-15 11:29 -------- d-----w- c:\programdata\Yahoo!
2010-03-31 06:05 . 2010-04-15 11:52 -------- d-----w- c:\program files\Yahoo!
2010-03-31 02:36 . 2010-03-09 15:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-03-31 02:36 . 2010-03-09 16:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-28 19:12 . 2010-03-28 19:12 -------- d-----w- c:\users\Tim\AppData\Roaming\Autodesk
2010-03-28 07:17 . 2010-03-28 07:17 -------- d-----w- c:\users\Verdius\AppData\Local\Apps
2010-03-26 21:37 . 2010-03-26 21:37 -------- d-----w- c:\users\Verdius\AppData\Roaming\Autodesk
2010-03-26 21:37 . 2010-03-28 10:03 -------- d-----w- c:\programdata\Alias
2010-03-26 21:36 . 2010-03-26 21:36 -------- d-----w- c:\program files\Autodesk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-20 11:34 . 2008-09-30 15:16 -------- d-----w- c:\users\Verdius\AppData\Roaming\BitTorrent
2010-04-18 21:40 . 2010-04-18 21:40 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-18 19:34 . 2009-01-22 13:48 2032 ----a-w- c:\users\Verdius\AppData\Local\d3d9caps.dat
2010-04-17 02:57 . 2008-08-18 00:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-16 03:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-16 03:08 . 2008-09-07 19:04 -------- d-----w- c:\programdata\Microsoft Help
2010-04-15 16:39 . 2008-06-23 20:58 34360 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-04-15 16:16 . 2010-04-15 16:16 34360 ------w- c:\windows\system32\drivers\mouclass.sys83BA0E68
2010-04-15 11:51 . 2010-03-20 02:54 -------- d-----w- c:\programdata\FLEXnet
2010-04-12 17:12 . 2009-01-15 22:01 -------- d-----w- c:\program files\Steam
2010-04-09 04:26 . 2010-03-07 19:26 439816 ----a-w- c:\users\Verdius\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-04-03 16:49 . 2008-06-25 07:39 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-03 16:48 . 2008-06-25 07:39 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-31 19:31 . 2009-11-02 22:33 375384 ----a-w- c:\users\tIM_2\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-26 21:35 . 2008-06-23 05:26 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-21 00:51 . 2008-07-12 19:19 375384 ----a-w- c:\users\Tim\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-20 02:54 . 2008-06-23 04:22 375384 ----a-w- c:\users\Verdius\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-20 01:02 . 2010-03-20 01:02 -------- d-----w- c:\programdata\ALM
2010-03-20 00:50 . 2010-03-20 00:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-20 00:44 . 2010-03-20 00:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-15 18:08 . 2010-03-15 18:08 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-15 17:59 . 2008-06-23 04:29 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-03-08 22:26 . 2009-11-21 00:45 375384 ----a-w- c:\users\Che\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-08 03:26 . 2010-03-08 03:26 118784 ----a-w- c:\users\Verdius\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-06 21:58 . 2009-01-15 22:01 -------- d-----w- c:\program files\Common Files\Steam
2010-02-24 14:16 . 2010-01-29 22:26 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:06 . 2010-03-11 06:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 06:07 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 06:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 22:24 . 2010-02-19 22:24 1105920 ----a-w- c:\users\Verdius\AppData\Roaming\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2010-01-25 12:00 . 2010-02-24 03:38 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 03:38 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 03:38 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 03:38 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 03:38 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 03:38 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 03:38 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 03:38 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 03:38 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 03:38 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 18:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-26 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-21 13576736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-21 92704]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SketchBook Snapshot.lnk - c:\program files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe [2009-2-23 708608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-10-06 21:13 323392 ----a-w- c:\users\Verdius\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-26 16:52 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):e0,35,1c,30,bc,3c,ca,01

R1 MpKslafef8144;MpKslafef8144;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DD7F9161-8B74-463A-AD82-0F9D53061F2A}\MpKslafef8144.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-11-24 4463400]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-08-27 16168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Verdius\AppData\Roaming\Mozilla\Firefox\Profiles\oa0ysrq3.default\
FF - prefs.js: browser.startup.homepage - hxxp://community.dawnofwar2.com/main.php
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\TabletPlugins\npwacom.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Verdius\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 21:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4271249646-3045745120-1414561885-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n*e*t*@*ãV0W»Y2*¯rU0Œ0_0JŒ€nŸqsY_0a0\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2010-04-20 21:42:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-21 01:42
ComboFix2.txt 2010-04-20 11:51
ComboFix3.txt 2010-04-19 18:30
ComboFix4.txt 2010-04-19 06:52

Pre-Run: 117,118,664,704 bytes free
Post-Run: 117,096,329,216 bytes free

- - End Of File - - FB9F49348E176A6D65DCFC54503B7303
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP